Risk Management II
2011-2012 - IMT6061 - 5sp

Forventet læringsutbytte

The course contributes towards the following learning outcomes: 

  • Is able to consider suitability and use of different methods and processes in research and in academic and/or artistic development projects  
  • Is able to handle complex academic issues and to challenge established knowledge and practise in the subject area.

Having completed the course, the students should have:

  • advanced level of understanding of assumptions and models on which risk analysis methods are based
  • deep understanding of how different assumptions/models influence outcomes of different risk analysis methods
  • understand the key elements of Risk Analysis methods such as to be able to make assessments with respect to the suitability of particular risk analysis methods for a given application.

Emnets temaer

  • Classifications of Risk Management methods
  • Examples of Risk Management Methods.
  • Decission theory
  • Risk, Threat and vulnerability discovery
  • Uncertainty
  • Game theory

Pedagogiske metoder

Forelesninger
Oppgaveløsning

Vurderingsformer

Muntlig, individuelt
Vurdering av prosjekt(er)

Vurderingsformer

  • Project(s)
  • Oral exam (individual)
  • Both parts must be passed

The students are free to choose if they want to complete the project individually or in groups. Every group must have no more than 3 members, and all members of the group must be registered on the same course code. To ensure fairness, course deliverable grading will depend on deliverable quantity, quality and the number of contributing students.

Karakterskala

Bestått/Ikke bestått

Sensorordning

Evaluated by external and internal examiner.

Gjennomføring av kontinuasjon

The whole course must be repeated.

Tillatte hjelpemidler (gjelder kun skriftlig eksamen)

Approved calculator

Obligatoriske arbeidskrav

None

Læremidler

Books, articles and WEB resources such as

RA method classification  

Douglas J. Landoll. The security risk assessment handbook, p. 8-15. CRC. 2005.

Bornman, G, and Labuschagne, L, 2004, A comparative framework for evaluating information security risk management methods, In proceedings of the Information Security South Africa Conference. 2004, www.infosecsa.co.za

Vorster, A. and Labuschagne, L. 2005. A framework for comparing different information security risk analysis methodologies. In Proceedings of the 2005 Annual Research Conference of the South African institute of Computer Scientists and information Technologists on IT Research in Developing Countries (White River, South Africa, September 20 - 22, 2005). ACM International Conference Proceeding Series, vol. 150. South African Institute for Computer Scientists and Information Technologists, 95-103.

ENISA. Inventory of risk assessment and risk management methods. Deliverable 1, Final version Version 1.0, 0/03/2006

Campbell and Stamp. A classification scheme for Risk Assessment Methods. Sandia Report. SAND2004-4233.

RA method examples  

IDART (http://www.idart.sandia.gov/method.html)

NIST SP 800-42, p3.1 - 3.21, 4.1- 4.3, C.1-C.9

NIST SP 800-30. p8-27

OECD, “OECD Guidelines for the Security of Information Systems and Networks -- Towards a Culture of Security.” Paris: OECD. July 2002. www.oecd.org. P 10-12

ISO/IEC 27005:2008(E) Information technology - Security techniqueues - Information security risk management

Decision theory  

Sven Ove Hansson. Decision Theory - A brief introduction. 2005

http://en.wikipedia.org/wiki/Newcomb%27s_paradox 

http://en.wikipedia.org/wiki/St_Petersburg_Paradox 

Sven Ove Hansson. Fallacies of Risk

Risk Threat and Vulnerability discovery  

ISO 27005, Annex C,D

Ed Yourdon. Just enough Structured Analysis. Chapter 9, Dataflow diagrams. + 'How to'.

The vulnerability assessment and mitigation methodology. Chapter 1-4, p. 1-36. MITRE technical report..

Uncertainty  

Lindley, Dennis V. (2006-09-11). Understanding Uncertainty. Wiley-Interscience. ISBN 978-0470043837

H. Campbell. Risk assessment: subjective or objective? Engineering science and education journal, 7:57 -63, 1998.

F. Redmill. Risk analysis-a subjective process? Engineering Management Journal. Apr 2002. Volume: 12, Issue: 2. p. 91-96

Game theory  

Stanford Encyclopedia of Philosophy . Game theory. Available from http://plato.stanford.edu/entries/game-theory/

Fudenberg, Drew & Tirole, Jean (1991), Game theory, MIT Press, ISBN 978-0-262-06141-4 , Chapters 1,3,6,8

Supplerende opplysninger

There is room for 50 students for the course.