= SECORG - Information Security in Organisations = == Level == Advanced level - Second cycle course == Required knowledge == 90 credits in Computer and Systems Sciences or 90 credits in a DSV bachelor programme with at least 60 credits in Computer and Systems Sciences. With at least 7,5 credits in information security, for example one of the courses: * ML470C Introduction to Information Security * SÄK1 Information security - theoretical perspectives * SÄK2 Information- and Data-security == Short description == You will learn: Best practices for managing information security in organisations. * Information assets, Information classification * Risk analysis * Security processes and controls * GAP-analysis, Policy * Marketing, awareness and education * Standards (ISO/IEC 27000-series) == Aim == After the course the student should be able to: * Describe the key objectives, requirements, actors, activities and problems related to the management of information security in organisations. * Explain the commonly used best practices, processes, standards and methods of analysis and management of information security in organisations. * Apply in an independent and efficient manner, the central methods of analysis of information security in organisations. * Know the meaning of key terms and concepts in the field of information security management. == Syllabus == This is the capstone course at DSV for management of information- and cyber security at advanced level. It is based on best practices, international standards and experienced course developers and lecturers. If you are considering a career as a chief information security officer CISO or chief security officer CSO, this is the course to take. The syllabus is based on advice from the global non-profit organisations in information security ISC2 and ISACA. The course covers the conditions and procedures for information security management in organisations and provides the essential knowledge, skills and assessment abilities required to act as information security adviser or information security manager. The course includes the following areas: * Terminology * Policy and guidelines for information security * Methods for analysis of information * Relevant objectives, requirements, actors, activities and problems * Identification of protected information assets * Key processes for information security management * Marketing, information, awareness and education in information security in organisations * Relevant standards and best practices * Overview of current research in the area Fredrik Blix will be the main lecturer on this course. In case you have any questions about this course, please contact Fredrik Blix. In case of admissions questions, please contact Studievägledningen.