Skip to main content

Advanced Information Security Risk Management (5 cr)

Code: TE00CP91-3002

General information


Enrollment
01.12.2024 - 15.01.2025
Registration for the implementation has ended.
Timing
15.01.2025 - 30.04.2025
Implementation is running.
Number of ECTS credits allocated
5 cr
Local portion
5 cr
Mode of delivery
Contact learning
Unit
Engineering and Business
Campus
Kupittaa Campus
Teaching languages
English
Seats
10 - 65
Degree programmes
Degree Programme in Information and Communications Technology
Degree Programme in Business Information Technology
Degree Programme in Information and Communication Technology
Teachers
Mika Koivunen
Teacher in charge
Mika Koivunen
Groups
PTIVIS22T
Data Networks and Cybersecurity
PTIETS22dncs
PTIETS22 Data Networks and Cybersecurity
Course
TE00CP91

Realization has 20 reservations. Total duration of reservations is 39 h 0 min.

Time Topic Location
Wed 15.01.2025 time 09:00 - 11:00
(2 h 0 min)
Risk managemen lecture, Advanced Information Security Risk Management TE00CP91-3002
EDU_3026_3027 Teoriatila avo byod
Wed 22.01.2025 time 10:00 - 12:00
(2 h 0 min)
Risk management lecture, Advanced Information Security Risk Management TE00CP91-3002
ICT_C1042_Myy MYY
Mon 27.01.2025 time 09:00 - 11:00
(2 h 0 min)
Risk management: remote guidance for the projects, Advanced Information Security Risk Management TE00CP91-3002
Online
Wed 29.01.2025 time 08:00 - 10:00
(2 h 0 min)
Risk management: remote guidance for the projects, Advanced Information Security Risk Management TE00CP91-3002
Online
Wed 05.02.2025 time 10:00 - 12:00
(2 h 0 min)
Risk management lecture, Advanced Information Security Risk Management TE00CP91-3002
ICT_C1042_Myy MYY
Mon 10.02.2025 time 08:00 - 10:00
(2 h 0 min)
Risk management: remote guidance for the projects, Advanced Information Security Risk Management TE00CP91-3002
Online
Wed 12.02.2025 time 09:00 - 11:00
(2 h 0 min)
Risk management: remote guidance for the projects, Advanced Information Security Risk Management TE00CP91-3002
Online
Mon 24.02.2025 time 08:00 - 10:00
(2 h 0 min)
Risk management lecture, Advanced Information Security Risk Management TE00CP91-3002
ICT_B1047_Alpha ALPHA
Mon 03.03.2025 time 08:00 - 10:00
(2 h 0 min)
Risk management: remote guidance for the projects, Advanced Information Security Risk Management TE00CP91-3002
Online
Wed 05.03.2025 time 08:00 - 10:00
(2 h 0 min)
Risk management: remote guidance for the projects, Advanced Information Security Risk Management TE00CP91-3002
Online
Wed 12.03.2025 time 10:00 - 12:00
(2 h 0 min)
Risk management lecture, Advanced Information Security Risk Management TE00CP91-3002
ICT_C1042_Myy MYY
Mon 17.03.2025 time 08:00 - 10:00
(2 h 0 min)
Risk management: remote guidance for the projects, Advanced Information Security Risk Management TE00CP91-3002
Online
Wed 19.03.2025 time 09:00 - 11:00
(2 h 0 min)
Risk management: remote guidance for the projects, Advanced Information Security Risk Management TE00CP91-3002
Online
Mon 24.03.2025 time 08:00 - 10:00
(2 h 0 min)
CANCELLED! Risk management lecture, Advanced Information Security Risk Management TE00CP91-3002
Wed 02.04.2025 time 08:00 - 09:00
(1 h 0 min)
Risk management: remote guidance for the projects, Advanced Information Security Risk Management TE00CP91-3002
Wed 02.04.2025 time 09:00 - 11:00
(2 h 0 min)
Risk management: Lecture, Advanced Information Security Risk Management TE00CP91-3002
ICT_B1026_Gamma GAMMA
Wed 09.04.2025 time 10:00 - 12:00
(2 h 0 min)
Risk management lecture, Advanced Information Security Risk Management TE00CP91-3002
ICT_C1042_Myy MYY
Mon 14.04.2025 time 08:00 - 10:00
(2 h 0 min)
Risk management: remote guidance for the projects, Advanced Information Security Risk Management TE00CP91-3002
Online
Wed 16.04.2025 time 09:00 - 11:00
(2 h 0 min)
Risk management: remote guidance for the projects, Advanced Information Security Risk Management TE00CP91-3002
Online
Wed 23.04.2025 time 10:00 - 12:00
(2 h 0 min)
Risk management lecture, Advanced Information Security Risk Management TE00CP91-3002
ICT_C1042_Myy MYY
Changes to reservations may be possible.

Evaluation scale

H-5

Content scheduling

Information and Cybersecurity are critical areas in modern organizations, and the importance of risk management has been further emphasized. This practical project-based course in risk management provides students with an opportunity to apply the principles and methods of information and cybersecurity risk management in practice. The course aims to develop students' skills in risk identification, assessment, and management, preparing them for future careers in the field of information and cybersecurity.

Course Content:

Prerequisite for this course is a course in information security risk management, covering the ISO 27005 standard risk management process. Students should have a good understanding of the stages of the information and cybersecurity risk management process, including risk identification, assessment, management, and monitoring. The process and stages are reviewed at the beginning of this course.

The student acquires a small or medium-sized organization for which they will conduct a risk assessment. The student is responsible for contacting the organization's representatives. The work can be done individually or in pairs

Students will apply the ISO 27005 standard, along with other risk management frameworks and best practices, to their selected target organization. They will perform the risk assessment and document the results. At the end of the course, students will compile a final report, including the risk assessment findings and recommendations for the target organization. They will present their findings to the class and possibly to representatives from the chosen organization.

Requirements:

Participation in this course requires prior knowledge of information and cybersecurity risk management. Students must also select a target organization for the risk assessment.

This course offers students a unique opportunity to apply their knowledge of risk management to a real-world project and prepares them for careers in the field of information and cybersecurity.

Timeframe:
Spring 2024. Bi-weekly in-person meetings and bi-weekly online meetings based on separate reservations

Materials

Materials used in the course:

1. ISO27005 standardi
2. Sutton, David (2021): Information security risk management : a practitioner's guide: https://ebookcentral.proquest.com/lib/turkuamk-ebooks/detail.action?docID=6733537
3. Ilmonen, I. & al. (2022): Johda riskejä: käytännön opas yrityksen riskienhallintaan: https://turkuamk.finna.fi/Record/turkuamk.995697291505970?sid=3091696371
4. https://www.enisa.europa.eu/publications/interoperable-eu-risk-management-framework
5. Enisa Threat Landscape 2023 https://www.enisa.europa.eu/publications/enisa-threat-landscape-2023

And potentially other relevant materials

Teaching methods

Theoretical part through lectures and independent study. Guidance through remote meetings as needed. Practical risk assessment work requires acquiring the target company and maintaining communication with the responsible party. On site meetings for guidance, peer support, sharing experiences, project presentations, and evaluations in the upcoming days

International connections

Active project-based learning and problem-solving

Completion alternatives

-

Student workload

Review of the theory section of the information security risk management course and an extensive risk management project

Go back to top of page