Study Guide

Objective

After completing the course the student can:
- explain the basic principles of information security risk assessment and risk management
- list the phases of information security risk management process
- classify information security risks by applying different approaches
- give examples of different information security risk assessment methods
- organize and conduct information security risk assessment to an SME sector enterprise or similar size organization
- analyze the results of information security risk assessment
- give justified improvement proposals to mitigate information security risks.

Content

- The basic principles of information security risk assessment and risk management
- Information security risk management standard ISO/IEC 27005:2008
- Information security risk assessment methods and best practices
- Practical work

Materials

Material will be published in Itslearning.

Exam schedules

Course has an exam.

Student workload

Lectures 16h
Assignments and practical work 119h

Content scheduling

- The basic principles of information security risk assessment and risk management
- Information security risk management standard ISO/IEC 27005:2008
- Information security risk assessment methods and best practices
- Practical work

Evaluation scale

H-5

Assessment methods and criteria

Grade will be composed of:
60% Project
20% Personal Assignments
20% Exam.

Assessment criteria, fail (0)

<50% of project, assignment and exam points.

Assessment criteria, satisfactory (1-2)

>=50% of project, assignment and exam points. Each part must get a passing grade.

Assessment criteria, good (3-4)

>=70% of project, assignment and exam points. Each part must get a passing grade.

Assessment criteria, excellent (5)

>=90% of project, assignment and exam points. Each part must get a passing grade.