Risk Management for Information Security
Study plans 2016-2017 - IMT4129 - 7.5 ECTS

Expected learning outcomes


  • Possesses advanced knowledge on at least one specific framework or standard in Risk Management/ Analysis.
  • Possesses insight and good understanding of the practical work of Risk Management/Analysis.
  • Possesses advanced knowledge of selected challenges facing the risk analyst.


  • Is able to apply a given standard, framework or method for Risk Management/Analysis in an organization.
  • Is able to challenge established practices/views held by other practitioners.

General competence:

  • Advanced level of understanding of assumptions/principles and models on which risk analysis methods are/should be based.


  • Case study role play
  • Selected Risk Management Method(s).
  • Classifications of Risk Management methods
  • Decission theory
  • Risk, Threat and vulnerability discovery
  • Uncertainty
  • Game theory

Teaching Methods

Group works
Mandatory assignments
Project work

Form(s) of Assessment

Oral exam, individually
Evaluation of Project(s)

Form(s) of Assessment (additional text)

  • Group project reports (49%)
  • Oral, individual examination (51%).
  • Each part must be passed to pass the course

Grading Scale

Alphabetical Scale, A(best) – F (fail)

External/internal examiner

Evaluated by external and internal examiner.

Re-sit examination

The student must design a new scenario/case and all reports must be re-submitted, based on the new case, next time the course is running.

Re-sit examination for the oral examination in August.

Coursework Requirements

A scenario/case description must be submitted within 10 days of the first lecture.

Each group must present their scenario/case.

Teaching Materials

Books/standards, conference/journal papers and web resources. E.g. the  ISO27005 standard, ISACA RISKIT literature.

Replacement course for

Risk Management 1 and 2