Forventet læringsutbytte

When the course is completed, the student should have

• Advanced level of understanding of challenges facing the IS Risk Analyst

• Deep understanding of one method for Risk Management
  

• Deep understanding of how to plan and organize a Risk Management project.

• Understand the limitations of the Risk Management methods covered by the course from a pragmatical perspective such as to be able to formulate suitable research questions to adress the limitations identified.

Emnets temaer

• Risk Management in the context of an Information Security Management system

• Study of a method for risk management

Pedagogiske metoder

Forelesninger
Gruppearbeid
Nettstøttet læring
Prosjektarbeid
Samling(er)/seminar(er)
Veiledning

Pedagogiske metoder (fritekst)

The course will include an introductory lecture providing an overview of the course content. The primary teaching method for the course is project work. The students are required to carry out and document a Risk Management activity by means of a case study.

Students are expected to present their work-in-progress at the seminars for discussions. Guidance, supervision and feedback will be provided during seminars only and given on material presented at the seminars only..

Students that cannot be present during the seminars are expected to be present by means of the Fronter Teleconference tool.

Vurderingsformer

Muntlig, individuelt
Vurdering av prosjekt(er)

Vurderingsformer

• Project(s)
• Oral exam (individual)
• Both parts must be passed

The students are free to choose if they want to complete the project individually or in groups. Every group must have no more than 3 members, and all members of the group must be registered on the same course code. To ensure fairness, course deliverable grading will depend on deliverable quantity, quality and the number of contributing students.

Karakterskala

Bestått/Ikke bestått

Sensorordning

Evaluated by external and internal examiner.

Gjennomføring av kontinuasjon

Not allowed.

Læremidler

The course litterature will be the documents listed below or similar.

All litterature listed below are available from ISACA (www.isaca.org).

ISACA. The Risk IT Framework. 2009. ISBN 978-1-60420-111-6

ISACA. THE RISK IT PRACTITIONER GUIDE. 2009. ISBN 978-1-60420-116-1

Additional recommended reading

IT Governance Institute. COBIT 4.1. 2007.. ISBN 1-933284-72-2