ITI42122 Cyber Security Governance (Autumn 2024)
Facts about the course
- ECTS Credits:
- 10
- Responsible department:
- Faculty of Computer Science, Engineering and Economics
- Campus:
- Halden
- Course Leader:
- Mary Luz Sanchez Gordon
- Teaching language:
- English
- Duration:
- ½ year
The course is connected to the following study programs
Mandatory course in the master programme in applied computer science with specialisation in cyber security, full-time and part-time.
Lecture Semester
First semester (autumn) in the full-time and part-time programme.
The student's learning outcomes after completing the course
Knowledge
The student
- knows main ISO IT Security standards
- is familiar with the Information Technology Infrastructure Library (ITIL)
- is able to understand main risk scenarios and challenges
- knows how to apply Control Objectives for Information and Related Technology (COBIT) to specific information security topics/practices within an enterprise.
- is able to identify and understand security and controls across the strategic, tactical, and operational levels within an organization
- is able to understand main adversary tactics and techniques
- is able to distinguish governance and management by their types of activities and responsibilities
Skills
The student is able to
- use well-known frameworks and standards (COBIT, ITIL, ISO 27K) in real settings
- justify the need of IT Security and continuity planning issues for effective IT and guide them in practical business settings
- select the appropriate controls
- know whether business operations and information are secure and reliable
- know whether an enterprise is maintaining an effective system of internal control
- assess and articulate security risks from the board level to the code level.
General competence
The student gains experience with project work, including planning, performing and reporting in an existing research area.
Content
- Control Objectives for Information and Related Technology (COBIT)
- Information Technology Infrastructure Library (ITIL) for security management
- ISO/IEC 27001 Information Security Management Systems
Forms of teaching and learning
Teaching will be based on blended learning approaches. There will be recorded lectures of the topics of the course and in a weekly or bi-weekly basis, physical meetings will take place to mentor the development of the paper and guide students in the course.
Workload
Approx. 280 hours.
Coursework requirements - conditions for taking the exam
The student must deliver:
- up to three assignments.
- a security governance plan on a selected case study. The case study is chosen by the students and agreed with the course responsible. The plan can be developed individually or in groups of two students. All group members must contribute to the plan.
Coursework requirements must be accepted to qualify for the exam.
Examination
The exam is divided into two parts:
- An individual oral presentation of the security governance plan (50%). Duration approx. 5-10 min. Except the presentation, no supporting materials are allowed.
- An individual oral exam (50%) based on the course curriculum. Duration approx. 10-20 min. No supporting materials are allowed.
Grading scale A - F in both parts. Both parts of the exam must be passed to pass the course. The student will get an individual joint grade for the entire course.
Examiners
One external and one internal examiner, or two internal examiners will be involved in the assessment.
Conditions for resit/rescheduled exams
Upon re-examination, each part of the examination must be retaken.
Course evaluation
This course is evaluated by a:
- Final course evaluation (compulsory)
The responsible for the course compiles a report based on the feedback from the students and his/her own experience with the course. The report is discussed by the study quality committee at the Department of Computer Science and Communication.