Risk Management for Information Security
Study plans 2016-2017
-
IMT4129
- 7.5 ECTS
Expected learning outcomes
Knowledge:
- Possesses advanced knowledge on at least one specific framework or standard in Risk Management/ Analysis.
- Possesses insight and good understanding of the practical work of Risk Management/Analysis.
- Possesses advanced knowledge of selected challenges facing the risk analyst.
Skills:
- Is able to apply a given standard, framework or method for Risk Management/Analysis in an organization.
- Is able to challenge established practices/views held by other practitioners.
General competence:
- Advanced level of understanding of assumptions/principles and models on which risk analysis methods are/should be based.
Topic(s)
- Case study role play
- Selected Risk Management Method(s).
- Classifications of Risk Management methods
- Decission theory
- Risk, Threat and vulnerability discovery
- Uncertainty
- Game theory
Teaching Methods
Lectures
Group works
Mandatory assignments
Project work
Meeting(s)/Seminar(s)
Form(s) of Assessment
Oral exam, individually
Evaluation of Project(s)
Other
Form(s) of Assessment (additional text)
- Group project reports (49%)
- Oral, individual examination (51%).
- Each part must be passed to pass the course
Grading Scale
Alphabetical Scale, A(best) – F (fail)
External/internal examiner
Evaluated by external and internal examiner.
Re-sit examination
The student must design a new scenario/case and all reports must be re-submitted, based on the new case, next time the course is running.
Re-sit examination for the oral examination in August.
Coursework Requirements
A scenario/case description must be submitted within 10 days of the first lecture.
Each group must present their scenario/case.
Teaching Materials
Books/standards, conference/journal papers and web resources. E.g. the ISO27005 standard, ISACA RISKIT literature.
Replacement course for
Risk Management 1 and 2