Introduction to Information Security Management
Study plans 2016-2017
- 7.5 ECTS
Expected learning outcomes
- The candidate possess through knowledge of the fundamental theories , models practices of information security management for both large and small organization.
- The candidate possess insight and understanding of ethical and legal aspect information security management and privacy management
- The candidate possesses good understanding of the risk management processes
- The candidate possesses good understanding of security planning and incident management process
- The candidate possess insight and good understand of security awareness and security escalations issues in information security management work
- The candidate possess insight and good understand of both macro and micro economics issues in information security management.
- The candidate possess insight of the technological innovation process in IT security and its effect on security management.
- The candidate possess basic knowledge of the standards in information security management
- The candidate is capable of analyzing existing theory , models and methods in the field of information security management and work independently on solving theatrical and practical problems.
- The candidate is capable of applying his/her knowledge to both modeling the potential problems and the solutions in information security management and be able to communicate this problems and solutions using basic rhetorical skills.
- The candidate is capable of using and the basic terminology and is aware of the basic standards used in the area.
- Can participate in group work and manage different organization roles of information security management.
- Introduction to System Thinking and Scientific Management
- Cultural, Organization and Behavior theories used information security management organization.
- Legal and Ethical Aspects of Information and Privacy Management.
- Overview of current information security management standards and practices
- Basic Micro and Macro Theory of Information Security
- Introduction to Risk, Threat and vulnerability Modeling
- Information Security Management and Security Awareness education and training
- Overview of Security Planning and Incident Management
Net Support Learning
Teaching Methods (additional text)
The course will be made accessible for both campus and remote students. Every student is free to choose the pedagogic arrangement form that is best fitted for her/his own requirement. The lectures in the course will be given on campus and are open for both categories of students. All the lectures will also be available on Internet through GUC’s learning management system (Fronter).
Form(s) of Assessment
Form(s) of Assessment (additional text)
- Project reports (49%)
- 2-hours written individual exam (51%).
- Each part must be passed to pass the course.
Alphabetical Scale, A(best) – F (fail)
The project reports are evaluated by internal examiner, both internal and external examiner for the written exam.
Ordinary re-sit examination for the written exam in August.
A new, written assignment must also be completed for failed project report.
Each group must present and get approval on their mini case work s/case.
Books/standards, conference/journal papers and web resources.
Maani, Kambiz E.; Cavana, Robert Y. Systems Thinking And Modelling. Pearson Education. 9781877371035
Michael Whitman, Herbert Mattord og Andrew Green: Principles of Incident Response and Disaster Recovery, 2nd Edition. Thomson, 2014.
Marie A. Wright: John S Kakalik , Information Security: Contemporary Cases
Information Security: Contemporary Cases , Jones and Bartlett Publishers, Inc. , USA ©2006 ISBN:0763738190
PDF Version of slides and exercises as published on-line
Alan Calder & Steve Watkins. IT Governance : IT Governance: A Manager's Guide to Data Security and ISO 27001 / ISO 27002. Fourth Edition. Kogan Page. 2008.
Peter L. Bernstein, "Against the Gods - the Remarkable Story of Risk", John Wiley & Sons, ISBN 0-471-29563-9 ,Paperback, 1998
Replacement course for
IMT4571 IT Governance