Advanced Information Security Risk Management (5 cr)
Code: TE00CP91-3001
General information
- Enrollment
-
02.12.2023 - 11.01.2024
Registration for the implementation has ended.
- Timing
-
11.01.2024 - 30.04.2024
Implementation has ended.
- Number of ECTS credits allocated
- 5 cr
- Local portion
- 5 cr
- Mode of delivery
- Contact learning
- Unit
- Engineering and Business
- Campus
- Kupittaa Campus
- Teaching languages
- English
- Seats
- 30 - 70
- Degree programmes
- Degree Programme in Information and Communications Technology
- Degree Programme in Business Information Technology
- Degree Programme in Information and Communication Technology
- Teachers
- Mika Koivunen
- Teacher in charge
- Pia Satopää
- Groups
-
PTIETS21dncsPTIETS21 Data Networks and Cybersecurity
-
PTIVIS21TData Networks and Cybersecurity
- Course
- TE00CP91
Realization has 6 reservations. Total duration of reservations is 12 h 0 min.
| Time | Topic | Location |
|---|---|---|
|
Wed 03.04.2024 time 09:00 - 11:00 (2 h 0 min) |
Risk management: remote guidance for the projects, Advanced Information Security Risk Management TE00CP91-3001 |
Online
|
|
Thu 11.04.2024 time 08:00 - 10:00 (2 h 0 min) |
Risk management: remote guidance for the projects, Advanced Information Security Risk Management TE00CP91-3001 |
Online
|
|
Thu 11.04.2024 time 10:00 - 12:00 (2 h 0 min) |
Risk management lähiopetus/lectures, Advanced Information Security Risk Management TE00CP91-3001 |
ICT_C1042_Myy
MYY
|
|
Wed 17.04.2024 time 09:00 - 11:00 (2 h 0 min) |
Risk management: remote guidance for the projects, Advanced Information Security Risk Management TE00CP91-3001 |
Online
|
|
Thu 18.04.2024 time 12:00 - 14:00 (2 h 0 min) |
Risk management: remote guidance for the projects, Advanced Information Security Risk Management TE00CP91-3001 |
Online
|
|
Thu 25.04.2024 time 10:00 - 12:00 (2 h 0 min) |
Risk management lähiopetus/lectures, Advanced Information Security Risk Management TE00CP91-3001 |
ICT_C1042_Myy
MYY
|
Evaluation scale
H-5
Content scheduling
Information and Cybersecurity are critical areas in modern organizations, and the importance of risk management has been further emphasized. This practical project-based course in risk management provides students with an opportunity to apply the principles and methods of information and cybersecurity risk management in practice. The course aims to develop students' skills in risk identification, assessment, and management, preparing them for future careers in the field of information and cybersecurity.
Course Content:
Prerequisite for this course is a course in information security risk management, covering the ISO 27005 standard risk management process. Students should have a good understanding of the stages of the information and cybersecurity risk management process, including risk identification, assessment, management, and monitoring. The process and stages are reviewed at the beginning of this course.
The student acquires a small or medium-sized organization for which they will conduct a risk assessment. The student is responsible for contacting the organization's representatives. The work can be done individually or in pairs
Students will apply the ISO 27005 standard, along with other risk management frameworks and best practices, to their selected target organization. They will perform the risk assessment and document the results. At the end of the course, students will compile a final report, including the risk assessment findings and recommendations for the target organization. They will present their findings to the class and possibly to representatives from the chosen organization.
Requirements:
Participation in this course requires prior knowledge of information and cybersecurity risk management. Students must also select a target organization for the risk assessment.
This course offers students a unique opportunity to apply their knowledge of risk management to a real-world project and prepares them for careers in the field of information and cybersecurity.
Timeframe:
Spring 2024. Bi-weekly in-person meetings and bi-weekly online meetings based on separate reservations
Materials
Materials used in the course:
1. ISO27005 standardi
2. Sutton, David (2021): Information security risk management : a practitioner's guide: https://ebookcentral.proquest.com/lib/turkuamk-ebooks/detail.action?docID=6733537
3. Ilmonen, I. & al. (2022): Johda riskejä: käytännön opas yrityksen riskienhallintaan: https://turkuamk.finna.fi/Record/turkuamk.995697291505970?sid=3091696371
4. https://www.enisa.europa.eu/publications/interoperable-eu-risk-management-framework
5. Enisa Threat Landscape 2023 https://www.enisa.europa.eu/publications/enisa-threat-landscape-2023
And potentially other relevant materials
Teaching methods
Theoretical part through lectures and independent study. Guidance through remote meetings as needed. Practical risk assessment work requires acquiring the target company and maintaining communication with the responsible party. On site meetings for guidance, peer support, sharing experiences, project presentations, and evaluations in the upcoming days
International connections
Active project-based learning and problem-solving
Completion alternatives
-
Student workload
Review of the theory section of the information security risk management course and an extensive risk management project