IN5080 ¨C Security and Risk Management

Course content

Security and risk management is the foundation for ensuring good information security in organisations. This course focuses on ISMS (Information Security Management System) which can be seen as a systematic approach to managing information security.To have an ISMS is a requirement for organisations to be compliant with laws and regulations regarding information security and privacy. More specifically the course teaches security and risk management in terms of assessing relevant threats and risks to an organisation's information assets, and then selecting, implementing and operating an appropriate set of security controls to reduce and balance the risks.This includes taking into account data protection and GDPR as well as the principles for DPIA (Data Protection Impact Assessment).

Learning outcome

After completing this course, you will:

• have knowledge of the principles of security and risk management
• have knowledge of the role of security and risk management in organisations
• have knowledge of relevant laws, standards and frameworks for information security
• have knowledge of the responsibilities of top level management wrt. information security
• have knowledge about security culture
• be able to establish and operate an ISMS (Information Security Management System)
• be able to conduct threat and risk assessment for information security
• be able to conduct DPIA (Data Protection Impact Assessment)
• be able to judge the appropriateness of security controls for reducing security risks

Admission to the course

Students admitted at UiO must?apply for courses?in Studentweb. Students enrolled in other Master's Degree Programmes can, on application, be admitted to the course if this is cleared by their own study programme.

If you are not already enrolled as a student at UiO, please see our information about?admission requirements and procedures for international applicants.

Recommended previous knowledge

General knowledge about information security, e.g. IN2120 Informasjonssikkerhet and IN1020 Introduksjon til datateknologi.

Overlapping courses

• 10 credits overlap with IN9080 ¨C Security and Risk Management (discontinued).
• 8 credits overlap with ITLED4230 ¨C Ledelse av informasjonssikkerhet (continued).
• 8 credits overlap with ITEVU4230 ¨C Ledelse av informasjonssikkerhet.

Teaching

The course has:

• 2 hours of lectures per week (plenary sessions)

• 2 hours of workshops per week (plenary sessions)

The workshop sessions will be used for practical exercises, case studies and seminar talks given by students.

Examination

The course grade is based on the following assessment items:

• Home exam in the form of a case study: 30%

• Final exam (digital): 70%

Both exams must be passed in the same semester.

The home exam consists of writing report on a specific case study. The report can be written individually or in a group of 2 or 3 students.

It will also be counted as one of?your three?attempts to sit the exam for this course, if you sit the exam for one of the following courses:?IN9080 ¨C Security and Risk Management (discontinued)

Examination support material

For the home exam, any support material is permitted.

For the digital final exam, no support material is permitted.

Language of examination

You may write your examination paper in Norwegian, Swedish, Danish or English.

Grading scale

Grades are awarded on a scale from A to F, where A is the best grade and F is a fail.

More about examinations at UiO

• Use of sources and citations
• Special exam arrangements due to individual needs
• Withdrawal from an exam
• Illness at exams / postponed exams
• Explanation of grades and appeals
• Resitting an exam
• Cheating/attempted cheating

You will find further guides and resources at the web page on examinations at UiO.