Study Guide

Learning outcomes

The student is able to:
- define information and cyber security compliance requirements, best practices and apply those
- assess and manage information and cyber security risks
- create administrative, operational, technical and physical procedures
- plan, assess and develop information and cyber security

Teaching methods

The study unit includes a development assignment in groups as well as contact- and online studies.

Communication of study unit will be handled via a MS Teams group created for all participants Private messages to teachers should be handled via email.

For those in risk groups or otherwise absent due to corona-related reasons attendance in contact sessions is made possible online as much as it is possible, taking into account the nature of the teaching. Do not participate in contact teaching when ill!

Location and time

Times and dates of teaching are in Pakki.
Study unit begins with online session 15th of January 2021. According to the degree regulations, accepting your place in the study unit requires presence in the first session or an appropriate announcement of your absence.
Some of the contact sessions may be arranged outside of campus.

Learning materials and recommended literature

Latest at the end of each theme the relevant study materials are presented (themes can be found in Content and scheduling)
The development assignment requires at least the knowledge of professional concepts and background theory.
The exam focuses on knowledge of relevant legislation.
Materials created by teachers (copyright holders) are licensed CC-BY-NC-SA unless otherwise noted.

Alternative completion methods of implementation

-Recognition of Prior Learning
-Work-based Learning
If you wish to propose either of these, please be in touch as soon as possible after enrolling.

Co-operation with working life and/or RDI

The study unit uses working life experts.
The development assignment is project-based and based on working life requirements.

Important dates

-First contact session, accepting place in study unit and handing out of development assignment: between 15th of January 2021.
-Return of development assignment: 21st May
-Online exam must be completed: 6.5-11.5
-1st exam retake: 20.5-25.5
-2nd exam retake: 10-15.6
(Incomplete or skipped exams count as one attempt, except for force majeure-cases handled separately)

Forms of internationality

Study unit is implemented in English using international sources.
Study unit is attended by exchange students.

Students workload

Attendance in all contact sessions is recommended.
Students should prepare for following workload:
-Workload total is 10 credits = 270 hours, everything included.
-Implementation lasts 16 weeks. Students should book on average 16-17 hours every week after the study unit begins.
-New subjects and materials are presented every 4-5 weeks, split into themes.
Assessment of hourly workloads:
-Contact sessions 16 hours
-Online studying and independent study online/with distributed materials 92 hours
-Group work on development assignment and guidance 113 hours
-Exam and preparation for it (independent study) 49 hours

Content and scheduling

Teaching has been divided into four themes. Every theme has a contact session and online studies. The exam that will be completed at the end of the study unit has questions from every theme.
Themes and notes:
- Theme 1: Information Security Management. As student that has completed the study unit Information Security Management previously is exempted from contact sessions and exam questions on this theme.
- Theme 2: Personnel Security. A student that has completed the study unit Occupational Safety and Personnel Security previously is exempted from contact sessions and exam questions on this theme.
- Theme 3: Cybersecurity Management. A student that has completed the study unit Cybersecurity previously is exempted from contact sessions and exam questions on this theme.
- Theme 4: Physical Security. A student that has completed the study unit Physical Security previously is exempted from contact sessions and exam questions on this theme.
-Return of development assignment: 21st May
-Online exam must be completed: 6.5-11.5
-1st exam retake: 20.5-25.5
-2nd exam retake: 10-15.6

Further information for students

IMPORTANT! Read carefully! If anything below is unclear, please be in touch with the responsible teacher.

1. Before enrolling to this study unit, you should have adequate competence level of safety, security and risk management, which you can acquire for example by completing study unit Business Continuity Planning 5 cr or Basics of Corporate Security and Risk Management 10 cr. If your expertise is not clear via previous completed studies above, be in touch. This requirement applies to open UAS students as well.

2. Those enrolling are recommended to have completed the study unit Information- and Cybersecurity 5 cr, or have the relevant knowledge. This study unit does not cover the basics of issues.

3. Some studies implemented 2019 and before affect the extent and content of this study unit.
If you have completed one of the study units below, the extent is 5 cr.
If you have completed two or more of the study units below, do not enroll to this study unit at all.
- Fyysinen turvallisuus / Physical Security
- Työ- ja henkilöstöturvallisuus / Occupational Safety and Personnel Security
- Information Security Management
- Cybersecurity
Members of project groups must have the same extent and content, because earlier completions affect the assignment!
Exchange students with previous studies that are above basic- or introductory level and concern Information Security Management, Cybersecurity Management, Personnel Security or Physical Security should be in touch with responsible teacher; your previous knowledge may be taken into account.

4. Quota for open university students of 10 places.

Grading scale

H-5

Evaluation methods and criteria

In this study unit the assessing of the competences will be done by using the criteria set for requirement level 2.

The grade of the study unit is determined as the weighted overall result of two assessed implementation parts.
The implementation parts to be assessed are:
-Development assignment in groups: 70% of grade
-Individually completed porfolio assignment: 30% of grade
-Individually completed online exam: 30% of grade

Online exam is evaluated based on points.

Evaluation criteria, fail (0)

At least one of the implementation parts does not fulfill the criteria of Satisfactory (1-2).

Evaluation criteria, satisfactory (1-2)

A satisfactory (1) exam result has 50-59% of maximum score.
A satisfactory (2) exam result has 60-69% of maximum score.

The development assignment is graded Satisfactory (1), if the assignment or group:
-Follows the given assignment
-Uses professional concept consistently
-Shows that they have familiarized themselves with the knowledge base
-Is able to report and communicate professionally
-Is able to act independently taking into account the operating environment
The development assignment is graded Satisfactory (2), if the assignment or group fulfills the above criteria and in addition some of the criteria of Good (3-4).

Evaluation criteria, good (3-4)

A good (3) exam result has 70-79% of maximum score.
A good (4) exam result has 80-89% of maximum score.

The development assignment is graded Good (3), if the assignment or group:
-Follows the given assignment
-Critically evaluates information and justify their actions with science-based knowledge
-Proposes professional, creative solutions
-Is able to report and communicate professionally
-Is able to act independently taking into account the operating environment
The development assignment is graded Good (4), if the assignment or group fulfills the above criteria and in addition some of the criteria of Excellent (5)

Evaluation criteria, excellent (5)

An excellent (5) exam result has 90-100% of maximum score.

The development assignment is graded Excellent (5), if the assignment or group:
-Follows the given assignment
-Analyses the acquired information, draws conclusions and combines theoretical knowledge with experiential knowledge
-Proposes professional, creative solutions
-Evaluates the applicability of produced knowledge, skill or idea to other contexts as well as their impact
-Is able to report and communicate professionally
-Is able to act independently taking into account the operating environment

Qualifications

Before enrolling to this study unit, you should have adequate competence of safety, security and risk management, which you can acquire for example by completing study unit HT00BN79 Basics of Corporate Safety, Security and Risk Management (10 cr) or TO00BS57 Basic Theory of Corporate Safety, Security and Risk Management (5 cr) at Open University of Applied Sciences