Information Security Risk Management (5 cr)

Evaluation scale

H-5

Content scheduling

- The basic principles of information security risk assessment and risk management
- Information security risk management standard ISO/IEC 27005:2008
- Information security risk assessment methods and best practices
- Practical work

Objective

After completing the course the student can:
- explain the basic principles of information security risk assessment and risk management
- list the phases of information security risk management process
- classify information security risks by applying different approaches
- give examples of different information security risk assessment methods
- organize and conduct information security risk assessment to an SME sector enterprise or similar size organization
- analyze the results of information security risk assessment
- give justified improvement proposals to mitigate information security risks.

Content

- The basic principles of information security risk assessment and risk management
- Information security risk management standard ISO/IEC 27005:2008
- Information security risk assessment methods and best practices
- Practical work

Materials

Material will be published in Itslearning.

Exam schedules

Course has an exam.

Student workload

Lectures 16h
Assignments and practical work 119h

Evaluation methods and criteria

Grade will be composed of:
60% Project
20% Personal Assignments
20% Exam.

Failed (0)

<50% of project, assignment and exam points.

Assessment criteria, satisfactory (1-2)

>=50% of project, assignment and exam points. Each part must get a passing grade.

Assessment criteria, good (3-4)

>=70% of project, assignment and exam points. Each part must get a passing grade.

Assessment criteria, excellent (5)

>=90% of project, assignment and exam points. Each part must get a passing grade.