Risk Management for Information Security
Study plans 2016-2017 - IMT4129 - 7.5 ECTS

Expected learning outcomes

Knowledge:

• Possesses advanced knowledge on at least one specific framework or standard in Risk Management/ Analysis.
• Possesses insight and good understanding of the practical work of Risk Management/Analysis.
• Possesses advanced knowledge of selected challenges facing the risk analyst.

Skills:

• Is able to apply a given standard, framework or method for Risk Management/Analysis in an organization.
• Is able to challenge established practices/views held by other practitioners.

General competence:

• Advanced level of understanding of assumptions/principles and models on which risk analysis methods are/should be based.

Topic(s)

• Case study role play
• Selected Risk Management Method(s).
• Classifications of Risk Management methods
• Decission theory
• Risk, Threat and vulnerability discovery
• Uncertainty
• Game theory

Teaching Methods

Lectures
Group works
Mandatory assignments
Project work
Meeting(s)/Seminar(s)

Form(s) of Assessment

Oral exam, individually
Evaluation of Project(s)
Other

Form(s) of Assessment (additional text)

• Group project reports (49%)
• Oral, individual examination (51%).
• Each part must be passed to pass the course

Grading Scale

Alphabetical Scale, A(best) – F (fail)

External/internal examiner

Evaluated by external and internal examiner.

Re-sit examination

The student must design a new scenario/case and all reports must be re-submitted, based on the new case, next time the course is running.

Re-sit examination for the oral examination in August.

Coursework Requirements

A scenario/case description must be submitted within 10 days of the first lecture.

Each group must present their scenario/case.

Teaching Materials

Books/standards, conference/journal papers and web resources. E.g. the  ISO27005 standard, ISACA RISKIT literature.

Replacement course for

Risk Management 1 and 2