Entry requirements

15 credits in information systems or the equivalent

Learning outcomes

In terms of knowledge and understanding, after completed course the student should be able to:

• describe possible threats to information security in an organization, information security fundamentals, and the basic requirements of an Information Security Management System (ISMS) and its security measures,
• describe information security regulations and standards,
• describe the fundamentals of how information assets, such as data, IT systems, as well as people, can be protected within an organization.

In terms of skills and abilities, after completed course the student should be able to:

• classify information assets in accordance with confidentiality, integrity, and availability,
• identify elementary security issues in programs and systems,
• propose measures to protect information assets,
• plan and implement systems wherein for instance aspects of secure coding practices (such as integration testing and encryption) is applied.

In terms of judgement and approach, after completed course the student should be able to:

• analyze and assess current threats to organizations, and evaluate their impact on individuals, organizations, and society itself,
• discuss consequences and ethical aspects of how the development of IT-systems and their usage affects individuals, organizations, and society itself,
• discuss and evaluate consequences of different applications of cryptography within the context of secure coding practices.

Content

The course provides the student with an introduction to the subject information security and secure programming practices by addressing potential threats that may pose risks to an organization's operations and how to counteract such security flaws.

The student is also introduced to the concept of an Information Security Management System (ISMS) and how such a system is utilized to secure an organization's information assets. Additionally, fundamental elements of an ISMS - such as education and security awareness, continuity planning, incident management, risk analysis, and risk management - are introduced.

The course also covers how to protect data by applying technical safeguards such as cryptographic techniques, secure coding practices - including secure design, in addition to system security measures by planning and developing an application.

Relevant regulations, legislation, and standards regarding information security - which can impose external demands on an organization - are also covered, as well as ethical aspects and societal impact.

Instruction

Lectures, laboratory work, and seminars.

Assessment

Exam, assignments, and seminars.

If there are special reasons for doing so, an examiner may make an exception from the method of assessment indicated and allow a student to be assessed by another method. An example of special reasons might be a certificate regarding special pedagogical support from the University's disability coordinator or a decision by the department's working group for study matters.