ITSM, Security and Risk Management
Study plans 2016-2017 - IMT2008 - 10 ECTS


IMT1003 Introduction to IT-Operations and Information Security

On the basis of

IMT2243 Software Engineering

Expected learning outcomes


  • The student understand and can explain the general principles of IT/IS security management
  • The student has a good overview of past and present national and international security and privacy compliances standards and rules.
  • The student has and understanding and can apply basic organizational theory and organizational behavior concepts to the information security and information technology management problem
  • The student has a good overview of planning for business continuity and can identify of critical systems
  • The student should understand and can explain security requirements for a IT outsource


  • The student can, given guidelines or standards carry out a threat and risk assessment on a given information/technology systems
  • The candidate can collaborate with system owners and supervisors and can adjust his or her practice based on their feedback
  • The student can organize an structure an incident response team
  • The student can present security problems and solutions to both employees and managers

General Competence

  • The student can lead and contribute to security work or a team of diverse experts and competence
  • The student candidate is aware of the importance of both mastering oral and written communication skills in regards to explaining security problem and security solutions to systems owners and users in both face-to-face and online environments.


  • Governance Compliance Risk of and in IS/IT Systems
  • Privacy Compliance, Legal Compliance
  • Security Policy and regulation development
  • Threat Modeling
  • Risk Monitoring
  • Risk Communication
  • Risk Analysis
  • System Modeling and socio-technical analysis
  • Safety and/vs Security Management
  • Organizational Theory and Security
  • Organizational Behavior and Security
  • Information classification and access control
  • Incident response, planning and execution
  • Investigation and Ethics
  • Security Standards and Best Practices
  • Security , Awareness Training , of management and employees
  • Management tools and practices
  • Security Metrics and Key performance indicators
  • Outsources contracts and IS/IT security (IS/IT) in the cloud

Teaching Methods

Group works
Net Support Learning
Mandatory assignments

Teaching Methods (additional text)

The student students are assigned to a group of 3-6 persons. Each group get a task assigned from a external systems owner and a particular case. The project are based information security cases and involve risk assessments of current and future systems (innovations) and also contingency planning of these systems.

Form(s) of Assessment

Written exam, 2 hours
Evaluation of Project(s)

Form(s) of Assessment (additional text)

  • Written exam, 2 hours, counts for 50 %
  • Assessment of projects, counts for 50 %
  • Both parts must be passed.

Grading Scale

Alphabetical Scale, A(best) – F (fail)

External/internal examiner

External examiner first time the course runs.

Re-sit examination

Re-sit examination for the written exam in August.

Tillatte hjelpemidler

Code D: No printed or hand-written support material is allowed. A specific basic calculator is allowed.
Read more about permitted examination aids.

Replacement course for

IMT1132, IMT1381 og IMT3521