Security Planning and Incident Management
- 10 ECTS
Expected learning outcomes
The student has general knowledge of security planning, contingency planning and incident management. Furthermore, the student has in-depth knowledge of one of the subject's topics after the individual project.
The general knowledge encompasses contingency planning for handling of business critical incidents. The course covers smaller and larger incidents, as well as disasters where business continuity measures is necessary is.
The student is able to create contingency plans for large and small information security incidents and disasters.
The student is able to independently lead the contingency planning process.
The student is able to independently acquire information/literature about security planning and incident management. The student is able to critically evaluate this information and use it actively in the contingency planning process.
The student has good overview of security planning and incident management and is able to communicate this information to others.
1. Introduction and Overview of Contingency Planning
2. Planning for Organizational Readiness: Risk management, limits to risk management, incident reporting systems, business impact analysis
3. Incident Response: Preparation, organization, prevention, detection, notification, reaction, recovery, maintenance, operational problems for CSIRTS and organizational models for CSIRTs
4. Disaster Recovery: Preparation, implementation, operation and maintenance
5. Business Continuity: Preparation, implementation, operations and Maintenance
6. Crisis Management and Human Factors
Net Support Learning
Form(s) of Assessment
Written exam, 3 hours
Evaluation of Project(s)
Form(s) of Assessment (additional text)
Assessment: An overall evaluation based on a 100 point scale, where project work counts 50 points and final written exam counts 50 points. Conversion from 100 point scale to A-F scale according to recommended conversion table. In specific circumstances, emneansvarlig can slightly adjust the limits in the conversion table to enforce compatibility with the qualitative descriptions on the A-F scale. A passing grade must be achieved at both the final exam and the project work.
Alphabetical Scale, A(best) – F (fail)
For the final exam: Ordinary re-sit examination.
Dictionary: English-Norwegian, Norwegian-other language or English-other language
One independent project work must be completed (the exam project). The student will receive supervision and feedback during the course of the project work.
Michael Whitman og Herbert Mattord: Principles of Incident Response and Disaster Recovery. Thomson, 2007.
Additional litterature will be handed out or made available through Fronter.
This course has been adapted to fit off-campus students (those following flexible master tracks). All lectures is broadcast in real time over the Internet using video and sound. The lectures are stored and can be viewed later at the students conveniences in case he/she is unable to attend the lecture. Student coaching sessions can be performed online as long as the student has at the very least a microphone and preferably a webcam.