Course syllabus
Informatics, Applied Information Security Management, Second Cycle, 12 credits
| Course code: | IK405A | Credits: | 12 |
|---|---|---|---|
| Main field of study: | Informatics | Progression: | A1F |
| Last revised: | 12/09/2019 | ||
| Education cycle: | Second cycle | Approved by: | Head of school |
| Established: | 17/11/2017 | Reading list approved: | 12/09/2019 |
| Valid from: | Spring semester 2020 | Revision: | 1 |
Aims and objectives
General aims for second cycle education
Second-cycle courses and study programmes shall involve the acquisition of specialist knowledge, competence and skills in relation to first-cycle courses and study programmes, and in addition to the requirements for first-cycle courses and study programmes shall
- further develop the ability of students to integrate and make autonomous use of their knowledge
- develop the students' ability to deal with complex phenomena, issues and situations, and
- develop the students' potential for professional activities that demand considerable autonomy, or for research and development work.
(Higher Education Act, Chapter 1, Section 9)
Course objectives
1. Based on relevant theories understand different types of management systems that exist in an organization and that there may be conflicts between these different management systems.
2. Have the ability to carry out an information asset classification for a specific case.
3. Have the ability to carry out a risk analysis for a specific case.
4. Be able to compare and contrast information asset classification and risk analysis.
5. Be able to analyze how an organization has applied ISO 27001, ISO 27002 and ISO 22301.
6. Based on relevant theories and methods understand and assess business management consequences of investments in information security given a specific case.
7. Based on guidelines for oral and written communication have the ability to design a presentation about information security for a specific target group with a specific purpose.
Main content of the course
The course consists of six modules:
1. Management systems: organizational management systems and information security management systems, as well as potential conflicts between different goals and different management systems. (Addressing goal 1)
2. The ISO-standards ISO 27001, ISO 27002 and ISO 22301: applications of these standards as well as knowledge about the certification process. (Addressing goal 5)
3. Information asset classification: introducing a method for information asset classification and how it can be applied, how to carry out an information asset classification. Be able to discuss the relation between information asset classification and risk analysis. (Addressing goal 2)
4. Risk analysis: introducing a method for risk analysis and how it can be applied, how to carry out a risk analysis. Be able to discuss the relation between information asset classification and risk analysis. (Addressing goal 2, 3 & 4)
5. Business management considerations: Knowledge about and the ability to assess consequences of investments in information security (e.g., ethics, opportunities, ROI, cost-benefit, evaluation, auditing). (Addressing goal 6)
6. Target group-specific communication- and presentation skills: how to design a presentation for top management. (Addressing goal 7)
Teaching methods
The employed teaching methods are anchored in flipped classroom and case-based learning. Flipped classroom means focusing on exploring topics in greater depth and creating meaningful learning opportunities in class time, while content delivery is made outside of the classroom. Case-based learning means that scenarios from real-world examples are used to as a point of departure for in class activities and assignments. In this course these teaching methods are implemented through online- and campus lectures, individual readings and seminars where different cases are discussed and analyzed.
Students who have been admitted to and registered on a course have the right to receive tuition and/or supervision for the duration of the time period specified for the particular course to which they were accepted (see, the university's admission regulations (in Swedish)). After that, the right to receive tuition and/or supervision expires.
Examination methods
Seminar, 1 credits (Code: A001)
Seminar where different management systems are presented and discussed on a group basis. (Assesses to goal 1).
Oral and Written Group Presentation, 2 credits (Code: A002)
Oral and written group presentation of a plan on how to implement an information management system in a specific organization (Assesses goals 1, 2, 3 and 5).
Oral Group Presentation I, 2 credits (Code: A003)
Oral group presentation of an information asset classification (Assesses goals 3 and 7).
Oral Group Presentation 2, 2 credits (Code: A004)
Oral group presentation of a risk analysis and how information asset classification and risk analysis are related (Assesses goals 4, 5 and 7).
Individual Written Assessment, 2.5 credits (Code: A005)
Individual written assessment of other students plans (based on provided criteria) (Assesses goals 1, 2, 3 and 5).
Individual Written and Oral Presentation, 2.5 credits (Code: A006)
Individual written and oral presentation of a business assessment of, and argumentation for, investments in information security (Assesses goals 6 and 7).
For students with a documented disability, the university may approve applications for adapted or other forms of examinations.
For further information, see the university's local examination regulations (in Swedish).
Grades
According to the Higher Education Ordinance, Chapter 6, Section 18, a grade is to be awarded on the completion of a course, unless otherwise prescribed by the university. The university may prescribe which grading system shall apply. The grade is to be determined by a teacher specifically appointed by the university (an examiner).
According to regulations on grading systems for first- and second-cycle education (vice-chancellor's decision 2019-01-15, ORU 2019/00107), one of the following grades is to be used: fail, pass, or pass with distinction. The vice-chancellor or a person appointed by the vice-chancellor may decide on exceptions from this provision for a specific course, if there are special reasons.
Grades used on course are Fail (U), Pass (G) or Pass with Distinction (VG).
Seminar
Grades used are Fail (U) or Pass (G).
Oral and Written Group Presentation
Grades used are Fail (U) or Pass (G).
Oral Group Presentation I
Grades used are Fail (U) or Pass (G).
Oral Group Presentation 2
Grades used are Fail (U) or Pass (G).
Individual Written Assessment
Grades used are Fail (U), Pass (G) or Pass with Distinction (VG).
Individual Written and Oral Presentation
Grades used are Fail (U), Pass (G) or Pass with Distinction (VG).
For further information, see the university's local examination regulations (in Swedish).
Comments on grades
The final grade will be translated into the ECTS grading scale.
In order to receive the grade Pass, the student must be awarded minimum Pass on all examinations. In order to receive the grade Pass with Distinction, the student must be awarded Pass with Distinction on Individual Written Assessment and Individual Written and Oral Presentation and Pass on all other examination parts.
Specific entry requirements
Informatics, Basic Course 30 Credits, 30 Credits at intermediate course level within Informatics and successful completion of at least 15 Credits at advanced course level within Informatics. Alternatively Business Administration, Basic Course, 30 Credits, Business Administration, Intermediate Course, 30 Credits and successful completion of at least 15 Credits at advanced course level within Business Administration. Alternatively 30 Credits within G1N in Computer Science and 45 Credits within G1F in Computer Science.
In addition, the student need to have at least 15 Credits of courses in information security that corresponds to successful completion of at least 15 Credits in the first semester of the Master's Programme in Information Systems - Information Security Management i.e. successful completion of at least 15 Credits of courses: Informatics, Introduction to Information Security, Second, second cycle, 7.5 credits (A1N), Informatics, Regulatory Aspects of Information Security, second cycle, 7.5 credits (A1N), Informatics, Social Aspects of Information Security, second cycle, 7.5 credits (A1N), Informatics, Introduction to IT Security, second cycle, 7.5 credits (A1N). The applicant must also have qualifications corresponding to the course "English 6" or "English B" from the Swedish Upper Secondary School.
For further information, see the university's admission regulations (in Swedish).
Transfer of credits for previous studies
Students who have previously completed higher education or other activities are, in accordance with the Higher Education Ordinance, entitled to have these credited towards the current programme, providing that the previous studies or activities meet certain criteria.
For further information, see the university's local credit transfer regulations (in Swedish).
Other provisions
Remaining tasks should be completed as soon as possible according to the teacher's instructions.
The course is offered in English and therefore all examinations will be conducted in English.
Reading list and other teaching materials
Required Reading
Dhillon, Gurpreet (2018)
Information Security: Text & Cases
Prospect Press, 413 pages
Additions and Comments
The standards that are used during the course will be made available via the University library's homepage. Additional research papers and course material will be made available by the department, approximately 200 pages.