Skip to content


Information Security Risk Management 7.5 credits

Riskhantering för informationssäkerhet
Second cycle, A7012E
Course syllabus valid: Autumn 2020 Sp 1 - Present
The version indicates the term and period for which this course syllabus is valid. The most recent version of the course syllabus is shown first.

Syllabus established
by Jonny Johansson, HUL SRT 15 Feb 2019

Last revised
by Jonny Johansson, HUL SRT 18 Jun 2020

Education level
Second cycle
Grade scale
Systems Science
Subject group (SCB)
Informatics/Computer and Systems Sciences
Main field of study
Information Security

Entry requirements

Minimum 120 credits of university studies including 60 credits in the areas of computer science or systems science, business administration or equivalent. Good knowledge in English, equivalent to English 6.

More information about English language requirements


The selection is based on 20-285 credits

Course Aim

This course will have materials on security risk identification, evaluation, and management with focus on organisational perspectives. After the completion of this course, the student will be able to:

  • Identify and explain the concepts of risks types and categories, the relevance of risk management, risk management methods, risk analysis, risk analytics and security awareness.
  • Analyse and map organizational information, knowledge, information technology and physical assets to further conducting security risk analysis.
  • Select, use and apply models/methodologies for identifying information security risks and minimization/mitigation strategies and costs/benefits of those risks.
  • Analyse and reflect upon how companies and organisations can protect and safely share information and knowledge as well as use IT-resources in a collaborative environment without spreading the information in a way that can harm the organisations.
  • Define a plan for creating, managing, and utilizing knowledge of information security risks for conceptualising or enhancing security awareness program in an organization.


The course deals with basic concepts within the area of security risk identification and management and is focused on different stages within risk assessment process to identify, prioritise, assess and control risks associated with organizational assets such as information, knowledge and IT as well as other resources. Practical examples such as: how organizational dynamics are mapped for further analysis of security risks; how it is possible to create and share information and knowledge safely and to utilise means for responding to identified security risks without losing the ease of access to information, knowledge and IT-resources are important to address. The management of processes concerning the risk management, minimization and mitigation of risks through various control mechanisms are also discussed. Considerations are also made on the use of IT tools, logs and internal as well as external risk related data or information.  


Learning takes place through participation in lectures, interaction with other students and the lecturer through the asynchronous learning platform, and participation in seminars in which the assignments are discussed. Individual learning is ongoing, explicated and shared by the students through the use of a learning diary, which forms the documentation of the individual assignments.

The group assignment aims to practice on how risk assessment is done in a company or organization. The student’s ability to cooperate with other students and to experience practical challenges of working in an IT security team can be practiced during the execution of group assignments.

Teaching is in English and on Internet for distance students or at campus for the students living here. IT support: Learning management system (Canvas), e-mail and phone.

Canvas Learning Management System is used for delivering course material, information and submissions. Knowledge is shared and created within the course through virtual meetings with teachers and other students for discussions, supervision, teamwork and seminars. For student on campus there will be meetings on campus.


Individual assignments, 3.5 hp (U, G, or VG)
Group assignments, 4.0 hp (U, G, or VG)

In order for a student to get VG in the whole course, a VG grade must be accomplished both in the individual and group assignments.
For the G grade, a student should achieve at least a grade G in the individual and group assignments.


Technical Requirements: access to PC with Windows 7, microphone, Web cam and permission to install software. Internet connection (minimum 0,5 Mbps).

Johan Wenngren

Transition terms
The course A7012E is equal to A7005N

Literature. Valid from Autumn 2019 Sp 1 (May change until 10 weeks before course start)
The following book will be used in addition to academic papers and other materials
Security Risk Management: Building an Information Security Risk Management Program from the Ground Up
Evan Wheeler
Paperback: 360 pages
Publisher: Syngress; 1 edition (May 31, 2011)
Language: English
ISBN-10: 1597496154
ISBN-13: 978-1597496155

Course offered by
Department of Computer Science, Electrical and Space Engineering

CodeDescriptionGrade scaleHPStatusFrom periodTitle
0001Individual assignmentsU G VG3.50MandatoryA19
0002Group assignmentsU G VG4.00MandatoryA19

Study guidance
Study guidance for the course is to be found in our learning platform Canvas before the course starts. Students applying for single subject courses get more information in the Welcome letter. You will find the learning platform via My LTU.