1. GUC
  2. Course catalogue
  3. Student handbook
  4. Study plans 2016-2017
  5. Courses 2016-2017
  6. Avdeling for informatikk og medieteknikk
  7. IMT4772 Risk Management 2

Risk Management 2
Study plans 2016-2017 - IMT4772 - 5 ECTS

Prerequisite(s)

 IMT4762

Expected learning outcomes

The course contributes towards the following learning outcomes:

Knowledge

  • Possesses advanced knowledge within the area covered by the Master Programme.
  • Possesses specialized insight and good understanding of the research frontier in a selected part of the topic covered by the Master Programme..

Skills

  • Is able to analyze existing theories, methods and interpretations and to challenge established knowledge and practice in the media technology area.
  • Is able to use relevant and suitable methods when carrying out research and development activities in the area of media technologyF4: Is able to critically review relevant literature when solving new or complex problems and is able to integrate the findings into the proposed solution.
  • Is able to plan and complete an independent and limited research or development project with guidance and in adherence to research ethics.

Having completed the course, the students should have:

  • advanced level of understanding of assumptions and models on which risk analysis methods are based .
  • deep understanding of how different assumptions/models influence outcomes of different risk analysis methods.

Topic(s)

  •  Classifications of Risk Management methods
  •  Examples of Risk Management Methods.
  •  Decission theory
  •  Risk, Threat and vulnerability discovery
  •  Uncertainty
  •  Game theory

Teaching Methods

Lectures
Exercises

Teaching Methods (additional text)

Slides from the lectures will be available through GUC’s learning management system (Fronter).

Form(s) of Assessment

Other

Form(s) of Assessment (additional text)

  •  Written exam 3 hours (alternatively oral exam): 51%
  •  Projects: 49%.
  •  Both parts must be passed.

To ensure fairness, course deliverable grading will depend on deliverable quantity, quality and the number of contributing students.

Examination format (written/oral) will be decided eight days after the course work deadline.

Grading Scale

Alphabetical Scale, A(best) – F (fail)

External/internal examiner

Evaluated by external and internal examiner.

Re-sit examination

For the written exam: Re-sit examination in August. For the projects: The next time the course is running.

Tillatte hjelpemidler

Code D: No printed or hand-written support material is allowed. A specific basic calculator is allowed.
Read more about permitted examination aids.

Coursework Requirements

Draft project report including scenario suitable as a basis for the other chapters.  The draft report must be submitted via Fronter within 10 days of the first lecture. 

Teaching Materials

Books, articles and WEB resources such as

 RA method classification  

Bornman, G, and Labuschagne, L, 2004, A comparative framework for evaluating information security risk management methods, In proceedings of the Information Security South Africa Conference. 2004, www.infosecsa.co.za

Vorster, A. and Labuschagne, L. 2005. A framework for comparing different information security risk analysis methodologies. In Proceedings of the 2005 Annual Research Conference of the South African institute of Computer Scientists and information Technologists on IT Research in Developing Countries (White River, South Africa, September 20 - 22, 2005). ACM International Conference Proceeding Series, vol. 150. South African Institute for Computer Scientists and Information Technologists, 95-103.

ENISA. Inventory of risk assessment and risk management methods. Deliverable 1, Final version Version 1.0, 0/03/2006

Campbell and Stamp. A classification scheme for Risk Assessment Methods. Sandia Report. SAND2004-4233.

 RA method examples  

IDART (http://www.idart.sandia.gov/method.html)

NIST SP 800-42, p3.1 - 3.21, 4.1- 4.3, C.1-C.9

NIST SP 800-30. p8-27

OECD, “OECD Guidelines for the Security of Information Systems and Networks -- Towards a Culture of Security.” Paris: OECD. July 2002. www.oecd.org. P 10-12

ISO/IEC 27005:2008(E) Information technology - Security techniqueues - Information security risk management

 Decision theory  

Sven Ove Hansson. Decision Theory - A brief introduction. 2005

http://en.wikipedia.org/wiki/Newcomb%27s_paradox 

http://en.wikipedia.org/wiki/St_Petersburg_Paradox 

Sven Ove Hansson. Fallacies of Risk

 Risk Threat and Vulnerability discovery  

ISO 27005, Annex C,D

Ed Yourdon. Just enough Structured Analysis. Chapter 9, Dataflow diagrams. + 'How to'.

The vulnerability assessment and mitigation methodology. Chapter 1-4, p. 1-36. MITRE technical report..

 Uncertainty  

Lindley, Dennis V. (2006-09-11). Understanding Uncertainty. Wiley-Interscience. ISBN 978-0470043837

H. Campbell. Risk assessment: subjective or objective? Engineering science and education journal, 7:57 -63, 1998.

F. Redmill. Risk analysis-a subjective process? Engineering Management Journal. Apr 2002. Volume: 12, Issue: 2. p. 91-96

 Game theory  

Stanford Encyclopedia of Philosophy . Game theory. Available from http://plato.stanford.edu/entries/game-theory/

Fudenberg, Drew & Tirole, Jean (1991), Game theory, MIT Press, ISBN 978-0-262-06141-4 , Chapters 1,3,6,8

Replacement course for

IMT4771

Additional information

There is room for 50 students for the course.