Security Privacy and Risk Management Case Study
Study plans 2016-2017 - IMT4207 - 7.5 ECTS


IMT4129 Risk Management for Information Security, IMT4127 Security Management Metrics, IMT4128 Socio-technical Systems Enabled Crime

Expected learning outcomes


  • The candidate possess though knowledge of ethical and legal aspect information security management and privacy management
  • The candidate possesses through understanding of the risk management processes for both security and privacy issues with both larger and small orgnaizations.
  • The candidate possesses through understanding of   security planning and incident management process
  • The candidate possess a broad understanding of  how different security and methodologies and practices are used in approaching different information security problems and solutions.
  • The candidate possess the insight and awareness of relevant  practical and scientific sources in relations to information security  problems and solutions.


  • The student can  analysi read and even write  
  • security warnings and common vulnerability events bullentins that are used following industrial best practices today.
  • The student can perform a security , privacy and risk analysis of  an organization security both from second had and first and infrormation
  • The student has the capability to interview appropriate stakeholders in a organization  questions to extract information about a security incident outlined in a security scenario.
  • The students has the capability to analysis and write information security policy guidelines and rules .

General competence

  • The student is capable of analyzing relevant professional and research ethical problems in information security organization and management.
  • The student is capable of leading the discussions of  a group of security and non security professoinals  in a meeting or workshop.
  • The student is capable of leading and contributing to both organization and technological innovation processes.


  • Review on how to work with cases base information
  • How to lead a root cause analysis and a after action review.
  • Current PSIRT and CERT systems.
  • Internal reporting of  information Security and Privacy Incidents 
  • External Reporing of information Security and Privacy Incidents

Teaching Methods

Group works
Net Support Learning
Mandatory assignments
Project work

Teaching Methods (additional text)

The course will be made accessible for both campus and remote students. Every student is free to choose the pedagogic arrangement form that is best fitted for her/his own requirement. The lectures in the course will be given on campus and are open for both categories of students. All the lectures will also be available on Internet through GUC’s learning management system (ClassFronter).

Form(s) of Assessment


Form(s) of Assessment (additional text)

  • Group Project reports (49%)
  • Individual, written reflection on the group project work (51%).
  • All parts must be passed to pass the course.

Grading Scale

Alphabetical Scale, A(best) – F (fail)

External/internal examiner

Evaluated by external and internal examiner.

Re-sit examination

Yes, in accordance with the course responsible.

Coursework Requirements

Each group must present their mini case work s/case (approved/not approved).

Teaching Materials

Books/standards, conference/journal papers and web resources.

Replacement course for

Partly (50%) of IMT4841 Security Planning and Incident Management