= Information Security Organization and Management = == Requirements == 90 hp Computer and Systems Sciences with at least 7,5 hp computer security == Aim == The goal of the course is to familiarize the students with organizational and managerial aspects of information security in different types of organization in particular and in society in general. The student will be exposed to how different type of scientific disciplines, like systems theory, organizational behavior, criminology, and socio-technical theory can be used to understand ,explain ,predict ,and influence the effectiveness and efficiency of information systems operation and security risk management. Current industrial standards and practices for information security and risk management like ISO27001 and PCI DSS will be reviewed and discussed. == Syllabus == * Applied Systems Theory * Socio-technical Theory * Organiztional Behavior * Security Standards and Frameworks * Risk Tolerance and Risk Appetite * Risk Analysis and vulnerability assessment * Compliance management * Corporate and IT governance * Information Security Metrics * Maturity Models * Security Awareness Training * Security Cultures * Ethical Considerations