English   Danish

2019/2020  KAN-CCMVI2083U  Information Security Management

English Title
Information Security Management

Course information
Language English
Course ECTS 7.5 ECTS
Type Elective
Level Full Degree Master
Duration Summer
Start time of the course Summer
Timetable Course schedule will be posted at calendar.cbs.dk
Max. participants 60
Study board
Study Board for MSc in Economics and Business Administration
Course coordinator
  • Course instructor: Jörg Claussen, Associate Professor, CBS.
    Sven Bislev - Department of Management, Society and Communication (MSC)
For academic questions related to the course, please contact instructor Jörg Claussen at jcl.si@cbs.dk
Other academic questions: contact academic director Sven Bislev at sb.msc@cbs.dk
Main academic disciplines
  • Information technology
  • Management
Teaching methods
  • Face-to-face teaching
Last updated on 12/11/2019

Relevant links
Learning objectives
To achieve the grade 12, students should meet the following learning objectives with no or only minor mistakes or errors:
  • Compare and contrast information security management and general business management
  • Assess the importance, benefits, and desired outcomes of information security governance and how such a program would be implemented
  • Analyze how risk is assessed based on the likelihood of adverse events and the effects on information assets when events occur
  • Analyze popular approaches used in the industry to manage risk
  • Analyze emerging trends in the certification and accreditation of information technology systems
Course prerequisites
Completed Bachelor degree or equivalent
Examination
Information Security Management:
Exam ECTS 7.5
Examination form Written sit-in exam on CBS' computers
Individual or group exam Individual exam
Assignment type Written assignment
Duration 4 hours
Grading scale 7-point grading scale
Examiner(s) One internal examiner
Exam period Summer, Ordinary exam: 4 hour written exam in the period of 27–31 July 2020
Retake exam: 4 hour written exams in the period of 28 September–2 October 2020
3rd attempt (2nd retake) exam: 72-hour home assignment- 23-26 November 2020 – for all ISUP courses simultaneously

Exam schedules available on https:/​/​www.cbs.dk/​uddannelse/​international-summer-university-programme-isup/​courses-and-exams
Aids Closed book: no aids
However, at all written sit-in exams the student has access to the basic IT application package (Microsoft Office (minus Excel), digital pen and paper, 7-zip file manager, Adobe Acrobat, Texlive, VLC player, Windows Media Player), and the student is allowed to bring simple writing and drawing utensils (non-digital). PLEASE NOTE: Students are not allowed to communicate with others during the exam.
Make-up exam/re-exam
Same examination form as the ordinary exam
If the number of registered candidates for the make-up examination/re-take examination warrants that it may most appropriately be held as an oral examination, the programme office will inform the students that the make-up examination/re-take examination will be held as an oral examination instead.
Retake exam: 4 hour written sit-in exam, new exam question
Exam form for 3rd attempt (2nd retake): 72-hour home project assignment, max. 10 pages.
Course content, structure and pedagogical approach

This course focuses on the managerial aspects of information security and assurance. Topics covered include access control models, information security governance, and information security program assessment and metrics. Coverage on the foundational and technical components of information security is included to reinforce key concepts. The course includes up-to-date information on changes in the field, such as national and international laws and international standards like the ISO 27000 series.

 

Preliminary assignment: Identify one case of an information security breach and be prepared to present it in two minutes (no slides) in the first class.
 
Class 1: Introduction to the Management of Information Security
Class 2: Compliance: Law and Ethics
Class 3: Governance and Strategic Planning for Security
Class 4: Information Security Policy
Class 5: Developing the Security Program
Class 6: Risk Management: Assessing Risk
 
Feedback activity: Mock exam
 
Class 7: Risk Management: Treating Risk
Class 8: Security Management Models and Practices
Class 9: Planning for Contingencies
Class 10: Security Maintenance
Class 11: Protection Mechanisms
Description of the teaching methods
All teaching takes place on campus (notice that face-to-face teaching may include the use of online materials and tools
Feedback during the teaching period
Mock exam covering lectures 1-6 and discussion of expected answers.

Student workload
Preliminary assignment 20 hours
Classroom attendance 33 hours
Preparation 126 hours
Feedback activity 7 hours
Examination 20 hours
Further Information
Preliminary Assignment: To help students get maximum value from ISUP courses, instructors provide a reading or a small number of readings or video clips to be read or viewed before the start of classes with a related task scheduled for class 1 in order to 'jump-start' the learning process.
 
Course timetable is available on https://www.cbs.dk/uddannelse/international-summer-university-programme-isup/courses-and-exams
 
We reserve the right to cancel the course if we do not get enough applications. This will be communicated on https://www.cbs.dk/uddannelse/international-summer-university-programme-isup/courses-and-exams end March 2020.
Expected literature

Mandatory readings:

 

Michael E. Whitman, Herbert J. Mattord, Management of Information Security, Sixth Edition. Cengage, 2019, ISBN-13: 978-1-337-40571-3.
 
Each book chapter has to be read BEFORE the corresponding lecture.
Last updated on 12/11/2019