Security Planning and Incident Management
2011-2012 - IMT4841 - 10 ECTS

Expected learning outcomes


The student has general knowledge of security planning, contingency planning and incident management. Furthermore, the student has in-depth knowledge of one of the subject's topics after the individual project.

The general knowledge encompasses contingency planning for handling of business critical incidents. The course covers smaller and larger incidents, as well as disasters where business continuity measures is necessary is.


The student is able to create contingency plans for large and small information security incidents and disasters.

The student is able to independently lead the contingency planning process.

General Competence

The student is able to independently acquire information/literature about security planning and incident management. The student is able to critically evaluate this information and use it actively in the contingency planning process.

The student has good overview of security planning and incident management and is able to communicate this information to others.


1. Introduction and Overview of Contingency Planning
2. Planning for Organizational Readiness: Risk management, limits to risk management, incident reporting systems, business impact analysis
3. Incident Response: Preparation, organization, prevention, detection, notification, reaction, recovery, maintenance, operational problems for CSIRTS and organizational models for CSIRTs
4. Disaster Recovery: Preparation, implementation, operation and maintenance
5. Business Continuity: Preparation, implementation, operations and Maintenance
6. Crisis Management and Human Factors

Teaching Methods

Net Support Learning

Form(s) of Assessment

Written exam, 3 hours
Evaluation of Project(s)

Form(s) of Assessment (additional text)

Assessment: An overall evaluation based on a 100 point scale, where project work counts 50 points and final written exam counts 50 points. Conversion from 100 point scale to A-F scale according to recommended conversion table. In specific circumstances, emneansvarlig can slightly adjust the limits in the conversion table to enforce compatibility with the qualitative descriptions on the A-F scale. A passing grade must be achieved at both the final exam and the project work.

Grading Scale

Alphabetical Scale, A(best) – F (fail)

External/internal examiner

Internal examiner

Re-sit examination

For the final exam: Ordinary re-sit examination.

Examination support

Dictionary: English-Norwegian, Norwegian-other language or English-other language

Coursework Requirements

One independent project work must be completed (the exam project). The student will receive supervision and feedback during the course of the project work.

Teaching Materials

Michael Whitman og Herbert Mattord: Principles of Incident Response and Disaster Recovery. Thomson, 2007.

Additional litterature will be handed out or made available through Fronter.

Additional information

This course has been adapted to fit off-campus students (those following flexible master tracks). All lectures is broadcast in real time over the Internet using video and sound. The lectures are stored and can be viewed later at the students conveniences in case he/she is unable to attend the lecture. Student coaching sessions can be performed online as long as the student has at the very least a microphone and preferably a webcam.