Introduction to Information Security Management
Study plans 2016-2017 - IMT4115 - 7.5 ECTS

Expected learning outcomes


  • The candidate possess through knowledge of the fundamental theories , models practices of  information security management for both large and small organization. 
  • The candidate possess insight and understanding  of  ethical and legal aspect information security management and privacy management
  • The candidate possesses good understanding of the risk management processes
  • The candidate possesses good understanding of  security planning and incident management process
  • The candidate possess insight and good understand of security awareness and security escalations issues in information security management work
  • The candidate possess insight and good understand of both macro and micro economics issues in information security management.
  • The candidate possess insight of the technological innovation process in IT security and its effect on security management.
  • The candidate possess basic knowledge of the standards  in information security management


  • The candidate is capable of analyzing existing theory , models and methods in the field of information security management and work independently on solving theatrical and practical problems.
  • The candidate is capable of applying his/her knowledge to both modeling  the potential problems and the solutions in information security management and be able to communicate this problems and solutions using basic rhetorical skills.
  • The candidate is capable of using and the basic terminology and is aware of the basic standards used in the area.

General competence:

  • Can participate in group work and manage different organization roles of information security management.


  • Introduction to System Thinking and Scientific Management
  • Cultural, Organization and Behavior theories  used information security management  organization.
  • Legal and Ethical Aspects of Information and Privacy Management.
  • Overview of current information security management standards and practices
  • Basic Micro and Macro Theory of Information Security
  • Introduction to Risk, Threat and vulnerability Modeling
  • Information Security Management and Security Awareness education and training
  • Overview of Security Planning and Incident Management

Teaching Methods

Group works
Net Support Learning
Mandatory assignments
Project work

Teaching Methods (additional text)

The course will be made accessible for both campus and remote students. Every student is free to choose the pedagogic arrangement form that is best fitted for her/his own requirement. The lectures in the course will be given on campus and are open for both categories of students. All the lectures will also be available on Internet through GUC’s learning management system (Fronter).

Form(s) of Assessment


Form(s) of Assessment (additional text)

  • Project reports (49%)
  • 2-hours written individual exam (51%).
  • Each part must be passed to pass the course.

Grading Scale

Alphabetical Scale, A(best) – F (fail)

External/internal examiner

The project reports are evaluated by internal examiner, both internal and external examiner for the written exam.

Re-sit examination

Ordinary re-sit examination for the written exam in August.

A new, written assignment must also be completed for failed project report.

Coursework Requirements

Each group must present and get approval on their mini case work s/case.

Teaching Materials

Books/standards, conference/journal papers and web resources.

Maani, Kambiz E.; Cavana, Robert Y. Systems Thinking And Modelling. Pearson Education. 9781877371035


Michael Whitman, Herbert Mattord og Andrew Green: Principles of Incident Response and Disaster Recovery, 2nd Edition. Thomson, 2014.

Marie A. Wright: John S Kakalik , Information Security: Contemporary Cases

Information Security: Contemporary Cases , Jones and Bartlett Publishers, Inc. , USA ©2006 ISBN:0763738190

PDF Version of slides and exercises as published on-line


Alan Calder & Steve Watkins. IT Governance : IT Governance: A Manager's Guide to Data Security and ISO 27001 / ISO 27002. Fourth Edition. Kogan Page. 2008.

Peter L. Bernstein, "Against the Gods - the Remarkable Story of Risk", John Wiley & Sons, ISBN 0-471-29563-9 ,Paperback, 1998

Replacement course for

IMT4571 IT Governance