Skip to main content

Information Security Risk ManagementLaajuus (5 cr)

Code: 3011369

Credits

5 op

Objective

After completing the course the student can:
- explain the basic principles of information security risk assessment and risk management
- list the phases of information security risk management process
- classify information security risks by applying different approaches
- give examples of different information security risk assessment methods
- organize and conduct information security risk assessment to an SME sector enterprise or similar size organization
- analyze the results of information security risk assessment
- give justified improvement proposals to mitigate information security risks.

Content

- The basic principles of information security risk assessment and risk management
- Information security risk management standard ISO/IEC 27005:2008
- Information security risk assessment methods and best practices
- Practical work

Enrollment

29.05.2024 - 11.09.2024

Timing

02.09.2024 - 18.12.2024

Number of ECTS credits allocated

5 op

Mode of delivery

Contact teaching

Unit

Engineering and Business

Campus

Kupittaa Campus

Teaching languages
  • English
Seats

20 - 60

Degree programmes
  • Degree Programme in Information and Communication Technology
  • Degree Programme in Information and Communications Technology
Teachers
  • Pia Satopää
Groups
  • PTIETS22dncs
    PTIETS22 Data Networks and Cybersecurity
  • ICTMODictprojSem
  • PTIVIS22T
    Data Networks and Cybersecurity

Objective

After completing the course the student can:
- explain the basic principles of information security risk assessment and risk management
- list the phases of information security risk management process
- classify information security risks by applying different approaches
- give examples of different information security risk assessment methods
- organize and conduct information security risk assessment to an SME sector enterprise or similar size organization
- analyze the results of information security risk assessment
- give justified improvement proposals to mitigate information security risks.

Content

- The basic principles of information security risk assessment and risk management
- Information security risk management standard ISO/IEC 27005:2008
- Information security risk assessment methods and best practices
- Practical work

Materials

Material will be published in Itslearning.

Teaching methods

- Lectures, assignments and practical work

Exam schedules

Course has an exam.

Student workload

Lectures
Assignments and practical work/group work

Content scheduling

After completing the course the student can:

- explain basic principles of ISO/IEC27005:2008 -standard based information security risk assessment and risk management
- explain the basic principles of information security risk assessment and risk management
- list the phases of information security risk management process
- classify information security risks by applying different approaches
- give examples of different information security risk assessment methods
- organize and conduct information security risk assessment to an SME sector enterprise or similar size organization
- analyze the results of information security risk assessment
- give justified improvement proposals to mitigate information security risks.
- Understands information security risk management as part of continuity planning and preparedness

Evaluation scale

H-5

Assessment methods and criteria

The grade is based on the group assignment, peer assessment, exam, attendance, as well as group and individual self-assessment. The assessment criteria are presented at the beginning of the course and may differ from those outlined here.

The group assignment carries the highest weight in the evaluation. More than 50% absence from in-person classes will result in failing the course. Absences must be discussed with the instructor separately.

Assessment criteria, fail (0)

<50% of assignment and exam points.
More than 50% absence from in-person classes

Assessment criteria, satisfactory (1-2)

>=50% of the homework assignments are completed, and 50% of the points are from the exam. Each part must get a passing grade.

Assessment criteria, good (3-4)

>=70% of the homework assignments are completed, and 70% of the points from the exam. Each part must get a passing grade.

Assessment criteria, excellent (5)

>=90% of assignment and exam points. Each part must get a passing grade.

Enrollment

01.08.2023 - 30.08.2023

Timing

31.08.2023 - 31.12.2023

Number of ECTS credits allocated

5 op

Mode of delivery

Contact teaching

Unit

Engineering and Business

Campus

Kupittaa Campus

Teaching languages
  • Finnish
  • English
Seats

20 - 60

Degree programmes
  • Degree Programme in Information and Communication Technology
  • Degree Programme in Information and Communications Technology
Teachers
  • Pia Satopää
Teacher in charge

Pia Satopää

Groups
  • PTIVIS21T
    Data Networks and Cybersecurity
  • PTIETS21dncs
    PTIETS21 Data Networks and Cybersecurity

Objective

After completing the course the student can:
- explain the basic principles of information security risk assessment and risk management
- list the phases of information security risk management process
- classify information security risks by applying different approaches
- give examples of different information security risk assessment methods
- organize and conduct information security risk assessment to an SME sector enterprise or similar size organization
- analyze the results of information security risk assessment
- give justified improvement proposals to mitigate information security risks.

Content

- The basic principles of information security risk assessment and risk management
- Information security risk management standard ISO/IEC 27005:2008
- Information security risk assessment methods and best practices
- Practical work

Materials

Material will be published in Itslearning.

Teaching methods

- Lectures, assignments and practical work

Exam schedules

Course has an exam.

Student workload

Lectures
Assignments and practical work

Content scheduling

After completing the course the student can:

- explain basic principles of ISO/IEC27005:2008 -standard based information security risk assessment and risk management
- explain the basic principles of information security risk assessment and risk management
- list the phases of information security risk management process
- classify information security risks by applying different approaches
- give examples of different information security risk assessment methods
- organize and conduct information security risk assessment to an SME sector enterprise or similar size organization
- analyze the results of information security risk assessment
- give justified improvement proposals to mitigate information security risks.

Evaluation scale

H-5

Assessment methods and criteria

Grade will be composed of:
50% Personal and group Assignments
50% Exam.
The grade is determined by the average of homework assignments and the average grade of the exam.

Unsubmitted homework assignments lower the average of submissions. For example, if the average of homework assignments is 3.5 and one assignment is not submitted, the grade is reduced by -0.5, resulting in an average of 3. If two homework assignments are not submitted, the grade is 1 regardless of the average of submissions

Assessment criteria, fail (0)

<50% of assignment and exam points.

Assessment criteria, satisfactory (1-2)

>=50% of the homework assignments are completed, and 50% of the points are from the exam. Each part must get a passing grade.

Assessment criteria, good (3-4)

>=70% of the homework assignments are completed, and 70% of the points from the exam. Each part must get a passing grade.

Assessment criteria, excellent (5)

>=90% of assignment and exam points. Each part must get a passing grade.

Enrollment

01.12.2021 - 20.01.2022

Timing

10.01.2022 - 22.04.2022

Number of ECTS credits allocated

5 op

Mode of delivery

Contact teaching

Unit

Engineering and Business

Campus

Kupittaa Campus

Teaching languages
  • Finnish
  • English
Seats

0 - 50

Teachers
  • Matti Kuikka
  • Mika Koivunen
Groups
  • ICTMODictprojSem
  • PTIETS20swis
    PTIETS20 Software Development and Information Security

Objective

After completing the course the student can:
- explain the basic principles of information security risk assessment and risk management
- list the phases of information security risk management process
- classify information security risks by applying different approaches
- give examples of different information security risk assessment methods
- organize and conduct information security risk assessment to an SME sector enterprise or similar size organization
- analyze the results of information security risk assessment
- give justified improvement proposals to mitigate information security risks.

Content

- The basic principles of information security risk assessment and risk management
- Information security risk management standard ISO/IEC 27005:2008
- Information security risk assessment methods and best practices
- Practical work

Materials

Material will be published in Itslearning.

Exam schedules

Course has an exam.

Student workload

Lectures 16h
Assignments and practical work 119h

Content scheduling

- The basic principles of information security risk assessment and risk management
- Information security risk management standard ISO/IEC 27005:2008
- Information security risk assessment methods and best practices
- Practical work

Evaluation scale

H-5

Assessment methods and criteria

Grade will be composed of:
60% Project
20% Personal Assignments
20% Exam.

Assessment criteria, fail (0)

<50% of project, assignment and exam points.

Assessment criteria, satisfactory (1-2)

>=50% of project, assignment and exam points. Each part must get a passing grade.

Assessment criteria, good (3-4)

>=70% of project, assignment and exam points. Each part must get a passing grade.

Assessment criteria, excellent (5)

>=90% of project, assignment and exam points. Each part must get a passing grade.