IT Security
Syllabus, Bachelor's level, 2IS229
- Code
- 2IS229
- Education cycle
- First cycle
- Main field(s) of study and in-depth level
- Information Systems G1F
- Grading system
- Pass with distinction (VG), Pass (G), Fail (U)
- Finalised by
- The Department Board, 15 March 2019
- Responsible department
- Department of Informatics and Media
Entry requirements
30 credits in information systems or the equivalent
Learning outcomes
Regarding knowledge and understanding, on completion of the course, the student is expected to be able to:
- describe standards, laws, and policy for information security,
- describe models and guidelines for the development of secure web applications,
- explain how different cryptographic methods can be used in web applications.
Regarding competence and skills, on completion of the course, the student is expected to be able to:
- carry out risk analysis and threat modeling,
- apply models and guidelines for the development of secure web applications,
- use tools to identify and characterise security weaknesses of web applications,
- apply different cryptographic methods to secure web applications.
Regarding judgement and approach, on completion of the course, the student is expected to be able to:
- critically reflect on how vulnerabilities in information systems affect society based on ethical and technical aspects.
Content
Information and IT security is a central part of modern system engineering. Many threats can injure companies and private persons today. The course covers how security issues around IT can be handled in business development and software engineering. The course includes information security regarding material and intangible assets, ethics and laws and standards regarding information security, to create an understanding of what is to be protected and why. The course also addresses how we protect data using basic guidelines for developing secure web applications, threat modeling, and encryption of web applications. We also work with code review, analysis and testing to find vulnerabilities in web applications.
Instruction
Teaching is given as lectures and exercises.
Assessment
The course is examined through seminars and written assignments.
If there are special reasons for doing so, an examiner may make an exception from the method of assessment indicated and allow a student to be assessed by another method. An example of special reasons might be a certificate regarding special pedagogical support from the University's disability coordinator or a decision by the department's working group for study matters.