Applied Information Security
2012-2013 - IMT4561 - 5sp

Forventet læringsutbytte


  • Candidates should have a solid grounding in core concepts of information security and privacy
  • Candidates possess advanced knowledge of security design principles and their influence on security policies and security architecture
  • Candidates have advanced knowledge of common vulnerabilities, attack mechanisms, and methods against computer and information systems
  • Candidates have thorough knowledge on the theory and methods underlying access control as well as of identification and authentication mechanisms


  • Candidates are capable of applying relevant methods for independent analysis and research on security architectures, their vulnerabilities, and potential attacks against these
  • Candidates are able to analyze and critically review literature in the field of information security and are able to apply results from the literature in structuring and formulating arguments and reasoning on information security topics
  • Candidates are able to plan and conduct a limited, guided research exercise based on primary literature resulting in a reasoned and coherent report

General Competence

  • Candidates are able to conduct translate knowledge and methods in the area of information security to onvel fields so as to be able to successfully complete advanced tasks and projects in information security
  • Candidates are able to work independently and are familiar with core concepts and problems in information security and security architecture
  • Candidates are able to contribute to innovations and innovative processes, identifying advanced information security problems and approaches contributing to their solution

Emnets temaer

  • Core concepts in information security and privacy
  • Security design principles
  • Security policies
  • Security architecture: Operating systems and applications
  • Access control principles
  • Identification and authentication
  • Vulnerabilities and attack mechanisms
  • Attack methods and malicious software
  • Database security

Pedagogiske metoder


Pedagogiske metoder (fritekst)

  • Lectures
  • Other (tutorials)
  • Other (term paper)

The course will be made accessible for both campus and remote students. Every student is free to choose the pedagogic arrangement form that is best fitted for her/his own requirement. The lectures in the course will be given on campus and are open for both categories of students. All the lectures will also be available on Internet through GUC’s learning management system (ClassFronter).




Assessment consists of two parts, pass decision is on cumulative grade of both parts:

 - Part 1 is a written examination (3 hours), accounting for 67% of grade
 - Part 2 is a term paper, accounting for 33% of grade.

Term paper is evaluated by the lecturer.


Bokstavkarakterer, A (best) - F (ikke bestått)


Evaluated by external and internal examiner.

Utsatt eksamen (tidl. kontinuasjon)

A new term paper must be provided and the examination must be re-sat next autumn.

Tillatte hjelpemidler (gjelder kun skriftlig eksamen)

Dictionary, simple calculator

Obligatoriske arbeidskrav



The following textbooks are the primary references; further recommended reading is provided in the course syllabus.
  D. Gollmann: Computer Security, 3rd edition Wiley, 2011
  M. Bishop: Computer Security: Art and Science. Addison-Wesley, 2003.
  R. Anderson: Security Engineering: A Guide to Building Dependable Distributed Systems (2nd edition). John Wiley & Sons, Chichester, UK (2008)


IMT4162 Information Security and Security Architecture