IT Security

7.5 credits

Syllabus, Bachelor's level, 2IS229

A revised version of the syllabus is available.
Education cycle
First cycle
Main field(s) of study and in-depth level
Information Systems G1F
Grading system
Fail (U), Pass (G), Pass with distinction (VG)
Finalised by
The Department Board, 25 October 2018
Responsible department
Department of Informatics and Media

General provisions

The course is included in the following degree programme:

* Bachelor's programme in Information Systems, specialisation software engineering, 180 credits.

Is also given as a freestanding course

Entry requirements

30 credits in information systems or equivalent

Learning outcomes

Regarding knowledge and understanding the student is expected to be able to on completion of the course:

* Describe standards and policy for information security

* Describe models and guidelines for development of secure web applications

Regarding competence and skills the student is expected to be able to on completion of the course:

* Carry out risk analysis and threat modeling

* Apply models and guidelines for development of secure web applications

* Use tools to identify and characterise security weaknesses of applications

* Identify and use APIs for encryption and authentication for web applications

Regarding judgement and approach the student is expected to be able to on completion of the course:

* Analyse and evaluate security solutions based on conflicting requirements such as productivity versus security


Information and IT security is a central part in modern software engineering. Many threats can injure companies and private persons today. The course covers how security issues can be handled in business development and software engineering. The course includes human factors in security work, threat modeling, encryption, and security aspects in software development.

Component 1: Information security, 3 credits

The component covers information security around material and immaterial assets, ethics and regulations and standards around information security.

Component 2: Secure programming, 3 credits

The component covers basic rules for development of secure software, threat modeling and encryption of web applications.

Component 3: Security testing, 1.5 credits

The component covers code review, analysis and various types of tests to find vulnerabilities in web applications.


Teaching is given as lectures and exercises.


The components are examined through written assignments and oral presentations.

For the grade Pass in the whole course, it is required that all components are passed. For the grade Pass with distinction it is furthermore required that at least two components are passed with distinction.

If there are special reasons for doing so, an examiner may make an exception from the method of assessment indicated and allow a student to be assessed by another method. An example of special reasons might be a certificate regarding special pedagogical support from the University's disability coordinator or a decision by the department's working group for study matters.

Other directives

The course is given on Campus Gotland and as a distance course.