NTNU in Gjøvik has been offering a doctoral (Ph.D.) programme in Information Security in its own right since accreditation was granted in 2008 by the responsible regulatory body which has attracted successful high-calibre candidates nationally and internationally, but has been conducting nationally and internationally recognised research particularly in the areas of Information Security and media technology, particularly Colour Science previously. The success of these highly international research groups at the Faculty of Computer Science and Media Technology has resulted in the accreditation of a more broad-based doctoral programme in 2012, which continues the Ph.D. in Information Security as a separate and distinct degree. The overall doctoral programme is in Computer Science, however, and also allows candidates specialising in Information Security to choose a degree in Computer Science as the desired outcome.
Within the Ph.D. in Computer Science, several specialisation areas are available, and candidates may elect to have such specialisation areas highlighted explicitly as part of a Diploma Supplement. The specialisation areas include Information Security where candidates elect not to take the degree in Information Security outright.
Each specialisation area is generally aligned with one or more research groups investigating related areas including in explicit laboratories (see the informational appendix A for a description of active research groups), and for the purposes of the study plan is grouped into Tracks to capture commonalities in the area of studies to reflect the fact that Computer Science as a whole is sufficiently broad to require some further guidance. Not all possible specialisations that are generally considered to be constituents of Computer Science are reflected as Tracks. Instead, only Tracks coinciding with a research focus at NTNU in Gjøvik are instantiated. These tracks can change over time, and while a newly-enrolled candidate will normally remain within a single track, it is possible that at some point a change in track will occur, see section "Track Structure".
Given that Computer Science as a discipline has been in existence for more than half a century, it can no longer be considered as young and immature; its core constituent elements are ranging from the theory of computation, the study of algorithms and data structures, databases, programming language theory and formal methods, the study of concurrent and distributed systems, and information and coding theory among others in the theoretical field. In the area of applied Computer Science the development has almost inevitably been more fluid with new application areas arising whilst others have declined in relative importance. Many of these applied domains themselves such as artificial intelligence encompass a wide range of sub-domains, while others are linked closely with other disciplines such as electrical engineering and materials science in the case of computer engineering and computer architecture, even with the Arts and cognitive sciences in case of computer graphics and visualisation, other sciences as in the case of computational science or medicine and health care in the case of health informatics, and touching upon organisational sciences in sub-domains of software engineering and information science. Information security in turn is a cross-cutting concern that itself ranges from theoretical Computer Science and Mathematics to economics, touching on most if not all of the domains outlined above. A substantial aspect of Computer Science is the construction of models, which have incorporated a number of areas and are likely to expand in the foreseeable future as the systems amenable to computational exploration, analysis, and simulation expand. Many such models are exploratory in themselves, particularly in engineering-oriented sub-fields of Computer Science.
Both the characteristics of Computer Science as a genuine discipline and the need to reflect the range of specialisations have been reflected in the very first proposal identifying the term Computer Science, where an explicit Graduate School was put forward .
The Ph.D. in Information Security broadly overlaps the Ph.D. in Computer Science and much of the research conducted in the context of Information Security is indeed a sub-area of Computer Science. However, some specialisation areas in Information Security are more closely aligned with adjacent disciplines such as Psychology, Economics and Management, Law, Organisational Science, and Electrical Engineering, and the Ph.D. in Information Security is in part maintained as a separate degree programme to reflect this distinction.
By necessity any doctoral study is individualised even within closely related research areas; an overall study plan can hence only give an outline and template for the creation of such individual study plans. Broadly, however, any individual study plan must seek to ensure that a commensurate set of generic skills suitable for doctoral candidates is imparted, and that this is accompanied by an understanding of questions of research ethics both at a general level and where necessary more specific to a field of research. As is the case for any doctoral programme, moreover, one of the principal objectives is that candidates acquire a rigorous background and in-depth understanding of any Mathematical and scientific methods appropriate and suitable for their field of research and studies as a foundation for their original research. This is to ensure that one of the objectives of any doctoral programme is met, namely to enable candidates to undertake largely independent research on completion of the programme whilst having more specialised research under supervision where guidance both on the research questions to be pursued and the methods to be employed is imparted by a candidate’s supervisor or supervisors.
The overall structure is broadly divided into two components, namely the Taught Component and the Research Component. Both components can and will generally be conducted in parallel and should be mutually supporting the principal objectives of resulting in an original contribution to the body of knowledge in the area of specialisation and supporting learning outcomes described below (see section "Expected learning outcomes"). The candidate’s supervisor or supervisors will provide guidance in creating an individual study plan beginning with the elaboration of a set of taught modules to be taken throughout the course of studies and the research proposal at the time of admission. This individual study plan will, however, need to be reviewed and adjusted periodically to reflect changes in research direction, newly gained insights and knowledge, and in response to any contingencies arising. Reviews should take place as part of each Semiannual Review but may occur at any time.
The Ph.D.-regulations (in Norwegian) at NTNU:
Also see the PhD-regulations in English.
The programme is considered part of the third higher education cycle, namely the Ph.D. level. The Ph.D. programme is arranged in such a way that it normally can be completed within an effective three-year research education period assuming a full-time mode of study and extended pro rata for part-time studies. Of this period, the equivalent of at least one semester (30 ECTS Credit Points)is reserved for organised teaching and learning in a form and manner appropriate to the study outcomes including but not limited to courses and seminars, the Taught Component.
This Taught Component must be completed at the time of submission of the dissertation, but unless set out otherwise in case of a conditional admission (see section "Admission Criteria"), no further requirement on the time at which the taught Credit Points are to be accrued are made. The requirements for each module are set individually, and decisions are made on a Pass/Fail basis. All modules forming part of the Taught Component must be passed.
The Research Component of the programme encompasses the bulk of the candidate’s studies and is formally contiguous from the time of admission to the day of the viva voce. It is conducted under the supervision and guidance of the candidate’s supervisor or supervisors and will result in original contributions to the body of knowledge commensurate with the degree sought by the candidate. These advances should be documented through a peer review process prior to submission of the overall dissertation, but may be submitted as a single work where this is appropriate and justified by the character of the research and has been approved by the candidate’s supervisor or supervisors.
The Ph.D. programme must be completed (as determined by the date at which the viva voce takes place) within eight years from the date of admission as specified in the letter of admission. The above period may also be prolonged in case of formal interruption of studies or where extenuating circumstances have been taken recognised. Unless such extenuating circumstances are required to be considered by law, they are decided on a case by case basis by a committee consisting of the Director of Academic Affairs, the Director of the Ph.D. programme in Computer Science or Information Security as appropriate, and at least one of the academic supervisors of the candidate by unanimous consent. Where such consent is not reached, the application for prolonging the study period will be considered as denied.
A prolonged maximum study period may also be approved by the Admissions Board in consensus with the Director of Academic Affairs in cases where applicants wish to pursue the Ph.D. programme on a part-time basis. In such cases the maximum period must not exceed ten years and will be noted in the letter of admission.
The PhD programme is a supervised programme. The PhD student will have regular contact with his or her supervisors and will typically participate in a research group. For candidates pursuing their studies on a full-time basis, the targeted time to completion of studies is three years or four years in case the candidate holds relevant teaching or research duties.
As noted in section "Short description", the breadth of the discipline of Computer Science is such that some form of specialisation is inevitable at all but the most fundamental, but certainly at the doctoral level.
The Computer Science programme is therefore divided into Tracks, which represent groupings of research (i.e. the Research Component) with suitable modules forming the Taught Component. Each candidate will, as part of the initial application process including the formulation of the research proposal and individual study plan, identify one of the presently offered Tracks that is most closely aligned with the candidate’s research. These will generally coincide with major lines of research within the faculty and may change from time to time.
Information Security is administratively retained as a Track, but has a special position in the overall structure described here as it is the only Track that has a dedicated degree programme. Generally, a candidate wishing to pursue studies in Information Security must, as part of the formulation of the application and concomitant research propopsal and individual study plan, decide whether the application is to be considered for the degree programme Ph.D. in Information Security, or whether this is to be pursued as a specialisation area within an overall Ph.D. in Computer Science. In the latter case, a candidate may elect to have the specialisation area (Track) mentioned as part of a Diploma Supplement as is the case for all other Tracks.
Once a candidate has implicitly chosen a Track by virtue of the research topic (for a description of Tracks described below), this determines the Track-specific mandatory module as described below. The Track to be followed must be noted in the application documentation.
Candidates may change Tracks at any time; however, as this is only possible where the candidate changes the main research area, this must be approved by the candidate’s supervisor or supervisors. If the change of research area coincides with a change in supervisor, rules, procedures, and regulations for changes of supervisor must be followed and a suitably revised individual study plan must be submitted and approved.
Expected learning outcomes
The successful completion of a Ph.D. programme provides a number of specific learning outcomes listed in the sections below. Beyond these, it introduces candidates to the methods and principles of Mathematical and scientific inquiry. This is taught both explicitly in specific courses, and also attained by collaboration with researchers including the candidate’s supervisors and research groups. This also seeks to provide insights into the processes of research and project management beyond the immediate remit of a doctoral research project.
The specific learning outcomes expected to have been achieved upon completion of the study programme are grouped into three categories in accordance with the national qualification framework: Knowledge, Skills, and General Competence. These learning outcomes as listed below, relate to the generalised descriptions for Ph.D. level study released by the Ministry of Education and Research (Kunnskapsdepartementet, KD) .
For the purposes of the description below, the structure outlined in section 1 justifies consideration of Information Security as being encompassed by a broad definition of Computer Science and, where adjacent fields are concerned, that these are subsumed in this programme for the purposes of the study plan. The following does therefore not generally distinguish between Computer Science and Information Security but makes reference to a given specialisation area or Track unless otherwise noted.
The Knowledge learning outcomes are primarily achieved through the development of the dissertation and guidance provided by the supervisor during the course of the Ph.D. programme. The development of the thesis will generally arise from the preparation of peer-reviewed publication during the programme so as to ensure that the student is conversant with and in his or her area of specialisation at the forefront of research in their field. In cases where a dissertation is not accompanied by supporting peer-reviewed publications authored or co-authored by the candidate, alternative forms of assessing whether the candidate is similarly aligned to the state of the art will be devised by the supervisor or supervisors of the candidate.
The Taught Component for all Tracks includes a mandatory module which covers the foundations research ethics, and a mandatory module specific to the Track in which the research is undertaken but which provides a degree of contextualisation of the candidate’s own more narrowly defined research area. Beyond these mandatory module, candidates may choose under the guidance of their supervisor or supervisors from a range of optional modules that is adjusted and updated from time to time. These optional modules encompass areas including research methods and specialised modules generally covering aspects of the current state of the art in a specific research area. The outcomes of both the individual research in the Research Component and the completion of the Taught Component will result in:
Expected Knowledge Learning Outcomes
1. Knowledge of the most advanced research in the candidate’s specialisation area (Track) of Computer Science or Information Security, respectively
2. In-depth understanding of academic theory and the preparation of high-quality research pertinent to the field of study
3. Ability to select appropriate research methods and techniques suitable for the candidate’s research field
4. In-depth understanding the current state of the art in the individual research area, and the ability to appropriately employ methods and existing research results in the development of new knowledge, theories and presentation of research in the individual research area
The learning outcomes in the Skills domain relate to activities in the research community. The precise skills possible to acquire within the context of an individual study plan will vary as some research is intrinsically more collaborative in nature while other research may essentially be a largely solitary endeavour. Where appropriate, however, the Ph.D. programme will seek to impart skills suitable to the active participation in collaborative research and, on completion, also the ability to independently conduct and lead research within both an academic and potentially applied context such as one found in government and industry. Whilst the latter is not achieved or typically achievable by candidates themselves as part of their studies, successful completion of the programme enables to translate the understanding of processes and dynamics from observations and taught elements into such abilities. As in case of the previously described Knowledge outcomes, the preparation of the dissertation forms a significant part of the development of these learning outcomes. The experiences passed on from the supervisor and in the writing of peer-review publications contribute to the student’s ability to interact with the national and international research community and to disseminate their research findings. The outcomes of both the individual research in the Research Component and the completion of the Taught Component will result in:
Expected Skills Learning Outcomes
1. Ability to perform the planning and preparation as well as to lead and manage research projects in the area of Computer Science or Information Security, respectively, in academic as well as in government or industrial settings
2. Ability to support and participate in academic, government, and industrial research at an internationally competitive level
3. Ability to comprehend complex academic issues and the related ethical considerations pertaining to the design and conduct of research
4. Ability to understand and challenge the existing knowledge and practise in the chosen specialisation area of Computer Science or Information Security, respectively
The development of the General Competence required to participate actively and constructively in the international research community, and to interact with other collaborators from outside the area of specialisation of the candidate within the discipline — considering that the discipline is often called upon to serve as a bridge to other disciplines as noted in section "Short description" — and the general public are covered by a more varied set of learning outcomes.
The elaboration of the thesis and preparation of the dissertation still has a major impact in teaching the student how to organise and explain their thoughts and research but these outcomes go beyond the formal written presentation of scientific research. The ability to speak with clarity about these advanced research topics needs to be developed and is provided by the student’s attendance at conferences, seminars, and workshops for the presentation and discussion of publications. It is also the result of interactions at workshops, seminars, and tutorials within the faculty and culminating with the public oral defence of their research in the viva voce. Mandatory taught courses in research ethics are employed to develop an understanding of the wider societal impact of candidates’ research, while collaborative techniques enabling interaction with other disciplines and to conduct projects to provide high-quality, and ethically valid research will be imparted by supervisors as appropriate to enable candidates’ advanced understanding of both their area of specialisation and the wider context of their chosen domain within the discipline of Computer Science.
The outcomes of both the individual research in the Research Component and the completion of the Taught Component will hence result in:
Expected General Competence Learning Outcomes
1. Ability to identify new problems arising from recent developments in and related to the chosen research domain within the discipline of Computer Science or Information Security, respectively, and the ability to assess the likely impact of such developments on society
2. Ability to conduct ethically and scientifically sound research in the chosen specialisation domain of Computer Science or Information Security, respectively, within the bounds of the law and given due consideration of ethical and moral constraints
3. Ability to successfully conduct and manage research undertakings which may include aspects not only from the chosen research domain but also from other domains within the discipline of Computer Science or Information Security, respectively, and elements of interdisciplinary research involving diverse groups of individuals
4. Ability to organise and participate in research and development through established national and international research frameworks
5. Ability to argue the merits, limitations, and possibilities of new developments in the chosen research domain within the discipline of Computer Science or Information Security, respectively, at a level commensurate to the international state of the art such as in internationally recognised fora
6. Capability to apply current abstract research and methods within the chosen research domain to specific problems in creative and innovative ways
Both the Ph.D. in Information Security and Ph.D. in Computer Science are offered in English; this applies both for the Research Component and the Taught Components. Some specialised optional modules may be offered in a language other than English, and taught modules credited from other institutions may also be in a language other than English.
The working language of all research groups within the Faculty of Computer Science and Media Technology is English, and the faculty itself is constituted of a highly international body of academic staff together with a similarly international student body. This offers a rich set of opportunities to make contacts and gain understanding of academic and general culture beyond a candidate’s own.
NTNU in Gjøvik is active in the establishment and operation of national and international research schools, and encourages candidates to make use of the resources available in these research school environments such as courses, seminars, and exhcanges.
Establishing links to academics and research groups outside the college and particularly internationally is highly desirable, as is an exposure of candidates to working conditions and academic approaches at other, overseas institutions.
An individual study plan should therefore identify one or two opportunities for gaining experience at overseas institutions over the course of the doctoral studies where appropriate. Whilst overseas visits and stays are not mandatory and need not be arranged at the time of drawing
up an individual study programme, the need for making appropriate arrangements with hosting institutions makes taking such steps early on advisable.
The duration of the overseas stays should be several weeks to ensure sufficient exposure to the research environment at the hosting institution.
The target group for the Ph.D. study programmes encompasses candidates holding a relevant M.Sc. or M.A. degree (or equivalent) whose degree classification matches the requirements set out in the section Admission Criteria. Such candidates may wish to pursue careers as academics, research scientists, or to hold advanced positions related to both a candidate’s specialisation area and more broadly Computer Science or Information Security, respectively, in industry and government. In cases where research is conducted in an interdisciplinary area, candidates may also be drawn from these disciplines and return to these on completion of the degree programme.
In order to be admitted to a Ph.D. programme, the applicant must normally hold a M.Sc. or M.A. degree encompassing a total of five years of full-time studies together with an appropriate undergraduate degree equivalent to 300 ECTS Credit Points.
These degree programmes must be approved by NTNU as suitable for admission to the respective Ph.D. programmes.
M.Sc. or M.A. degree programmes relevant for the purposes of the Ph.D. in Computer Science and Ph.D. in Information Security include but are not limited to Mathematics, Computer Science, and Electrical Engineering and combined degree programmes incorporating substantial elements of these. Further degree programmes in different or related subjects may be approved on an individual basis taking particularly the proposed area of doctoral research of a candidate into account. Generally such degrees from related or adjacent disciplines will be held in areas that are of immediate relevance to the research area forming the candidate’s proposed research area.
For an application to be accepted, the above degrees must also satisfy minimum requirements for degree classification. Based on the common Norwegian degree classification scheme, these requirements are:
- The candidate’s average grade for the undergraduate degree (generally B.Sc. or B.A.) must be A, B or C (or equivalent)
- The candidate’s average grade for the postgraduate degre (generally M.Sc. or M.A.) must be A or B (or equivalent)
- The candidate’s M.Sc./M.A. dissertation must have grade A or B (or equivalent)
These requirements may be waived or reduced in part by unanimous vote of the Admissions Board in exceptional circumstances. These include cases where an equivalent degree classification cannot be established or mapped onto the above scale.
Where candidates hold more than one degree of the type stipulated above, the Admissions Board will take cognizance of the degree more closely aligned with the proposed research area or, where this cannot be established, will give precedence to the most recent degree obtained.
Where the format of a candidate’s degre programme does not comply with the above structure, the Admissions Board will seek to identify a suitable mapping. This will generally be the case where a single degree programme encompasses the equivalent of the 300 ECTS Credit Points; these are considered to be equal to a structured programme.
Moreover, waivers and reductions may also form part of a conditional admission. These may be granted if the Admissions Board is satisfied that extenuating circumstances are applicable for a given candidate or if a candidate does not fully satisfy the conditions outlined above. This will generally be the case where a candidate has not completed degrees whose studies are equivalent to 300 ECTS Credit Points or where the postgraduate element does not contain an explicit dissertation. However, the Admissions Board can decide from time to time that a condition be imposed on a candidate for admission based on unanimous consent.
Failure on the part of the candidate to meet the requirements imposed by the Admission Board as part of the admission letter will result in the admission considered to be rejected effective with the date of the original decision regarding the application.
A candidate satisfying the admission criteria described above fulfills only necessary conditions for being admitted into the programme. In addition to these requirements, a candidate must also be successfully assigned to a principal supervisor and must have submitted a research proposal and application documents satisfying the candidate’s anticipated supervisor or supervisors.
The anticipated principal supervisor (or one of the supervisors in case a co-supervision is anticipated) must be satisfied that he or she has adequate resources at his or her disposal to provide adequate supervision, and that the proposed research area of the candidate is such that it falls within the area of competence of at least one of the anticipated supervisors or of the principal supervisor. If any of these conditions cannot be satisfied, an application may be rejected; in this case the admissions board will note that the rejection does not reflect an inadequacy on the part of the candidate if appropriate.
The Taught Component of an individual Ph.D. study plan instance must comprise at least 30 ECTS Credit Points. These 30 ECTS Credit Points must be part of an approved study plan which may encompass more than 30 Credit Points together, but where any Credit Points attained beyond the requirement will not have any impact on the assessment of the degree programme outcome.
The initial study plan is must form part of the application to the chosen Ph.D. programme and is elaborated in co-ordination and approved by the prospective supervisor before being duly considered by the Admissions Board for approval. On acceptance into the Ph.D. programme, the individual study plan may also be amended and altered subsequently at any time. Changes and amendments must be approved by the candidate’s supervisor or supervisors and, once this condition has been met, must be submitted in writing for approval to the Director of the Ph.D. Study Programme. Candidates are responsible for ensuring that a current and valid individual study plan is held by the Secretariat of the Ph.D. programme. This includes the responsibility to identify whether chosen modules are or can be offerend within the cycles chosen and identified in the individual study plan.
If, as part of the elaboration of an individual study plan, it is determined that a candidates research or courses forming the core of the study plan have further prerequisites, a candidate can be required to take additional courses and seminars in excess of the 30 ECTS Credit Points.
No Credit Points may be accrued for courses taken at the undergraduate level, but up to 10 Credit Points may be approved for courses taken at the M.Sc. level.
No courses forming part of the individual study plan may have been previously credited in the course of any other degree programme. The review of individual study plans ensures that overlap between courses credited to other degree programmes and the individual study plan for the Ph.D. programme are minimised.
From time to time courses may also be taken for credit from other accredited institutions provided that it can be established that the content and level of such courses is equivalent; the approval process for such external courses is undertaken by the Director of the Ph.D. Study Programme or the Director of the study programme most closely aligned with the module submitted for approval and requires submission of the syllabus and curriculum as well as of any assessment criteria by the candidate together with a valid official transcript of the module.
If a candidate has taken courses prior to commencing studies in the chosen Ph.D. programme, Credit Points which have not previously been credited to another degree programme may be credited provided that the examination awarding the marks and concomitant Credit Points has taken place less than five years before the start of the studies under the chosen Ph.D. programme. Where Credit Points are to be credited for courses which were not marked on a Pass/Failed basis, they must have been marked at either the A or B grade (or equivalent).
Each individual study plan must encompass one module on research ethics and one module which is specific to the programme or Track chosen by the candidate (see section "Tracks" below). These modules must be taken at the Ph.D. level and are offered by Gjøvik University College from time to time. Where equivalents of such modules are to be taken from other institutions, this will require separate approval and precise scrutiny of the respective module syllabus.
The requirements for the Ph.D. in Information Security are the same as for the Track in Information Security within the Ph.D. in Computer Science. All Ph.D. candidates (regardless of whether they are enrolled in the Ph.D. in Information Security or Ph.D. in Computer Science programme) must successfully complete the following module or an approved equivalent, namely IMT 6001 (Ethics and Legal Aspects of Scientific Research).
Candidates are also strongly encouraged to learn about general aspects of scientific and Mathematical inquiry, particularly on methods both of a general and more subject-specific nature, and also on the communication of research results including the review and analysis of results and outcomes. This may take the form of explicit modules or direct interaction with supervisors and other academic staff as appropriate.
A Track is determined by a Research Component falling within the remit of the research group and supervisor or supervisors of the candidate. Based on this research area, a candidate is assigned to a Track; as noted in section "Track Structure", it is possible for a candidate to change Tracks at any time, but this requires a complete revision and re-approval of the individual study plan.
Although the modules given here are mandatory, it is possible that candidates obtain credit for the respective module from other institutions provided that the subject matter and outcomes are equivalent or more comprehensive.
Information Security is a special case in that it is both a Track of the Ph.D. in Computer Science and also a degree programme on its own. However, both for the Ph.D. in Information Security and any candidate on the Information Security Track, the Track-specific mandatory module is the same, namely IMT6011 Introduction to Information Security.
Candidates conducting research in the area of image processing and analysis should take the module IMT6151 Selected Topics In Image Processing.
Candidates conducting research in the area of video processing and analysis should take the module IMT6161 Selected Topics In Video Processing.
Games and Interactive Systems
Candidates conducting research in the area of computer and computer-assisted games, serious games, and interactive systems should take the module IMT6231 Serious Games.
Candidates conducting research in the area of web- and cloud-based systems should take the module IMT6191 Selected Topics in Web-Based Systems.
Candidates conducting research in the area of database systems and theory should take the module IMT6181 Selected Topics in Database Systems.
Candidates conducting research in the area of mobile systems, devices, and networks should take the module IMT6221 Mobile Technology.
Candidates conducting research in the area of colour science should take the module IMT6141 Selected topics in Colour Imaging.
The list of approved courses and their availability in a given time period is updated from time to time and is considered at the time of submission of the individual study plan and when such study plans are considered for changes or amendments. The list of approved courses is hereby formally included by reference into this document.
See also the Regulations for the Degree of Philosophiae Doctor (Ph.D.)
Candidates must submit semi-annual reports to the Secretariat of the Ph.D. programme. These reports are not separate work items but instead are only to contain a summary of activities of the candidate in the reporting period as well as the planned activities for the following reporting period. Where technical reports, publications, or submissions for publication have been produced, this should be identified in the report, and the output included with the report where possible. Before a report is to be submitted to the Secretariat, it must be approved by at least the principal supervisor. The notional beginning of the first reporting period is the day on which a candidate is enrolled in the Ph.D. programme proper.
No technical requirements are imposed at this point.