Course syllabus
Informatics, Regulatory Aspects of Information Security, Second Cycle, 7.5 credits
| Course code: | IK432A | Credits: | 7.5 |
|---|---|---|---|
| Main field of study: | Informatics | Progression: | A1N |
| Last revised: | 12/03/2024 | ||
| Education cycle: | Second cycle | Approved by: | Head of school |
| Established: | 01/11/2019 | Reading list approved: | 12/03/2024 |
| Valid from: | Autumn semester 2024 | Revision: | 2 |
Learning outcomes
After completion of the course the students shall
1. Based on literature and case descriptions understand the importance of the regulatory aspects of information security related to threats, risks, and incidents
2. Based on literature and case descriptions be able to describe legal areas central for the management of information security
3. Based on a specific case be able to describe information security standards for specific fields of society
4. Have the ability to analyse and assess information security policies based on relevant literature
5. Develop an information security policy for a selected organisational context based on relevant standards, laws and regulations and theories for policy development within the area of information security.
6. Based on ethical theory literature be able to make ethical assessment relevant for the management of information security.
Content
1) The regulative aspects of information security and how regulations aim to counteract threats, risks and incidents
2) Laws and other national regulations as well as relevant EU regulations for the management of information security related to different societal goals. The focus will be on laws for general data protection and legal aspects of traditional crimes in the cyber world.
3) Standards relevant for information security management
4) Different types of policies relevant for information security management
5) To evaluate and develop an information security policy
6) To understand the importance of professional ethics, some basic ethics theory and be able to perform an ethical analysis related to information security management.
Examinations and grades
Written Individual Examination, 2 credits (Code: A001)
Grades used are Fail (U) or Pass (G).
Written Group Assessment, 4 credits (Code: A002)
Grades used are Fail (F), Sufficient (E), Satisfactory (D), Good (C), Very Good (B) or Excellent (A).
Written Individual Examination, 1.5 credits (Code: A003)
Grades used are Fail (U) or Pass (G).
According to the Higher Education Ordinance, Chapter 6, Section 18, a grade is to be awarded on the completion of a course, unless otherwise prescribed by the university. The university may determine which grading system is to be used. The grade must be determined by a teacher specifically nominated by the university (the examiner).
In accordance with university regulations on grading systems for first and second-cycle courses and study programmes (Vice-Chancellor’s decision ORU 2018/00929), one of the following grades is to be used: fail (U), pass (G) or pass with distinction (VG). For courses included in an international master’s programme (60 or 120 credits) or offered to the university’s incoming exchange students, the A to F grading scale is to be used. The vice-chancellor, or a person appointed by them, may decide on exceptions from this provision for a specific course, if there are special grounds for doing so.
The grades used on this course are Fail (F), Sufficient (E), Satisfactory (D), Good (C), Very Good (B) or Excellent (A).
Comments on grades
For an approved final grade on the course, an approved result is required for all examinations. The letter grades A-E are weighted into a final grade based on the examinations of the entire course.
Modes of assessment
Written Individual Examination, 2 credits (Code: A001)
Seminar where the students, based on literature and case descriptions, present relevant regulative aspects of information security (laws, regulations, standards, policies) (examination of goals 1, 2, and 3).
Written Group Assessment, 4 credits (Code: A002)
Written group assessment and peer review of developed information security policies. Seminar where a group of students evaluate another student group's information security policy based on theory (examination of goals 4 and 5).
Written Individual Examination, 1.5 credits (Code: A003)
Seminars where ethics is discussed and valued in relation to the management of information security (examination of goal 6).
For students with a documented disability, the university may approve applications for adapted or other modes of assessment.
For further information, see the university's local examination regulations.
Specific entry requirements
Informatics, Basic Course 30 Credits, 30 Credits at intermediate course level within Informatics and successful completion of at least 15 Credits at advanced course level within Informatics. Alternatively Business Administration, Basic Course, 30 Credits, Business Administration, Intermediate Course, 30 Credits and successful completion of at least 15 Credits at advanced course level within Business Administration. Alternatively 30 Credits within G1N in Computer Science and 45 Credits within G1F in Computer Science. The applicant must also have qualifications corresponding to the course "English B" or "English 6" from the Swedish Upper Secondary School.
For further information, see the university's admission regulations.
Other provisions
The course is offered in English and therefore all examinations will be conducted in English.
Students who have been admitted to and registered on a course have the right to receive tuition and/or supervision for the duration of the time period specified for the particular course to which they were accepted (see, the university's admission regulations (in Swedish)). After that, the right to receive tuition and/or supervision expires.
Reading list and other learning resources
Required Reading
Dhillon, Gurpreet (2018)
Information Security: Text & Cases
Prospect Press, 413 pages
Karlsson, Fredrik, Hedström, Karin, Goldkuhl, Göran (2017)
Practice-based discourse analysis of information security policies. Computers & Security
Vol 67, pp. 267-279 [Tidskriftsartikel]
Peltier, Thomas R. (2004)
Information Security Policies and Procedures: A Practitioner's Reference
Auerbach, 384 pages
Reynolds, George W. (2015)
Ethics in Information Technology
Cengage Learning, Boston, MA, USA
Stahl, Carsten Bernd, Doherty, Neil F, Shaw, Mark (2012)
Information security policies in the UK healthcare sector: a critical evaluation Information Systems Journal
Vol. 22, pp. 77-94 [Tidskriftsartikel]
Additions and Comments
Additional research papers and course material will be made available by the department, maximum 200 pages.