Foundations of Information Security Management
2009-2010 - IMT4941 - 5sp

Forventet læringsutbytte

Having completed the course, the student should have

  • sound understanding of the task of an information security officer
  • sound understanding of information security management standards and models as well as their applicability and limits
  • good understanding of adversary and adversary behavioural models
  • the ability to create, assess, and evaluate metrics for information security and the management thereof, including using statistical methods
  • an understanding of the interrelationship between information security and overall corporate security and risk management
  • an understanding of how organizational security and its policies are translated into security controls.
  • a good understanding of information sharing models for security officers

Emnets temaer

  • Security documentation including security policies and concepts
  • Information security management frameworks
  • Interactions between corporate security and risk management and information security management and its implementation in security controls, respectively
  • Adversary and adversary behaviour models
  • Metrics for information security and their assessement
  • Information sharing concepts and problems

Pedagogiske metoder


Pedagogiske metoder (fritekst)

Term paper (potentially based on simulation tool)




  • Written exam: 50%
  • Term paper: 50%
  • Pass decision is on the cumulative grade.


Bokstavkarakterer, A (best) - F (ikke bestått)


Evaluated by external examiner.

Utsatt eksamen (tidl. kontinuasjon)

A new term paper must be provided next autumn. For the exam: Ordinary re-sit examnination.

Tillatte hjelpemidler (gjelder kun skriftlig eksamen)

Dictionary, simple calculator

Obligatoriske arbeidskrav



Materials from the professors and selected webpages.

Selected chapters of the following textbooks are helpful references; further recommended reading is provided in the course syllabus.

M. Bishop:

Computer Security: Art and Science.

Addison-Wesley, 2003.

C. Pfleeger, S. Pfleeger

Security in Computing, 4th ed.

Prentice Hall, 2006

A. Kott, W. McEneaney:

Adversarial Reasoning: Computational Approaches to Reading the Opponent’s Mind.

Chapman & Hall, 2006

Supplerende opplysninger

Capacity of the course is limited to 24 students for the first course, unless explicitly arranged by lecturer.