Information Systems B: Information and IT Security
Syllabus, Bachelor's level, 2IS052
- Code
- 2IS052
- Education cycle
- First cycle
- Main field(s) of study and in-depth level
- Information Systems G1F
- Grading system
- Fail (U), Pass (G), Pass with distinction (VG)
- Finalised by
- The Department Board, 4 June 2020
- Responsible department
- Department of Informatics and Media
Entry requirements
15 credits in information systems or the equivalent
Learning outcomes
In terms of knowledge and understanding, after completed course the student should be able to:
- describe possible threats to information security in an organisation,
- explain information security fundamentals and describe the basic requirements for an information security management system and its security measures;
- describe regulations and standards in the area,
- describe the fundamentals of how information assets, such as data and IT systems, as well as people, can be protected in an organisation.
In terms of skills and abilities, after completed course the student should be able to:
- classify information assets according to confidentiality, accuracy and availability,
- carry out risk analyses,
- identify elementary security issues in programs and systems,
- propose measures to protect information assets based upon information classification and risk analyses carried out,
- apply principles of secure programming through a small study in a given area.
In terms of judgement and approach, after completed course the student should be able to:
- analyse and evaluate current threats to organisations, and evaluate their impact on individuals as well as organisations and society,
- discuss how the development and use of IT affects people, organisations, and society.
Content
The course gives the student an introduction to the field of information security. The course begins by addressing potential threats and actors that may pose risks to an organisations operations. The student is introduced to what an Information Security Management System (ISMS) is, as well as how it is used to secure the organisation's information assets. The student learns about the basic elements of an ISMS, such as education and awareness, continuity planning and incident management, risk analysis and risk management, as well as technical safeguards such as crypto techniques, secure programming and design, certificate management and system security measures. Regulations and standards regarding information security, which can impose external demands on an organisation, are also dealt with, as are ethical aspects and the impact on society at large.
Instruction
Lectures, laborations and seminars.
Assessment
Exam, assignments, seminars.
If there are special reasons for doing so, an examiner may make an exception from the method of assessment indicated and allow a student to be assessed by another method. An example of special reasons might be a certificate regarding special pedagogical support from the University's disability coordinator or a decision by the department's working group for study matters.