Security in organisations 

Security is about regulating access to assets. Crucial questions are: Who are you? and: Should you be doing that? These questions cannot be answered without taking the organisation in which security systems are deployed into account.

The course introduces the basic notions and techniques in the area of information security. The emphasis lies on assessing risks and impacts of security related threats and on planning, managing and evaluating security controls such as policies, procedures, and technical counter measures.

• To develop a suitable level of paranoia, needed for designing and deploying security sensitive IT applications
• To learn how to manage risk while designing and deploying IT systems within an organisation
• To learn how to write and enforce good security policies
• To learn some basic techniques for evaluating security solutions

Topics include:

• Security in context
• Assets and threats
• Risk, vulnerability, control, attack, damage
• Risk assessment and risk management
• Methods/tools for risk analysis
• Attack trees
• Security policies
• Roles, Classifications
• Code of Practice for Information Security (ISO27001/2)
  
• Business continuity planning and incident recovery
• CERTs
• Legal Aspects

• 32 hrs lecture
• 8 hrs personal study counseling
• 30 hrs student project
• 98 hrs individual study period

The course consists of 2 hours of lectures per week.

To be announced later. The book that was used in previous editions of this course (by Jan Killmeyer Tudor) will NOT be used.

Related courses:

• Software security
• Network security
• But also appropriate courses related to computers and law are an option.