ITI42122 Cyber Security Governance (Autumn 2024)

The course is connected to the following study programs

Mandatory course in the master programme in applied computer science with specialisation in cyber security, full-time and part-time.

Lecture Semester

First semester (autumn) in the full-time and part-time programme.

The student's learning outcomes after completing the course

Knowledge

The student

• knows main ISO IT Security standards
• is familiar with the Information Technology Infrastructure Library (ITIL)
• is able to understand main risk scenarios and challenges
• knows how to apply Control Objectives for Information and Related Technology (COBIT) to specific information security topics/practices within an enterprise.
• is able to identify and understand security and controls across the strategic, tactical, and operational levels within an organization
• is able to understand main adversary tactics and techniques
• is able to distinguish governance and management by their types of activities and responsibilities

Skills

The student is able to

• use well-known frameworks and standards (COBIT, ITIL, ISO 27K) in real settings
• justify the need of IT Security and continuity planning issues for effective IT and guide them in practical business settings
• select the appropriate controls
• know whether business operations and information are secure and reliable
• know whether an enterprise is maintaining an effective system of internal control
• assess and articulate security risks from the board level to the code level.

General competence

The student gains experience with project work, including planning, performing and reporting in an existing research area.

Content

• Control Objectives for Information and Related Technology (COBIT)
• Information Technology Infrastructure Library (ITIL) for security management
• ISO/IEC 27001 Information Security Management Systems

Forms of teaching and learning

Teaching will be based on blended learning approaches. There will be recorded lectures of the topics of the course and in a weekly or bi-weekly basis, physical meetings will take place to mentor the development of the paper and guide students in the course.

Workload

Approx. 280 hours.

Coursework requirements - conditions for taking the exam

The student must deliver:

• up to three assignments.
• a security governance plan on a selected case study. The case study is chosen by the students and agreed with the course responsible. The plan can be developed individually or in groups of two students. All group members must contribute to the plan.

Coursework requirements must be accepted to qualify for the exam.

Examination

The exam is divided into two parts:

• An individual oral presentation of the security governance plan (50%). Duration approx. 5-10 min. Except the presentation, no supporting materials are allowed.
• An individual oral exam (50%) based on the course curriculum. Duration approx. 10-20 min. No supporting materials are allowed.

Grading scale A - F in both parts. Both parts of the exam must be passed to pass the course. The student will get an individual joint grade for the entire course.

Examiners

One external and one internal examiner, or two internal examiners will be involved in the assessment.

Conditions for resit/rescheduled exams

Upon re-examination, each part of the examination must be retaken.

Course evaluation

This course is evaluated by a:

• Final course evaluation (compulsory)

The responsible for the course compiles a report based on the feedback from the students and his/her own experience with the course. The report is discussed by the study quality committee at the Department of Computer Science and Communication.

Literature

The current reading list for 2024 Autumn can be found in Leganto