Organizational and Human Aspects of Information Security
2009-2010 - IMT4671 - 5sp

Anbefalt forkunnskap

Basic understanding of risk analysis and risk assessment. Basic knowledge in technical configuration of security devices such as firewall, IDS, IAM etc.

Forventet læringsutbytte

In general, this course gives a very practical view of the main task of a corporate security office. The experience of the security office of more than five fortune 500 enterprises is woven in the content and exercises and project work. The influence of the corporate security office on security implementation and configuration will be studied using typical real situations.

Having completed the course, the student should have
• A sound understanding of corporate organisations and policies, and how the security is embedded into organisation, processes and corporate documentation framework. He will be able to plan the set of required security documentations and to implement enterprise specific security organisation and security policies
• an understanding practical awareness and the ability to plan a corporate awareness campaign
• an understanding of security culture and its meaning. The student will be enabled to describe a target security culture and to make an implementation plan for a turn around
• the ability to distinguish between responsibility and delegation. The student will be enabled to provide security in an unfriendly environment with budget constraints and “lack of enthusiasm” for security.
• an understanding of security strategy, security innovation process and its implementation.
• an understanding of future research topic identification and its processes as implemented in European Commission (www.parsicfalproject.eu www.ci2rco.org )

Emnets temaer

The course will cover a selection the following or similar topics
• overview of practical information security management with special focus on human and organisational aspects
• case studies of practical information security policy, strategy, culture, organisation
• defining the various key roles in corporate security management and how they interact
• planning of key elements of corporate security framework
• Security innovation process in enterprises and research.

Pedagogiske metoder

Annet

Pedagogiske metoder (fritekst)

Lectures, seminars or guided self study, role games, project work, depending on the number of students: Term paper(s)

Vurderingsformer

Muntlig, individuelt
Annet

Vurderingsformer

  • Oral examination: for 30 minutes, if the number of students is too big, it will be turned to a written exam.(70%)
  • Term paper(s): (30%)
  • Pass decision is on the cumulative grade.

Karakterskala

Bokstavkarakterer, A (best) - F (ikke bestått)

Sensorordning

Evaluated by the lecturer

Utsatt eksamen (tidl. kontinuasjon)

A new term paper must be provided and the examination must be re-sat.

Obligatoriske arbeidskrav

PPT Presentation on project work (part of the examination)

Læremidler

TBA

Supplerende opplysninger

In case there will be less than 5 students that will apply for the course, it will be at the discretion of Studieprogramansvarlig whether the course will be offered or not an if yes, in which form.