Managing Risk in IT and Cyber Security, MSc. (Summer University) (Spring 2024)

Spring 2024
Spring 2024

Official course description, subject to change:

Basic info last published 1/10-23

Managing Risk in IT and Cyber Security, MSc. (Summer University)

Course info

Language:

English

ECTS points:

7.5

Course code:

KBMARIS1KU

Offered to guest students:

yes

Offered to exchange students:

yes

Offered as a single subject:

Programme

Level:

MSc. Master

Programme:

MSc in Digital Innovation & Management

Staff

Course Academic Responsible

Irina Papazu

Associate Professor, Co-head of Study Programme, Head of Center

Course semester

Semester

Forår 2024

Start

29 January 2024

End

23 August 2024

Abstract

This course provides an introduction to Information Security Risk Management. The course enables students to lead risk assessments, and reflect on the applicability of different techniques for risk assessment and management.

Description

More and more businesses are relying heavily on Information and Communication Technology and services to operate and innovate. With reliance comes risk. In recent years, major organizations have been brought to a standstill due to failure of critical ICT systems, due to error or malicious interference. It is the job of information security- and IT-risk specialists to identify, analyze, evaluate and communicate these risks across the organization, ensuring that the business can take informed decisions on their risk exposure and opportunities.

This course provides an introduction to the components of effective Information Security Risk Management, covering the organization of IT risk management and cybersecurity efforts as well as the identification, analysis, evaluation and treatment of Information Security risks. Through dialogue and exercises, the course encourages reflection on current and future challenges of Information Security risk management.

At the end of the course, students will be able to conduct Information Security Risk Assessments in various settings, and evaluate from a range of qualitative and quantitative techniques the pros and cons of using them to understand risk.

Formal prerequisites

There are no formal prerequisites for this course. A basic understanding of IT-enabled business processes and some IT literacy is recommended.

Intended learning outcomes

After the course, the student should be able to:

Explain different understandings of risk, risk perception and bias.
Describe the context and scope of an IT risk assessment
Systematically identify risk scenarios and risk exposures
Through qualitative and quantitative (probabilistic) methods analyze Information Security Risk, including cyber risk.
Communicate risk findings to organizational stakeholders, and evaluate bias and suitability of different risk communication techniques.
Understand the basic elements of cybersecurity for risk mitigation; organizational, people and technical measures.
Analyze and evaluate risk treatment options.
Reflect on the future challenges and opportunities for the field of Information Security Risk Management.

Ordinary exam

Exam type:
Z. To be decided