Official course description:

Full info last published 18/07-24
Course info
Language:
English
ECTS points:
7.5
Course code:
KBMARIS1KU
Participants max:
30
Offered to guest students:
yes
Offered to exchange students:
yes
Offered as a single subject:
no
Programme
Level:
MSc. Master
Programme:
MSc in Digital Innovation & Management
Staff
Course manager
Part-time Lecturer
Teacher
Part-time Lecturer
Course Academic Responsible
Associate Professor, Co-head of Study Programme, Head of Center
Course semester
Semester
Forår 2024
Period
Summer 2024
Start
8 July 2024
End
23 August 2024
Exam
Exam type
ordinær
Internal/External
ekstern censur
Grade Scale
7-trinsskala
Exam Language
GB
Abstract

This course provides an introduction to Information Security Risk Management. The course enables students to lead risk assessments, and reflect on the applicability of different techniques for risk assessment and management.


Description

More and more businesses are relying heavily on Information and Communication Technology and services to operate and innovate. With reliance comes risk. In recent years, major organizations have been brought to a standstill due to failure of critical ICT systems, due to error or malicious interference. It is the job of information security- and IT-risk specialists to identify, analyze, evaluate and communicate these risks across the organization, ensuring that the business can take informed decisions on their risk exposure and opportunities.

This course provides an introduction to the components of effective Information Security Risk Management, covering the organization of IT risk management and cybersecurity efforts as well as the identification, analysis, evaluation and treatment of Information Security risks. Through dialogue and exercises, the course encourages reflection on current and future challenges of Information Security risk management.

At the end of the course, students will be able to conduct Information Security Risk Assessments in various settings, and evaluate from a range of qualitative and quantitative techniques the pros and cons of using them to understand risk.


Formal prerequisites

There are no formal prerequisites for this course. A basic understanding of IT-enabled business processes and some IT literacy is recommended.


Intended learning outcomes

After the course, the student should be able to:

  • Describe the basic elements of data governance and cybersecurity for risk mitigation based on organizational (culture and processes), people and technical facets and measures.
  • Conduct a systematic identification, analysis and evaluation of Information Risk scenarios and exposures for IT Security Assurance in Global Organizations.
  • Analyze through qualitative and quantitative methods threats and vulnerabilities across local- and cloud-based IT-systems as well as potential impacts from threats materializing.
  • Communicate IT-security, User privacy and Data Governance risks and solutions to organizational stakeholders.
  • Evaluate bias and suitability of different risk analysis and -communication techniques.
  • Reflect on, evaluate, and propose actions to address future challenges and opportunities for the field of Information Security Risk Management.
Learning activities

A mix of lectures, guest lectures, individual and group work, exercises and workshops.

Course literature

The course literature is published on the course page in LearnIT.


Ordinary exam
Exam type:
C: Submission of written work, External (7-point scale)
Exam variation:
C22: Submission of written work – Take home
Exam submission description:
Students will be presented with a case related to IT risk and cybersecurity, and presented with
- for MSc students, 4 questions
- for BSc students, 3 questions
covering the intended learning outcomes of the course.

For each question there is an upper limit for the length of each answer. There is no lower limit.

For MSc students, the combined upper limit is 7 pages. For BSc students, the combined upper limit is 5 pages.

Given that AI is a phenomenon that will be part of IT risk and security in both private and public domains in the future, students are encouraged to use AI to help craft/augment their thinking.

However, students will be required to provide their AI-generated responses along with their own reflections and critical assessment of the provided AI-responses in relation to Cybersecurity risk management and decision-making.

As a general rule, the use of AI in exam submissions is not permitted. However, subject to the requirements above and the ITU guidelines for documentation and acceptable use of AI, AI-generated content may be included as part of an exam submission.
Take home duration:
3 days


reexam
Exam type:
C: Submission of written work, External (7-point scale)
Exam variation:
C22: Submission of written work – Take home
Exam submission description:
Students will be presented with a case related to IT risk and cybersecurity, and presented with
- for MSc students, 4 questions
- for BSc students, 3 questions
covering the intended learning outcomes of the course.

For each question there is an upper limit for the length of each answer. There is no lower limit.

For MSc students, the combined upper limit is 7 pages. For BSc students, the combined upper limit is 5 pages.

Given that AI is a phenomenon that will be part of IT risk and security in both private and public domains in the future, students are encouraged to use AI to help craft/augment their thinking.

However, students will be required to provide their AI-generated responses along with their own reflections and critical assessment of the provided AI-responses in relation to Cybersecurity risk management and decision-making.

As a general rule, the use of AI in exam submissions is not permitted. However, subject to the requirements above and the ITU guidelines for documentation and acceptable use of AI, AI-generated content may be included as part of an exam submission.
Take home duration:
3 days

Time and date
Ordinary Exam - hand out Tue, 6 Aug 2024, 08:00 - 14:00
Ordinary Exam - submission Fri, 9 Aug 2024, 08:00 - 14:00
Reexam - hand out Tue, 20 Aug 2024, 08:00 - 14:00
Reexam - submission Fri, 23 Aug 2024, 08:00 - 14:00