Course contents *

The course content will provide a knowledge base in organizational and managerial aspects of corporate governance, risk management and information security covering:

1) Dynamic and static risks

2) Risk tolerance and risk appetite

3) Risk analysis and vulnerability assessment

4) Governance and security standards and framework

5) Acceptance Criteria

6) Education, motivation, ethical considerations and awareness

Intended learning outcomes *

After having successfully completed the course, the students should a basic understanding of organizational and managerial aspects of information security and operative risk, such as governance, risk and security management, and criminological and sociological aspects of IS/IT security in organizations.

Course Disposition

Lectures/Tutorials approx. 20 h

Specific prerequisites *

No information inserted

Recommended prerequisites

IV1013 (former code: 2I1515)

Equipment

No information inserted

Literature

Preliminary:

Managing Infomation Security Risks, Alberts, Christopher et al

Upplaga: Förlag: Pearson Education Inc. År: 2002

ISBN: 0-321-11886-3

Essentials of Organizational Behavior, Stephen P. Robbins

Upplaga: 7 (eller 6) Förlag: Prentice Hall År: 2002

ISBN: 0-13-035309-4

Compendium:

Information Security Management, BS 7799.2: 2002, Audit Checklist, SANS, 2002

OECD Guidelines "Towards a Culture of Security" "Criminology in A NutShell" Bologna

The Manual is the Message

"A day in the life of an IT security Officer"

Grading scale *

A, B, C, D, E, FX, F

Examination *

• TEN1 - Examination, 7.5 credits, Grading scale: A, B, C, D, E, FX, F

Based on recommendation from KTH’s coordinator for disabilities, the examiner will decide how to adapt an examination for students with documented disability.

The examiner may apply another examination format when re-examining individual students.

Other requirements for final grade *

The final grade is based on the written exam

Opportunity to complete the requirements via supplementary examination

No information inserted

Opportunity to raise an approved grade via renewed examination

No information inserted

Examiner

No information inserted

Course web

No information inserted

Offered by

ICT/Systems Science (SU)

Main field of study *

No information inserted

Education cycle *

Second cycle

Add-on studies

No information inserted

Contact

Christer Magnusson, cmagnus@dsv.su.se, 08-6747239

Ethical approach *

• All members of a group are responsible for the group's work.
• In any assessment, every student shall honestly disclose any help received and sources used.
• In an oral assessment, every student shall be able to present and answer questions about the entire assignment and solution.

Supplementary information

The course constitutes a part of the bigger course IV2022 "Security Management", 15 hp. Therefore, the two courses IV2000 and IV2022 should not be taken together.