Security Planning and Incident Management
Study plans 2016-2017 - IMT4841 - 10 ECTS

Expected learning outcomes


The student has general knowledge of security planning, contingency planning and incident management. Furthermore, the student has in-depth knowledge of one of the subject's topics after the individual project.

The general knowledge encompasses contingency planning for handling of business critical incidents. The course covers smaller and larger incidents, as well as disasters where business continuity measures is necessary is.


The student is able to create contingency plans for large and small information security incidents and disasters.

The student is able to independently lead the contingency planning process.

General Competence

The student is able to independently acquire information/literature about security planning and incident management. The student is able to critically evaluate this information and use it actively in the contingency planning process.

The student has good overview of security planning and incident management and is able to communicate this information to others.


1. Introduction and Overview of Contingency Planning
2. Planning for Organizational Readiness: Risk management, limits to risk management, incident reporting systems, business impact analysis
3. Incident Response: Preparation, organization, prevention, detection, notification, reaction, recovery, maintenance, operational problems for CSIRTS and organizational models for CSIRTs
4. Disaster Recovery: Preparation, implementation, operation and maintenance
5. Business Continuity: Preparation, implementation, operations and Maintenance
6. Crisis Management and Human Factors

Teaching Methods

Net Support Learning

Teaching Methods (additional text)

The course will be made accessible for both campus and remote students. Every student is free to choose the pedagogic arrangement form that is best fitted for her/his own requirement. The lectures in the course will be given on campus and are open for both categories of students. All the lectures will also be available on Internet through GUC’s learning management system (ClassFronter).

Form(s) of Assessment

Written exam, 3 hours
Evaluation of Project(s)

Form(s) of Assessment (additional text)

Assessment: An overall evaluation based on a 100 point scale, where project work counts 50 points and final written exam counts 50 points. Conversion from 100 point scale to A-F scale according to recommended conversion table. In specific circumstances, emneansvarlig can slightly adjust the limits in the conversion table to enforce compatibility with the qualitative descriptions on the A-F scale. A passing grade must be achieved at both the final exam and the project work.

The student will receive supervision and feedback during the course of the project work.

Grading Scale

Alphabetical Scale, A(best) – F (fail)

External/internal examiner

Internal examiner. An external examiner will be used every 4th year. Next time in the school-year 2018/2019.

Re-sit examination

For the final exam: Re-sit examination in August.

Examination support

Dictionary: English-Norwegian, Norwegian-other language or English-other language

Teaching Materials

Michael Whitman, Herbert Mattord and Andrew Green: Principles of Incident Response and Disaster Recovery, 2nd Edition. Thomson, 2014.

Additional litterature will be handed out or made available through Fronter.

Additional information

This course has been adapted to fit off-campus students (those following flexible master tracks). All lectures is broadcast in real time over the Internet using video and sound. The lectures are stored and can be viewed later at the students conveniences in case he/she is unable to attend the lecture. Student coaching sessions can be performed online as long as the student has at the very least a microphone and preferably a webcam.

The lectures given in this course is in common for the bachelor course IMT3521 and the master course IMT4841.

Students that have already taken course IMT3521 Introduction to security Planning and Incident Handling at bachelor level cannot apply to be exempted from taking IMT4841 Security Planning and Incident Management when studying Master in Information Security, because expected learning outcomes in both courses are different.