Advanced Information Security Risk Management (5 cr)
Code: TE00CP91-3002
General information
- Enrollment
-
01.12.2024 - 15.01.2025
Registration for the implementation has ended.
- Timing
-
15.01.2025 - 30.04.2025
Implementation is running.
- Number of ECTS credits allocated
- 5 cr
- Local portion
- 5 cr
- Mode of delivery
- Contact learning
- Unit
- Engineering and Business
- Campus
- Kupittaa Campus
- Teaching languages
- English
- Seats
- 10 - 65
- Degree programmes
- Degree Programme in Information and Communications Technology
- Degree Programme in Business Information Technology
- Degree Programme in Information and Communication Technology
- Teachers
- Mika Koivunen
- Teacher in charge
- Mika Koivunen
- Groups
-
PTIVIS22TData Networks and Cybersecurity
-
PTIETS22dncsPTIETS22 Data Networks and Cybersecurity
- Course
- TE00CP91
Realization has 20 reservations. Total duration of reservations is 39 h 0 min.
| Time | Topic | Location |
|---|---|---|
|
Wed 15.01.2025 time 09:00 - 11:00 (2 h 0 min) |
Risk managemen lecture, Advanced Information Security Risk Management TE00CP91-3002 |
EDU_3026_3027
Teoriatila avo byod
|
|
Wed 22.01.2025 time 10:00 - 12:00 (2 h 0 min) |
Risk management lecture, Advanced Information Security Risk Management TE00CP91-3002 |
ICT_C1042_Myy
MYY
|
|
Mon 27.01.2025 time 09:00 - 11:00 (2 h 0 min) |
Risk management: remote guidance for the projects, Advanced Information Security Risk Management TE00CP91-3002 |
Online
|
|
Wed 29.01.2025 time 08:00 - 10:00 (2 h 0 min) |
Risk management: remote guidance for the projects, Advanced Information Security Risk Management TE00CP91-3002 |
Online
|
|
Wed 05.02.2025 time 10:00 - 12:00 (2 h 0 min) |
Risk management lecture, Advanced Information Security Risk Management TE00CP91-3002 |
ICT_C1042_Myy
MYY
|
|
Mon 10.02.2025 time 08:00 - 10:00 (2 h 0 min) |
Risk management: remote guidance for the projects, Advanced Information Security Risk Management TE00CP91-3002 |
Online
|
|
Wed 12.02.2025 time 09:00 - 11:00 (2 h 0 min) |
Risk management: remote guidance for the projects, Advanced Information Security Risk Management TE00CP91-3002 |
Online
|
|
Mon 24.02.2025 time 08:00 - 10:00 (2 h 0 min) |
Risk management lecture, Advanced Information Security Risk Management TE00CP91-3002 |
ICT_B1047_Alpha
ALPHA
|
|
Mon 03.03.2025 time 08:00 - 10:00 (2 h 0 min) |
Risk management: remote guidance for the projects, Advanced Information Security Risk Management TE00CP91-3002 |
Online
|
|
Wed 05.03.2025 time 08:00 - 10:00 (2 h 0 min) |
Risk management: remote guidance for the projects, Advanced Information Security Risk Management TE00CP91-3002 |
Online
|
|
Wed 12.03.2025 time 10:00 - 12:00 (2 h 0 min) |
Risk management lecture, Advanced Information Security Risk Management TE00CP91-3002 |
ICT_C1042_Myy
MYY
|
|
Mon 17.03.2025 time 08:00 - 10:00 (2 h 0 min) |
Risk management: remote guidance for the projects, Advanced Information Security Risk Management TE00CP91-3002 |
Online
|
|
Wed 19.03.2025 time 09:00 - 11:00 (2 h 0 min) |
Risk management: remote guidance for the projects, Advanced Information Security Risk Management TE00CP91-3002 |
Online
|
|
Mon 24.03.2025 time 08:00 - 10:00 (2 h 0 min) |
CANCELLED! Risk management lecture, Advanced Information Security Risk Management TE00CP91-3002 |
|
|
Wed 02.04.2025 time 08:00 - 09:00 (1 h 0 min) |
Risk management: remote guidance for the projects, Advanced Information Security Risk Management TE00CP91-3002 |
|
|
Wed 02.04.2025 time 09:00 - 11:00 (2 h 0 min) |
Risk management: Lecture, Advanced Information Security Risk Management TE00CP91-3002 |
ICT_B1026_Gamma
GAMMA
|
|
Wed 09.04.2025 time 10:00 - 12:00 (2 h 0 min) |
Risk management lecture, Advanced Information Security Risk Management TE00CP91-3002 |
ICT_C1042_Myy
MYY
|
|
Mon 14.04.2025 time 08:00 - 10:00 (2 h 0 min) |
Risk management: remote guidance for the projects, Advanced Information Security Risk Management TE00CP91-3002 |
Online
|
|
Wed 16.04.2025 time 09:00 - 11:00 (2 h 0 min) |
Risk management: remote guidance for the projects, Advanced Information Security Risk Management TE00CP91-3002 |
Online
|
|
Wed 23.04.2025 time 10:00 - 12:00 (2 h 0 min) |
Risk management lecture, Advanced Information Security Risk Management TE00CP91-3002 |
ICT_C1042_Myy
MYY
|
Evaluation scale
H-5
Content scheduling
Information and Cybersecurity are critical areas in modern organizations, and the importance of risk management has been further emphasized. This practical project-based course in risk management provides students with an opportunity to apply the principles and methods of information and cybersecurity risk management in practice. The course aims to develop students' skills in risk identification, assessment, and management, preparing them for future careers in the field of information and cybersecurity.
Course Content:
Prerequisite for this course is a course in information security risk management, covering the ISO 27005 standard risk management process. Students should have a good understanding of the stages of the information and cybersecurity risk management process, including risk identification, assessment, management, and monitoring. The process and stages are reviewed at the beginning of this course.
The student acquires a small or medium-sized organization for which they will conduct a risk assessment. The student is responsible for contacting the organization's representatives. The work can be done individually or in pairs
Students will apply the ISO 27005 standard, along with other risk management frameworks and best practices, to their selected target organization. They will perform the risk assessment and document the results. At the end of the course, students will compile a final report, including the risk assessment findings and recommendations for the target organization. They will present their findings to the class and possibly to representatives from the chosen organization.
Requirements:
Participation in this course requires prior knowledge of information and cybersecurity risk management. Students must also select a target organization for the risk assessment.
This course offers students a unique opportunity to apply their knowledge of risk management to a real-world project and prepares them for careers in the field of information and cybersecurity.
Timeframe:
Spring 2024. Bi-weekly in-person meetings and bi-weekly online meetings based on separate reservations
Materials
Materials used in the course:
1. ISO27005 standardi
2. Sutton, David (2021): Information security risk management : a practitioner's guide: https://ebookcentral.proquest.com/lib/turkuamk-ebooks/detail.action?docID=6733537
3. Ilmonen, I. & al. (2022): Johda riskejä: käytännön opas yrityksen riskienhallintaan: https://turkuamk.finna.fi/Record/turkuamk.995697291505970?sid=3091696371
4. https://www.enisa.europa.eu/publications/interoperable-eu-risk-management-framework
5. Enisa Threat Landscape 2023 https://www.enisa.europa.eu/publications/enisa-threat-landscape-2023
And potentially other relevant materials
Teaching methods
Theoretical part through lectures and independent study. Guidance through remote meetings as needed. Practical risk assessment work requires acquiring the target company and maintaining communication with the responsible party. On site meetings for guidance, peer support, sharing experiences, project presentations, and evaluations in the upcoming days
International connections
Active project-based learning and problem-solving
Completion alternatives
-
Student workload
Review of the theory section of the information security risk management course and an extensive risk management project