The course includes important and useful concepts and methods for the control of IT Security. The scope consists of the following main topics, and includes discussion of techniques and practical advice:

• Introduction to IT security function and process
• Basics of risk, risk analysis and management
• Fundamentals of project management
• Principles of decision making and their implication on IT security management
• Introduction to IT security auditing
• Foundations of IT security investments
• Related frameworks, standards, and regulations to IT security

These topics are presented as an overview, and selected topics are discussed in greater detail with hands-on exercises in class and homework assignments.

There are no special pre-requisites to attend the course, although it is advantageous to have a basic understanding of systems management and security, formal decision making techniques, IT governance or project management, and probability theory.

The course “353.067 Introduction to IT Security” may be useful for participants.

The course will be a combination of lecture and hands-on exercises, for which students will be asked to propose or justify solutions, search cause and effects, and implement some of the techniques with their own examples.

Through several assignments (homework), students will have an opportunity to refresh and extend their knowledge. These assignments include literature research and solution of example problems which will be completed and presented in groups.

The grading is based on the presentations of the results of the assignments and the activity in class. The assignments are done in groups, therefore the students are graded together as a team. Both parts must be completed successfully to complete the course.