Expected learning outcomes
- Possesses advanced knowledge within one specific framework /standard in Risk Management covered by the Master Program.
- Possesses insight and good understanding of the practical work of Risk Management in practical life
- Is able to practice existing frameworks, standards and methods and to challenge established knowledge and practice in the media technology area.
- Is able to use a given standard, framework or method in Risk Management and Risk Assessment in an organisation.
- Is able to understand the nature of IT Risk and how to apply this to an organisation
- Is able to understand the major principles of IT Risk Management
- Is able to understand how the Risk IT Process model can help to manage IT Risk
- Is able to understand which practical guidance and techniques are available in the Risk IT Practitioners Guide to assist with the implementation of IT Risk Management
- Is able to apply Risk IT to a practical case study
Having completed the course, the students should have:
- An advanced level of understanding of the structure and content of Risk Management and Risk Assessment.
- An understanding of the advantages, challenges and complexity of working with Information Security Management and IT related risks in organizations.
- An understanding of how to make well-informed decisions about and to respond to the extent of the IT risk
Risk Assessment in the context of an Information Security Management system
Study of a method/framework for risk assessment
Net Support Learning
Teaching Methods (additional text)
The course will include an introductory lecture providing an overview of the course content. The primary teaching method for the course is project work. The students are required to carry out and document a risk assessment activity by means of a case study.
Students are expected to present their work-in-progress at the seminars for discussions. Guidance, supervision and feedback will be provided during seminars only and given on material presented at the seminars only.
Students that cannot be present during the seminars are expected to be present by means of the Fronter Teleconference tool.
The course will be made accessible for both campus and remote students. Every student is free to choose the pedagogic arrangement form that is best fitted for her/his own requirement. The lectures in the course will be given on campus and are open for both categories of students. All the lectures will also be available on Internet through GUC’s learning management system (ClassFronter).
Form(s) of Assessment
Oral exam, individually
Evaluation of Project(s)
Form(s) of Assessment (additional text)
The project counts 49% and oral exam counts 51% towards the final grade.
Students are recommended to work in groups with the project. Every group must have no more than 3 members. It is also possible to complete the project individually. To ensure fairness, course deliverable grading will depend on deliverable quantity, quality and the number of contributing students.
Alphabetical Scale, A(best) – F (fail)
Evaluated by external and internal examiner.
The course litterature will be the documents listed below or similar.
All litterature listed below are available from ISACA (www.isaca.org).
ISACA. The Risk IT Framework. 2009. ISBN 978-1-60420-111-6
ISACA. THE RISK IT PRACTITIONER GUIDE. 2009. ISBN 978-1-60420-116-1
Additional recommended reading
IT Governance Institute. COBIT 4.1. 2007.. ISBN 1-933284-72-2