Switch to English
Cursus: NWI-I00153
Security in Organisations
Cursus informatieRooster
Studiepunten (ECTS)6
CategorieMA (Master)
Aangeboden doorRadboud Universiteit; Faculteit der Natuurwetenschappen, Wiskunde en Informatica; Informatica en Informatiekunde;
dr. F.M.J. van den Broek
Overige cursussen docent
dr. M.R. Colesky
Overige cursussen docent
Contactpersoon van de cursus
prof. dr. E.R. Verheul
Overige cursussen docent
prof. dr. E.R. Verheul
Overige cursussen docent
prof. dr. E.R. Verheul
Overige cursussen docent
KW1-KW2  (29-08-2016 t/m 29-01-2017)
Inschrijven via OSIRISJa
Inschrijven voor bijvakkersJa
  • Learn to control information security risks within an organization in an holistic fashion (procedural, organizational and technical).
  • Getting familiar with the leading standards in this area, their shortcomings and practical implementation guidelines.
  • To learn to map policies to technical countermeasures and vice versa.
  • To learn how to write and enforce security policies.
  • To learn some basic techniques in security auditing.
  • Getting an idea of the practical aspects of information security.
  • Getting inspiration for further scientific research.
Information security deals with the preservation of the confidentiality, integrity and availability of information. The leading standard on information security is ISO 27001 that defines the notion of a Information Security Management System (ISMS). This is a means for the management of an organization to be in control of the information security risks. Fundamental within ISO 27001 is that information security is considered to be a 'process' and not a 'product' one can simply buy. The process allows management to ensure that others within their organization are implementing security controls that are effective.
One of the difficulties of the information security process is its multidisciplinary nature: it needs to grasp security requirements from the organization business processes (where the managers typically are not savvy on information security) and to translate them to security controls. These controls can be of various types, including ICT technical or cryptographic but also related to personnel security (e.g. screening) or physical security (e.g. ‘locks’). The multidisciplinary nature of information security is reflected in the different areas ISO 27001 refers to. Moreover, the process needs to check that the operational effectiveness of the chosen controls is satisfactory and to adapt the controls (or the surrounding framework leading to the controls) if required.
Within the course this process is explored both from a theoretical and a practical level never losing sight of the computer science perspective. To this end the course also has several 'hands-on' exercises including conducting an EDP audit, a network audit and a network penetration.
The course provides the basic information on information security required by the security officer of an organization, by IT security auditors and by IT security consultants. As information security is still a rapidly evolving topic (some might argue it is even still in its infancy) the course can also provide inspiration for further scientific research.
The course starts with introduction of security management based on ISO27001 and then follows the different areas of ISO 27001. In each class one of these areas is discussed in more detail, in many cases by experts from the field, e.g. on ‘lock-picking’, ‘hacking’ etc.
Related courses:

• Software security
• Network security
• But also appropriate courses related to computers and law are an option.
Students taking the TRUE Security master take the 5 ec course (course code NWI-IMC053). Students taking the Information Sciences master will do some exta project work to complete the 6 ec course (course code NWI-I00153).
• International standards for information security and risk management
• Implementing information security and risk management
• Risk analysis methods
• Privacy
• Electronic signatures (law, practice, technical)
• EDP auditing
• Secure development and aquisition of software
• Business continuity management
• Background in Security Technologies and the right time & place to use them

• Security Architectures

• Network and database security
• Special topics: pseudonimization, phyiscal access control, digid, ideal
• Future Trends (e.g., Cloud Computing, Smart Grid)
Written exam and assignments. The final grade will be the average of the exam and assignment grades.
The bachelor course Security.
This course has a reader.

• 8 hours guided individual project work
• 32 hours lecture
• 32 hours laboratory course
• 96 hours individual study period
Extra information teaching methods: The course consists of 2 hours of lectures per week and the students need to work on assignments during the week. The later varies on the topic taught that week. Much of the course will be case-study based. The student will be expected to do a lot of background reading using the referred material.
Verplicht materiaal
This course has a reader.




GelegenhedenBlok KW2, Blok KW3

Switch to English