Information Security Risk Management (5 cr)

Evaluation scale

H-5

Content scheduling

After completing the course the student can:

- explain basic principles of ISO/IEC27005:2008 -standard based information security risk assessment and risk management
- explain the basic principles of information security risk assessment and risk management
- list the phases of information security risk management process
- classify information security risks by applying different approaches
- give examples of different information security risk assessment methods
- organize and conduct information security risk assessment to an SME sector enterprise or similar size organization
- analyze the results of information security risk assessment
- give justified improvement proposals to mitigate information security risks.
- Understands information security risk management as part of continuity planning and preparedness

Objective

After completing the course the student can:
- explain the basic principles of information security risk assessment and risk management
- list the phases of information security risk management process
- classify information security risks by applying different approaches
- give examples of different information security risk assessment methods
- organize and conduct information security risk assessment to an SME sector enterprise or similar size organization
- analyze the results of information security risk assessment
- give justified improvement proposals to mitigate information security risks.

Content

- The basic principles of information security risk assessment and risk management
- Information security risk management standard ISO/IEC 27005:2008
- Information security risk assessment methods and best practices
- Practical work

Materials

Material will be published in Itslearning.

Teaching methods

- Lectures, assignments and practical work

Exam schedules

Course has an exam.

Pedagogic approaches and sustainable development

Students work in groups using a problem-based approach according to the constructivist model, acting as active producers of knowledge by applying what they have learned in theory to practical examples

Completion alternatives

An alternative method of completion must be agreed separately with the teacher

Student workload

Lectures
Assignments and practical work/group work

Evaluation methods and criteria

The grade is based on the group assignment, peer assessment, exam, attendance, as well as group and individual self-assessment. The assessment criteria are presented at the beginning of the course and may differ from those outlined here.

The group assignment carries the highest weight in the evaluation. More than 50% absence from in-person classes will result in failing the course. Absences must be discussed with the instructor separately.

Failed (0)

<50% of assignment and exam points.
More than 50% absence from in-person classes

Assessment criteria, satisfactory (1-2)

The group assignment is weak in both quality and content, and at least 50% of the points are achieved in the exam.

Assessment criteria, good (3-4)

The group assignment is moderate or good in quality and content, the student has completed their share of the group work, and at least 70% of the points are achieved in the exam.

Assessment criteria, excellent (5)

The group assignment is excellent in both quality and content, the student has completed their share of the group work with excellence according to peer assessment, and at least 90% of the points are achieved in the exam.

Further information

It´s Learning