Applied Information Security
2012-2013 - IMT4561 - 5 ECTS

Expected learning outcomes


  • Candidates should have a solid grounding in core concepts of information security and privacy
  • Candidates possess advanced knowledge of security design principles and their influence on security policies and security architecture
  • Candidates have advanced knowledge of common vulnerabilities, attack mechanisms, and methods against computer and information systems
  • Candidates have thorough knowledge on the theory and methods underlying access control as well as of identification and authentication mechanisms


  • Candidates are capable of applying relevant methods for independent analysis and research on security architectures, their vulnerabilities, and potential attacks against these
  • Candidates are able to analyze and critically review literature in the field of information security and are able to apply results from the literature in structuring and formulating arguments and reasoning on information security topics
  • Candidates are able to plan and conduct a limited, guided research exercise based on primary literature resulting in a reasoned and coherent report

 General Competence

  • Candidates are able to conduct translate knowledge and methods in the area of information security to onvel fields so as to be able to successfully complete advanced tasks and projects in information security
  • Candidates are able to work independently and are familiar with core concepts and problems in information security and security architecture
  • Candidates are able to contribute to innovations and innovative processes, identifying advanced information security problems and approaches contributing to their solution


  • Core concepts in information security and privacy
  • Security design principles
  • Security policies
  • Security architecture: Operating systems and applications
  • Access control principles
  • Identification and authentication
  • Vulnerabilities and attack mechanisms
  • Attack methods and malicious software
  • Database security

Teaching Methods


Teaching Methods (additional text)

  • Lectures
  • Other (tutorials)
  • Other (term paper)

The course will be made accessible for both campus and remote students. Every student is free to choose the pedagogic arrangement form that is best fitted for her/his own requirement. The lectures in the course will be given on campus and are open for both categories of students. All the lectures will also be available on Internet through GUC’s learning management system (ClassFronter).

Form(s) of Assessment


Form(s) of Assessment (additional text)

Assessment consists of two parts, pass decision is on cumulative grade of both parts:

 - Part 1 is a written examination (3 hours), accounting for 67% of grade
  - Part 2 is a term paper, accounting for 33% of grade.

Term paper is evaluated by the lecturer.

Grading Scale

Alphabetical Scale, A(best) – F (fail)

External/internal examiner

Evaluated by external and internal examiner.

Re-sit examination

A new term paper must be provided and the examination must be re-sat next autumn.

Examination support

Dictionary, simple calculator

Coursework Requirements


Teaching Materials

The following textbooks are the primary references; further recommended reading is provided in the course syllabus.
   D. Gollmann: Computer Security, 3rd edition Wiley, 2011
   M. Bishop: Computer Security: Art and Science. Addison-Wesley, 2003.
   R. Anderson: Security Engineering: A Guide to Building Dependable Distributed Systems (2nd edition). John Wiley & Sons, Chichester, UK (2008)

Replacement course for

IMT4162 Information Security and Security Architecture