Risk Management I
2011-2012 - IMT4762 - 5 ECTS

Expected learning outcomes

When the course is completed, the student will be able to:

  • Give a detailed description of the process of risk assessment
  • Explain how to plan and organize a risk assessment project in general
  • Analyse details in one method/ framework in risk assessment
  • Practice and use one method/ framework for Risk Assessment in a practical case working in a team
  • Discuss the challenges facing the IS Risk Analyst through teamwork in a practical case


Risk Assessment in the context of an Information Security Management system
Study of a method/framework for risk assessment

Teaching Methods

Group works
Net Support Learning
Project work

Teaching Methods (additional text)

The course will include an introductory lecture providing an overview of the course content. The primary teaching method for the course is project work. The students are required to carry out and document a risk assessment activity by means of a case study.

Students are expected to present their work-in-progress at the seminars for discussions. Guidance, supervision and feedback will be provided during seminars only and given on material presented at the seminars only.

Students that cannot be present during the seminars are expected to be present by means of the Fronter Teleconference tool.

Form(s) of Assessment

Oral exam, individually
Evaluation of Project(s)

Form(s) of Assessment (additional text)

The project counts 49% and oral exam counts 51% towards the final grade.
Students are recommended to work in groups with the project. Every group must have no more than 3 members. It is also possible to complete the project individually. To ensure fairness, course deliverable grading will depend on deliverable quantity, quality and the number of contributing students.

Grading Scale

Alphabetical Scale, A(best) – F (fail)

External/internal examiner

Evaluated by external and internal examiner.

Re-sit examination

Not allowed.

Teaching Materials

The course litterature will be the documents listed below or similar.

All litterature listed below are available from ISACA (www.isaca.org).

ISACA. The Risk IT Framework. 2009. ISBN 978-1-60420-111-6


Additional recommended reading

IT Governance Institute. COBIT 4.1. 2007.. ISBN 1-933284-72-2