Course syllabus
Informatics, Social Aspects of Information Security, Second Cycle, 7.5 credits
| Course code: | IK433A | Credits: | 7.5 |
|---|---|---|---|
| Main field of study: | Informatics | Progression: | A1N |
| Last revised: | 12/03/2024 | ||
| Education cycle: | Second cycle | Approved by: | Head of school |
| Established: | 01/11/2019 | Reading list approved: | 12/03/2024 |
| Valid from: | Autumn semester 2024 | Revision: | 2 |
Learning outcomes
1. Understand existing threats related to employees' poor information security behaviour, through analysing media reports of interest at the present time.
2. Understand the social aspects that affect employees' information security behaviour, based on contemporary research.
3. Understand which methods/tools that exist to change employees' information security behaviour, based on contemporary research.
4. Suggest appropriate ways of working with changing employees' information security behaviour, based on contemporary information security threats and existing methods/tools.
5. Have the ability to search for relevant and current information about information security.
Content
The course contains four modules:
1. Analysis of threats and incidents related to employees' information security behaviour reported in media. During this module we introduce threats related to employees' poor information security behaviour. These threats are introduced using a case on one or more incidents that act as a catalyst for students' search for additional cases in media. (Addressing goals 1 and 5)
2. Theoretical models about social aspects that have an impact on employees' information security behaviour. During this module the students read provided course literature, and watch recorded lectures. The students also attend seminars where they receive a case and discuss how different models can explain the behaviour. Social aspect is used as an umbrella term for concepts, such as, culture, values, value conflicts, punishment, neuatralisation, ethics, loyalty, and appetite of risk. (Addressing goal 2)
3. Methods and tools to change employees' information security behaviour. During this module the students read provided course literature, and watch recorded lectures. The students also attend seminars where they discuss how a provided awareness programme fits with an existing organisational culture. (Addressing goal 3)
4. Assessing and choosing a way of working to change employees' information security behaviour. The students work with cases where they suggest appropriate ways of working with changing employees' information security behaviour. (Addressing goal 4)
Examinations and grades
Analysis of Currently Reported Threats and Incidents, 1.5 credits (Code: A001)
Grades used are Fail (U) or Pass (G).
Social Aspects, 1.5 credits (Code: A002)
Grades used are Fail (U) or Pass (G).
Written Assignment - in Group, 2.5 credits (Code: A003)
Grades used are Fail (F), Sufficient (E), Satisfactory (D), Good (C), Very Good (B) or Excellent (A).
Written Assignment - Individual Assessment, 2 credits (Code: A004)
Grades used are Fail (F), Sufficient (E), Satisfactory (D), Good (C), Very Good (B) or Excellent (A).
According to the Higher Education Ordinance, Chapter 6, Section 18, a grade is to be awarded on the completion of a course, unless otherwise prescribed by the university. The university may determine which grading system is to be used. The grade must be determined by a teacher specifically nominated by the university (the examiner).
In accordance with university regulations on grading systems for first and second-cycle courses and study programmes (Vice-Chancellor’s decision ORU 2018/00929), one of the following grades is to be used: fail (U), pass (G) or pass with distinction (VG). For courses included in an international master’s programme (60 or 120 credits) or offered to the university’s incoming exchange students, the A to F grading scale is to be used. The vice-chancellor, or a person appointed by them, may decide on exceptions from this provision for a specific course, if there are special grounds for doing so.
The grades used on this course are Fail (F), Sufficient (E), Satisfactory (D), Good (C), Very Good (B) or Excellent (A).
Comments on grades
For an approved final grade on the course, an approved result is required for all examinations. The letter grades A-E are weighted into a final grade based on the examinations of the entire course.
Modes of assessment
Analysis of Currently Reported Threats and Incidents, 1.5 credits (Code: A001)
Group assigment to analyse threats and incidents reported in media. Seminar where cross groups are created. These groups discuss the results from each individual group's analysis of threats and incidents reported in media. The students have to give an account for their analysis. (Assesses goals 1 and 5).
Social Aspects, 1.5 credits (Code: A002)
Seminars where the students, based on course literature and a provided case, have to identify social aspects that shape employees' information security behaviour. (Assesses goal 2).
Written Assignment - in Group, 2.5 credits (Code: A003)
Group assignment where the students, based on a case, have to propose and argue for a way of working to change employees' information security behaviour. Provided arguments should be anchored in literature. (Assesses goals 3 and 4).
Written Assignment - Individual Assessment, 2 credits (Code: A004)
The students have to hand in an individual assessment of another groups written assignment based on a number of provided criteria. (Assesses goals 3 and 4).
For students with a documented disability, the university may approve applications for adapted or other modes of assessment.
For further information, see the university's local examination regulations.
Specific entry requirements
Informatics, Basic Course 30 Credits, 30 Credits at intermediate course level within Informatics and successful completion of at least 15 Credits at advanced course level within Informatics. Alternatively Business Administration, Basic Course, 30 Credits, Business Administration, Intermediate Course, 30 Credits and successful completion of at least 15 Credits at advanced course level within Business Administration. Alternatively 30 Credits within G1N in Computer Science and 45 Credits within G1F in Computer Science. The applicant must also have qualifications corresponding to the course "English 6" or "English B" from the Swedish Upper Secondary School.
For further information, see the university's admission regulations.
Other provisions
The course is offered in English and therefore all examinations will be conducted in English.
Students who have been admitted to and registered on a course have the right to receive tuition and/or supervision for the duration of the time period specified for the particular course to which they were accepted (see, the university's admission regulations (in Swedish)). After that, the right to receive tuition and/or supervision expires.
Reading list and other learning resources
Required Reading
Dhillon, Gurpreet (2018)
Information Security: Text & Cases
Prospect Press, 413 pages
Additions and Comments
Research papers related to the course modules will be suggested by the concerned teachers(s) during the course. Approximately 300 pages.