Introduction to IT-Operations and Information Security
Study plans 2016-2017 - IMT1003 - 10 ECTS

Expected learning outcomes

Knowledge:

  • Basic IT concepts and methodologies
  • History, terms, concepts, threats, attacks, and controls about information security
  • Legal/ethic, technical, organizational, and cultural aspects of information security
  • Best practices in security planning and management

Skills:

  • Basic practical skills for IT operations
  • Methodologies for information security project planning, implementation, and management
  • Ability to identify potential security threats and to identify the correct information resource to address the threats
  • Basic communications skills in explaining the problem and presenting the security plan
  • Basic skill in literature and status survey and report writing

General competence:

  • Are aware of relevant professional, legal and ethical issues
  • Can carry out and document work independently in keeping with academic practice
  • Can convey technical material both written and oral
  • Students should be familiar with basic methods of thinking and innovation

Topic(s)

Part I: IT preliminaries

  • Computer principles
  • Network and data communications
  • Command line interfaces

Part II: Information security principles

  • Overview: history and concepts
  • Legal and ethical issues
  • Risk management
  • Information security planning (standards, best practice, and continuity strategies)
  • VPN, firewall, and intrusion detection
  • Authentication, identity management, privacy enhancing technologies
  • Database and cloud security
  • Cryptography
  • Physical security
  • Usability issues
  • Human factors (organizational and culture aspects) in deploying information security
  • Implementation and maintenance (software security, hardware security, system auditing and forensics, information security certifications)

Teaching Methods

Lectures
Group works
Mandatory assignments

Form(s) of Assessment

Portfolio Assessment
Written exam, 3 hours

Form(s) of Assessment (additional text)

Portfolio Assessment (veight 30%) consists of 2 assignments. The assignments are to be delivered via Fronter and as a two-sided print to the exams office. 

Written Exam (veight 70%), 3 hours. 

Both parts must be passed.

Grading Scale

Alphabetical Scale, A(best) – F (fail)

External/internal examiner

Internal examiner

Re-sit examination

Re-sit of written exam in August.

If fail on the portfolio, agreement on improvement must be made with course responsible.

Tillatte hjelpemidler

Code D: No printed or hand-written support material is allowed. A specific basic calculator is allowed.
Read more about permitted examination aids.

Coursework Requirements

None.

Teaching Materials

Core reading:

  • Michael E. Whitman and Herbert J. Mattord: Principles of Information Security, Thomson Course Technology, 5. ed (2015)

Additional readings

  • William Stallings and Lawrie Brown: Computer Security: Principles and Practice, 3. ed. (2014)
  • Gene Kim, Kevin Behr and George Spafford: The Phoenix Project: A Novel About IT, Dev Ops and Helping your Business Win, IT Revolution Press, First edition (2013). Available as e-book on Amazon
  • Torgeir Daler, Roar Gulbrandsen, Tore Audun High and Torbjørn Sjølstad: Handbook for Computer Security - information technology and risk management, Tapir Academic Press, 3rd edition (2010)
  • Personal Data Act and the Personal Data Regulations (available online:  www.lovdata.no)

Replacement course for

IMT1121