Information Security Risk Management (5 cr)

Code: 3011369-3007

General information

Enrollment: 29.05.2024 - 11.09.2024
Registration for the implementation has ended.

Timing: 02.09.2024 - 18.12.2024
Implementation has ended.

Number of ECTS credits allocated: 5 cr

Local portion: 5 cr

Mode of delivery: Contact learning

Unit: Engineering and Business

Campus: Kupittaa Campus

Teaching languages: English

Seats: 20 - 60

Degree programmes: Degree Programme in Information and Communications Technology; Degree Programme in Information and Communication Technology

Teachers: Pia Satopää

Groups: PTIVIS22T
Data Networks and Cybersecurity; PTIETS22dncs
PTIETS22 Data Networks and Cybersecurity

Course: 3011369

Realization has 17 reservations. Total duration of reservations is 34 h 0 min.

Time	Topic	Location
Mon 02.09.2024 time 14:00 - 16:00 (2 h 0 min)	Luento/lecture, Information Security Risk Management 3011369-3007	ICT_C1042_Myy MYY
Mon 09.09.2024 time 08:00 - 10:00 (2 h 0 min)	Luento/lecture, Information Security Risk Management 3011369-3007	ICT_C1042_Myy MYY
Wed 11.09.2024 time 10:00 - 12:00 (2 h 0 min)	Pienryhmien etäohjaus/remote group meeting/work, Information Security Risk Management 3011369-3007	Online
Mon 16.09.2024 time 08:00 - 10:00 (2 h 0 min)	Luento/lecture, Information Security Risk Management 3011369-3007	ICT_C1042_Myy MYY
Wed 18.09.2024 time 10:00 - 12:00 (2 h 0 min)	Pienryhmien etäohjaus/remote group meeting/work, Information Security Risk Management 3011369-3007	Online
Mon 23.09.2024 time 08:00 - 10:00 (2 h 0 min)	Luento/lecture, Information Security Risk Management 3011369-3007	ICT_C1042_Myy MYY
Wed 25.09.2024 time 10:00 - 12:00 (2 h 0 min)	Pienryhmien etäohjaus/remote group meeting/work, Information Security Risk Management 3011369-3007	Online
Mon 30.09.2024 time 08:00 - 10:00 (2 h 0 min)	Luento/lecture, Information Security Risk Management 3011369-3007	ICT_C1042_Myy MYY
Wed 02.10.2024 time 10:00 - 12:00 (2 h 0 min)	Pienryhmien etäohjaus/remote group meeting/work, Information Security Risk Management 3011369-3007	Online
Mon 07.10.2024 time 08:00 - 10:00 (2 h 0 min)	Luento/lecture, Information Security Risk Management 3011369-3007	ICT_C1035_Delta DELTA
Wed 09.10.2024 time 10:00 - 12:00 (2 h 0 min)	Pienryhmien etäohjaus/remote group meeting/work, Information Security Risk Management 3011369-3007	Online
Mon 21.10.2024 time 08:00 - 10:00 (2 h 0 min)	Luento/lecture, Information Security Risk Management 3011369-3007	ICT_C1035_Delta DELTA
Wed 23.10.2024 time 10:00 - 12:00 (2 h 0 min)	Pienryhmien etäohjaus/remote group meeting/work, Information Security Risk Management 3011369-3007	Online
Mon 28.10.2024 time 08:00 - 10:00 (2 h 0 min)	Luento/lecture, Information Security Risk Management 3011369-3007	LEM_A309 Oppimistila BYOD
Wed 30.10.2024 time 10:00 - 12:00 (2 h 0 min)	Pienryhmien etäohjaus/remote group meeting/work, Information Security Risk Management 3011369-3007	Online
Mon 04.11.2024 time 08:00 - 10:00 (2 h 0 min)	Luennot, Information Security Risk Management 3011369-3007	ICT_B1032_Beta BETA
Mon 11.11.2024 time 08:00 - 10:00 (2 h 0 min)	Luennot, Information Security Risk Management 3011369-3007	ICT_B1032_Beta BETA

Changes to reservations may be possible.

Evaluation scale

H-5

Content scheduling

After completing the course the student can:

- explain basic principles of ISO/IEC27005:2008 -standard based information security risk assessment and risk management
- explain the basic principles of information security risk assessment and risk management
- list the phases of information security risk management process
- classify information security risks by applying different approaches
- give examples of different information security risk assessment methods
- organize and conduct information security risk assessment to an SME sector enterprise or similar size organization
- analyze the results of information security risk assessment
- give justified improvement proposals to mitigate information security risks.
- Understands information security risk management as part of continuity planning and preparedness

Objective

After completing the course the student can:
- explain the basic principles of information security risk assessment and risk management
- list the phases of information security risk management process
- classify information security risks by applying different approaches
- give examples of different information security risk assessment methods
- organize and conduct information security risk assessment to an SME sector enterprise or similar size organization
- analyze the results of information security risk assessment
- give justified improvement proposals to mitigate information security risks.

Content

- The basic principles of information security risk assessment and risk management
- Information security risk management standard ISO/IEC 27005:2008
- Information security risk assessment methods and best practices
- Practical work

Materials

Material will be published in Itslearning.

Teaching methods

- Lectures, assignments and practical work

Exam schedules

Course has an exam.

Student workload

Lectures
Assignments and practical work/group work

Evaluation methods and criteria

The grade is based on the group assignment, peer assessment, exam, attendance, as well as group and individual self-assessment. The assessment criteria are presented at the beginning of the course and may differ from those outlined here.

The group assignment carries the highest weight in the evaluation. More than 50% absence from in-person classes will result in failing the course. Absences must be discussed with the instructor separately.

Failed (0)

<50% of assignment and exam points.
More than 50% absence from in-person classes

Assessment criteria, satisfactory (1-2)

>=50% of the homework assignments are completed, and 50% of the points are from the exam. Each part must get a passing grade.

Assessment criteria, good (3-4)

>=70% of the homework assignments are completed, and 70% of the points from the exam. Each part must get a passing grade.

Assessment criteria, excellent (5)

>=90% of assignment and exam points. Each part must get a passing grade.