Introduction to security Planning and Incident Handling
Study plans 2016-2017 - IMT3521 - 10 ECTS

Expected learning outcomes


The student understands contingency planning and its components. This includes the role of policies and procedures as well as risk assessment, business impact analysis, incident reporting and response and business resumption planning.

The student understands how to plan for and perform incident response.

The student understands known problems withing incident reporting systems.

The student has good overview of planning for business continuity of critical business systems.

The student can plan for and handle larger and smaller incidents and disasters.

The student can organize an incident response team in a manner that ensures good handling of incidents while also making sure staff burnout is avoided.

General Competence

The student has broad knowledge of security planning and incident response and is able to communicate this to others.

The student is able to handle the many conflicts between security and other fields that inevitably arise. Security procedures can for example be seen as cumbersome and ineffective, causing employees to disregard them. The student shall be able to reason and solve such problems.


 1. Introduction and Overview of Contingency Planning
 2. Planning for Organizational Readiness: Risk management, limits to risk management, incident reporting systems, business impact analysis
 3. Incident Response: Preparation, organization, prevention, detection, notification, reaction, recovery, maintenance, operational problems for CSIRTS and organizational models for CSIRTs
 4. Disaster Recovery: Preparation, implementation, operation and maintenance
 5. Business Continuity: Preparation, implementation, operations and Maintenance
 6. Crisis Management and Human Factors

Teaching Methods

Group works
Net Support Learning
Project work

Teaching Methods (additional text)

Group projects with supervision in addition to lectures.

The course will be made accessible for both campus and remote students. Every student is free to choose the pedagogic arrangement form that is best fitted for her/his own requirement. The lectures in the course will be given on campus and are open for both categories of students. All the lectures will also be available on Internet through the learning management system (ClassFronter).

Form(s) of Assessment

Written exam, 3 hours
Evaluation of Project(s)

Form(s) of Assessment (additional text)

Assessment: An overall evaluation based on a 100 point scale, where project work counts 50 points and final written exam counts 50 points. Conversion from 100 point scale to A-F scale according to recommended conversion table. In specific circumstances, emneansvarlig can slightly adjust the limits in the conversion table to enforce compatibility with the qualitative descriptions on the A-F scale. Both the project and the final exam must be passed to achieve a passing grade in the course.

Grading Scale

Alphabetical Scale, A(best) – F (fail)

External/internal examiner

Evaluated by internal examiner, external examiner is used periodically (every four years, next time in 2014/2015)

Re-sit examination

No re-sit examination. The entire course has to be redone.

Examination support

English-Norwegian, other language-Norwegian or English-other language dictionary

Teaching Materials

Michael Whitman, Herbert Mattord and Andrew Green: Principles of Incident Response and Disaster Recovery, 2nd Edition. Thomson, 2014.

Additional literature will be handed out or made available through Fronter.

Additional information

The lectures given in this course is in common for IMT3521 and the master course IMT4841.