Theory and Practise of Legal, Privacy, and Organizational Requirements
Study plans 2016-2017 - IMT4206 - 7.5 ECTS

Expected learning outcomes


  • The candidate possesses advanced knowledge in legal aspects especially relevant for information security and privacy. This applies particularly to the legal regulation of matters of importance to safeguarding confidentiality, integrity, access and quality.
  • The candidate possesses good theoretical understanding of modern organization and how legal and privacy requirements are codified and regulated internally and externally through policies and guidelines and requirements specification in products and services.


  • The candidate is capable of performing critical analysis of various literature sources regarding legal and organizational aspects of information security and privacy.
  • The candidate is capable of carrying out an independent limited research or development project in legal aspects of information security and privacy  under supervision, following the applicable ethical rules.

General competence

  • The candidate is capable of analyzing relevant professional and research ethical problems in legal aspects of information security and privacy.
  • The candidate is capable of applying his/her knowledge about legal aspects of information security and privacy  in new fields, in order to accomplish advanced tasks and projects.
  • The candidate can work independently and is familiar with legal terminology
  • The candidate can work independently with transforming technical security and privacy requirements in to services and product specification.


  • Historical review of security and privacy requirements in products and services.
  • General review of regulation and laws with electronic commerce and e-government
  • Introduction to contract law and procurement regulation
  • Review The E-Comm act of Norway, EU etc.
  • From RFI’s to RGQ’s -to operations

Teaching Methods

Group works
Net Support Learning
Project work

Teaching Methods (additional text)

The course will be made accessible for both campus and remote students. Every student is free to choose the pedagogic arrangement form that is best fitted for her/his own requirement. The lectures in the course will be given on campus and are open for both categories of students. All the lectures will also be available on Internet through GUC’s learning management system (Fronter).

Form(s) of Assessment

Written exam, 3 hours

Form(s) of Assessment (additional text)

Written exam, 3 hours

Grading Scale

Alphabetical Scale, A(best) – F (fail)

External/internal examiner

Internal and external examiner.

Re-sit examination

Ordinary re-sit examination in August.

Tillatte hjelpemidler

Code C: Specified printed and hand-written support material is allowed. A specific basic calculator is allowed.
Read more about permitted examination aids.

Coursework Requirements


Teaching Materials

Books/legal text/standards, conference/journal papers and web resources.

Such as

Act relating to certain aspects of electronic commerce and other information society services (Electronic Commerce Act).

Lov 2003-05-23 nr 35: Lov om visse sider av elektronisk handel og andre informasjonssamfunnstjenester (ehandelsloven)

Replacement course for

IMT4591 Legal Aspects of Information Security