CloseHelpPrint
 Kies de Nederlandse taal
Course module: NWI-IMC053
NWI-IMC053
Security in Organisations
Course infoSchedule
Course moduleNWI-IMC053
Credits (ECTS)5
CategoryMA (Master)
Language of instructionEnglish
Offered byRadboud University; Faculty of Science; Informatica en Informatiekunde;
Lecturer(s)
Lecturer		dr. M.R. Colesky
Other course modules lecturer
Lecturer		J. Harmannij-Meijer, MSc
Other course modules lecturer
Contactperson for the course		prof. dr. E.R. Verheul
Other course modules lecturer
Coordinator		prof. dr. E.R. Verheul
Other course modules lecturer
Lecturer		prof. dr. E.R. Verheul
Other course modules lecturer
Academic year2017
Period
KW1-KW2  (04/09/2017 to 04/02/2018)
Starting block
KW1
Course mode
full-time
RemarksThis is the 5 ec course for the TRU/e Security master. The 6 ec course for Information Sciences is NWI-I00153
Registration using OSIRISYes
Course open to students from other facultiesYes
Pre-registrationNo
Waiting listNo
Placement procedure-
Aims
  • Learn to control information security risks within an organization in an holistic fashion (procedural, organizational and technical).
  • Getting familiar with the leading standards in this area, their shortcomings and practical implementation guidelines.
  • To learn to map policies to technical countermeasures and vice versa.
  • To learn how to write and enforce security policies.
  • To learn some basic techniques in security auditing.
  • Getting an idea of the practical aspects of information security.
  • Getting inspiration for further scientific research.
Content

Information security deals with the preservation of the confidentiality, integrity and availability of information. The leading standard on information security is ISO 27001 that defines the notion of a Information Security Management System (ISMS). This is a means for the management of an organization to be in control of the information security risks. Fundamental within ISO 27001 is that information security is considered to be a 'process' and not a 'product' one can simply buy. The process allows management to ensure that others within their organization are implementing security controls that are effective.

One of the difficulties of the information security process is its multidisciplinary nature: it needs to grasp security requirements from the organization business processes (where the managers typically are not savvy on information security) and to translate them to security controls. These controls can be of various types, including ICT technical or cryptographic but also related to personnel security (e.g. screening) or physical security (e.g. ‘locks’). The   multidisciplinary nature of information security is reflected in the different areas ISO 27001 refers to. Moreover, the process needs to check that the operational effectiveness of the chosen controls is satisfactory and to adapt the controls (or the surrounding framework leading to the controls) if required.

Within the course this process is explored both from a theoretical and a practical level never losing sight of the computer science perspective. To this end the course also has several 'hands-on' exercises including conducting an EDP audit, a network audit and a network penetration. The course provides the basic information on information security required by the security officer of an organization, by IT security auditors and by IT security consultants. As information security is still a rapidly evolving topic (some might argue it is even still in its infancy) the course can also provide inspiration for further scientific research.

The course starts with introduction of security management based on ISO27001 and then follows the different areas of ISO 27001. In each class one of these areas is discussed in more detail, in many cases by experts from the field, e.g. on ‘lock-picking’, ‘hacking’ etc.

Literature
This course has a reader.
Teaching formats
• 6 hours guided individual project work
• 32 hours lecture
• 32 hours laboratory course
• 70 hours individual study period

Extra information teaching methods: The course consists of 2 hours of lectures per week and there is a lab/exercise session of usually 2 hours per week; the later may vary depending on the topic taught that week. Much of the course will be case-study based. Except to be doing a lot of background reading using the reader.
Additional comments
Related courses:

• Software security
• Network security
• But also appropriate courses related to computers and law are an option.

N.B. Students taking the TRUE Security master take the 5 ec course (course code NWI-IMC053). Students taking the Information Sciences master will do some exta project work to complete the 6 ec course (course code NWI-I00153).
Topics
International standards for information security and risk management
Implementing information security and risk management
Risk analysis methods

Privacy
Electronic signatures (law, practice, technical)
EDP auditing
Secure development and aquisition of softwareBusiness continuity managementBackground in Security Technologies and the right time & place to use them

Security Architectures
Network and database security

Special topics: pseudonimization, phyiscal access control, digid, idealFuture Trends (e.g., Cloud Computing, Smart Grid)
Test information
Written exam and assignments. The final grade will be the average of the exam and assignment grades.
Prerequisites
The Bachelor course Security.
Required materials
Reader
This course has a reader.
Instructional modes
Course occurrence

General
The course consists of 2 hours of lectures per week and there is a lab/exercise session of usually 2 hours per week; the later may vary depending on the topic taught that week. Much of the course will be case-study based. Except to be doing a lot of background reading using the reader.

Lab course
Attendance MandatoryYes

Lecture

Zelfstudie

Tests
Tentamen
Test weight1
OpportunitiesBlock KW2, Block KW4

CloseHelpPrint
 Kies de Nederlandse taal