| Kursusnavn (dansk): | B27 Informationssikkerhed i en organisatorisk kontekst |
| Kursusnavn (engelsk): | B27 IS Security in the Organisational Context |
| Semester: | Forår 2010 |
| Udbydes under: | cand.it., e-business (ebuss) |
| Omfang i ECTS: | 7,50 |
| Kursussprog: | Engelsk |
| Kursushjemmeside: | https://learnit.itu.dk |
| Min. antal deltagere: | 15 |
| Forventet antal deltagere: | 25 |
| Maks. antal deltagere: | 45 |
| Formelle forudsætninger: | Basic IT knowledge |
| Læringsmål: | This course has been cancelled. This means that you cannot sign up for it for the spring 2010 term.
Understand those elements which constitute IS security in the organisational context.
Appreciate the need for addressing IS security from a socio-technical perspective.
Ability to apply models, concepts and theories for understanding IS security in the organisational context.
|
| Fagligt indhold: | The aim of the course is to provide students with a basic understanding of what constitutes IS security in the organizational context. Central to this understanding is the need to appreciate security from a social-technical perspective. Rather than addressing the subject at a purely technical level, the course will illustrate the need to acknowledge the related social context in which the various technical safeguards are embedded. This holistic approach affords a coherent perspective from which to understand IS security. Hence, consideration can be given not only to the influence of organizational factors - such as organizational culture and politics – on IS security, but also the central role played by staff in enforcing this function. The first few lectures will therefore demonstrate how IS security should be conceptualized and created in the organizational context. The course well also examine how such security can be threatened by employee computer crime and efforts aimed at mitigating this threat. Overall, the course will cover such issues as why do staff play a central role in enforcing IS security? Why do employees fail to follow security procedures? How can social science theory be applied to address IS security problems? How can an organizational culture and politics weaken IS security? What factors in the organizational context motivate employee computer crime?
• The changing nature of information security risks.
• Models and concepts for information security management.
• Theory and information security management.
• International security standards.
• Risk management
• Security policies and security education.
• The ‘insider’ threat: Employee computer abuse (Part one).
• The ‘insider’ threat: Employee computer abuse (Part two).
• Security technologies.
• Organisational culture and information security.
• N.B. The course will include revision lectures.
|
| Læringsaktiviteter: | The course consists of ? lectures, with each lecture consisting of ? x ? mins sessions (??? mins). Apart from the weekly lectures students will be expected to provide significant input. This will include weekly presentations based on relevant articles. The allocation of these texts will be co-ordinated by the course tutor. Other members of the course will be expected to read these texts and provide critical feedback for those presenting.While the members of the course will be provided with core literature, they will be expected to identify additional and complementary literature. |
| Eksamensform og -beskrivelse: | X. experimental examination form (7-scale; external exam), 7-trins-skala, Ekstern censur
|
| Litteratur udover forskningsartikler: | |
| | |
Kursusoversigt