Course syllabus
Informatics, Applied Information Security Management, Second Cycle, 12 credits
| Course code: | IK435A | Credits: | 12 |
|---|---|---|---|
| Main field of study: | Informatics | Progression: | A1F |
| Last revised: | 13/09/2023 | ||
| Education cycle: | Second cycle | Approved by: | Head of school |
| Established: | 01/11/2019 | Reading list approved: | 13/09/2023 |
| Valid from: | Spring semester 2024 | Revision: | 2 |
Learning outcomes
1. Based on relevant theories understand different types of management systems that exist in an organization and that there may be conflicts between these different management systems.
2. Have the ability to carry out an information asset classification for a specific case.
3. Have the ability to carry out a risk analysis for a specific case.
4. Be able to compare and contrast information asset classification and risk analysis.
5. Be able to analyze how an organization has applied ISO 27001, ISO 27002 and ISO 22301.
6. Based on relevant theories and methods understand and assess business management consequences of investments in information security given a specific case.
7. Based on guidelines for oral and written communication have the ability to design a presentation about information security for a specific target group with a specific purpose.
Content
The course consists of six modules:
1. Management systems: organizational management systems and information security management systems, as well as potential conflicts between different goals and different management systems. (Addressing goal 1)
2. The ISO-standards ISO 27001, ISO 27002 and ISO 22301: applications of these standards as well as knowledge about the certification process. (Addressing goal 5)
3. Information asset classification: introducing a method for information asset classification and how it can be applied, how to carry out an information asset classification. Be able to discuss the relation between information asset classification and risk analysis. (Addressing goal 2)
4. Risk analysis: introducing a method for risk analysis and how it can be applied, how to carry out a risk analysis. Be able to discuss the relation between information asset classification and risk analysis. (Addressing goal 2, 3 & 4)
5. Business management considerations: Knowledge about and the ability to assess consequences of investments in information security (e.g., ethics, opportunities, ROI, cost-benefit, evaluation, auditing). (Addressing goal 6)
6. Target group-specific communication- and presentation skills: how to design a presentation for top management. (Addressing goal 7)
Examinations and grades
Seminar, 1 credits (Code: A001)
Grades used are Fail (U) or Pass (G).
Oral and Written Group Presentation, 2 credits (Code: A002)
Grades used are Fail (U) or Pass (G).
Oral Group Presentation I, 2 credits (Code: A003)
Grades used are Fail (U) or Pass (G).
Oral Group Presentation 2, 2 credits (Code: A004)
Grades used are Fail (U) or Pass (G).
Individual Written Assessment, 2.5 credits (Code: A005)
Grades used are Fail (F), Sufficient (E), Satisfactory (D), Good (C), Very Good (B) or Excellent (A).
Individual Written and Oral Presentation, 2.5 credits (Code: A006)
Grades used are Fail (F), Sufficient (E), Satisfactory (D), Good (C), Very Good (B) or Excellent (A).
According to the Higher Education Ordinance, Chapter 6, Section 18, a grade is to be awarded on the completion of a course, unless otherwise prescribed by the university. The university may determine which grading system is to be used. The grade must be determined by a teacher specifically nominated by the university (the examiner).
In accordance with university regulations on grading systems for first and second-cycle courses and study programmes (Vice-Chancellor’s decision ORU 2018/00929), one of the following grades is to be used: fail (U), pass (G) or pass with distinction (VG). For courses included in an international master’s programme (60 or 120 credits) or offered to the university’s incoming exchange students, the A to F grading scale is to be used. The vice-chancellor, or a person appointed by them, may decide on exceptions from this provision for a specific course, if there are special grounds for doing so.
The grades used on this course are Fail (F), Sufficient (E), Satisfactory (D), Good (C), Very Good (B) or Excellent (A).
Comments on grades
For an approved final grade on the course, an approved result is required for all examinations. The letter grades A-E are weighted into a final grade based on the examinations of the entire course.
Modes of assessment
Seminar, 1 credits (Code: A001)
Seminar where different management systems are presented and discussed on a group basis. (Assesses to goal 1).
Oral and Written Group Presentation, 2 credits (Code: A002)
Oral and written group presentation of a plan on how to implement an information management system in a specific organization (Assesses goals 1, 2, 3 and 5).
Oral Group Presentation I, 2 credits (Code: A003)
Oral group presentation of an information asset classification (Assesses goals 3 and 7).
Oral Group Presentation 2, 2 credits (Code: A004)
Oral group presentation of a risk analysis and how information asset classification and risk analysis are related (Assesses goals 4, 5 and 7).
Individual Written Assessment, 2.5 credits (Code: A005)
Individual written assessment of other students plans (based on provided criteria) (Assesses goals 1, 2, 3 and 5).
Individual Written and Oral Presentation, 2.5 credits (Code: A006)
Individual written and oral presentation of a business assessment of, and argumentation for, investments in information security (Assesses goals 6 and 7).
For students with a documented disability, the university may approve applications for adapted or other modes of assessment.
For further information, see the university's local examination regulations.
Specific entry requirements
Informatics, Basic Course 30 Credits, 30 Credits at intermediate course level within Informatics and successful completion of at least 15 Credits at advanced course level within Informatics. Alternatively Business Administration, Basic Course, 30 Credits, Business Administration, Intermediate Course, 30 Credits and successful completion of at least 15 Credits at advanced course level within Business Administration. Alternatively 30 Credits within G1N in Computer Science and 45 Credits within G1F in Computer Science.
In addition, the student needs to have successfully completed at least two of the following courses: Informatics, Introduction to Information Security, Second, second cycle, 7.5 credits (A1N), Informatics, Regulatory Aspects of Information Security, second cycle, 7.5 credits (A1N), Informatics, Social Aspects of Information Security, second cycle, 7.5 credits (A1N), Informatics, Introduction to IT Security, second cycle, 7.5 credits (A1N). The applicant must also have qualifications corresponding to the course "English 6" or "English B" from the Swedish Upper Secondary School.
For further information, see the university's admission regulations.
Other provisions
The course is offered in English and therefore all examinations will be conducted in English.
Students who have been admitted to and registered on a course have the right to receive tuition and/or supervision for the duration of the time period specified for the particular course to which they were accepted (see, the university's admission regulations (in Swedish)). After that, the right to receive tuition and/or supervision expires.
Reading list and other learning resources
Required Reading
Dhillon, Gurpreet (2018)
Information Security: Text & Cases
Prospect Press, 413 pages
Additions and Comments
The standards that are used during the course will be made available via the University library's homepage. Additional research papers and course material will be made available by the department, approximately 200 pages.