IT Governance
2016-2017 - IMT4571 - 5sp

Forventet læringsutbytte

Calder and Watkins define IT Governance as ”the framework for the leadership, organizational structures and business processes, standards and compliance to these standards, which ensures that the organization’s information systems support and enable the achievement of its strategies and objectives”. IT Governance is of crucial importance for any organization's ability to safeguarding critical information in the context of growing threats, as well as increasing requirements from national and international regulations.

However, IT Governance does not exist "per se", but is based on IT and operational risk management methods, appropriate business continuity / IT disaster recovery management, and the subsequent design, implementation and operation of an appropriate level of organizational and technical information security.

This course provides an overview of IT Governance, IT Risk Management, Business Continuity Management and Information Security and their dependencies in general, and the information security standards ISO 27001 / ISO 27002 in particular.

After attending the course, candidates should possess the following knowledge:

  • security management as an important input to IT and corporate risk management and as a continuous improvement process
  • the basic concepts of the ISO 27001 / ISO 27002 standard

After attending the course, candidates should possess the following skills:

  • master the principles for designing, implementing and auditing ISO 27001-based Information security management system (ISMS) , using both organizational and technical building blocks
  • be able to design an appropriate level of IT Risk Management and Information Security for a given organisational context

After attending the course, candidates should possess the following general competence:

  • main principles, functions and dependencies of IT Governance, IT Risk Management, Business Continuity Management/IT Disaster Recovery and Information Security

Emnets temaer

  • Introduction to Corporate Governance and subsequent IT Governance
  • The Internal Control System (ICS)
  • Introduction to Compliance Management
  • Introduction to Risk Management and Operational Risk
  • IT-specific Risks and Threats
  • Risk Awareness and Sustainability of Countermeasures
  • The role of IT Audit
  • Introduction to Information Security
  • Introduction to Business Continuity Management/IT Disaster Recovery
  • The Role of IT in Event and Crisis Management
  • Information Security standards and Best Practices (ISO 2700x, CoBIT, Baselining)

Pedagogiske metoder


Pedagogiske metoder (fritekst)

Lectures, exercises and homework in between lecture blocks.

The course will be made accessible for both campus and remote students. Every student is free to choose the pedagogic arrangement form that is best fitted for her/his own requirement. The lectures in the course will be given on campus and are open for both categories of students. All the lectures will also be available on Internet through GUC’s learning management system (Fronter).




Final Written Exam, 3 hours

No support material allowed during exam, except English / mother language dictionary


Bokstavkarakterer, A (best) - F (ikke bestått)


Evaluated by the lecturer. An external examiner will be used every 4th year. Next time in the school-year 2018/2019.

Utsatt eksamen (tidl. kontinuasjon)

 Ordinary re-sit examination in August.

Obligatoriske arbeidskrav



PDF Version of slides and exercises as published on-line
Alan Calder & Steve Watkins. IT Governance : IT Governance: A Manager's Guide to Data Security and ISO 27001 / ISO 27002. Fourth Edition. Kogan Page. 2008.
Peter L. Bernstein, "Against the Gods - the Remarkable Story of Risk", John Wiley & Sons, ISBN 0-471-29563-9 ,Paperback, 1998