Information Security Management (5cr)

Qualifications

TIKO and BIT students: Compulsory ICT-studies
Or equivalent competence.

Learning outcomes

The student is able to
- act ethically as a member of study group and community
- comprehend, explain and apply information security program
development and management principles
- comprehend, explain and apply risk management, incident
management and compliance principles
- plan, implement and finalize risk assessment process
- analyze typical information security management related
problems and draw solutions to them
- reflect and develop their own learning process

Teaching methods

- This study unit is partially automated online learning, complemented with applied assignments and workshops
- The tutoring meetings are not compulsory. Any student can participate in a tutoring meeting if they need any help from teachers.
- Virtual studies, on a weekly basis, virtual learning, assignments, groupwork, and expert lectures/workshops
- NOTE: The Student should have basic competency in ICT environments and IT infrastructure

Learning materials and recommended literature

- Learning material is based on the ISACA Certified Information Security Manager (CISM) certification training material
- Video material
- Course book (CISM Exam Guide 2018, Gregory, Peter H.)
- The study unit provides preparatory training for CISM, but not the certification exam

Alternative completion methods of implementation

- If a student has existing domain specific competence he/she can request a process for recognition of existing competence before or during the Orientation-module

Co-operation with working life and/or RDI

- The study unit offers expert lecturers/workshops with the industrial partners

Important dates

- The study unit offers expert lecturers/workshops with the industrial partners

Student workload

- 5 cr / 137,5 hours
- Study unit will last 10 weeks

Content and scheduling

- Weekly-based schedule and one (1) module per week
- A student can proceed at his/her own pace from Module-1 to Module-8

Module-0: Induction and Study Plan
Module-1: Info Sec Governance Part 1
Module-2: Info Sec Governance Part 2
Module-3: Information Risk Management-1
Module-4: Information Risk Management-2
Module-5: Info Sec Program Dev Part 1
Module-6: Info Sec Program Dev Part 2
Module-7: Info Sec Incident Man Part 1
Module-8: Info Sec Incident Man Part 2

Further information

- NOTE: Inactive students are removed from the study unit after the orientation period (the first week of the study unit)

Evaluation scale

H-5

Evaluation methods and criteria

- Weekly studies
- Students collect points for different learning activities
- Online Tests
- Learning assignments and tasks
- Workshops
- Group work
- Possible bonus task

Assessment scale:
100-90 points equals grade 5
89-80 points equals grade 4
79-70 points equals grade 3
69-60 points equals grade 2
59-50 points equals grade 1
49-0 points equals grade 0

Assessment criteria, satisfactory (1-2)

– use professional concepts in a consistent manner and demonstrate his/her familiarity with the knowledge basis
– report and communicate in a professional manner
– act independently taking into account the operating environment
– describe the significance of his/her actions for successful co-operation
– describe his/her competence in relation to the learning outcomes

Assessment criteria, good (3-4)

– critically evaluate information and justify their actions with science-based knowledge
– propose creative solutions at work
- describe the development of his/her competence in relation to the learning outcomes

Assessment criteria, excellent (5)

– analyse the acquired information, draw conclusions and combine theoretical knowledge with experiential knowledge
– evaluate the applicability of produced knowledge, skill or idea to other contexts as well as their impact
– evaluate the possibilities for utilising competence and plan his/her personal development