IN9080 – Security and Risk Management

Schedule, syllabus and examination date

Choose semester

Changes in the course due to coronavirus

Autumn 2020 the exams of most courses at the MN Faculty will be conducted as digital home exams or oral exams, using the normal grading scale. The semester page for your course will be updated with any changes in the form of examination.

See general guidelines for examination at the MN Faculty autumn 2020.

Course content

Security and risk management is the foundation for ensuring good information security in organisations. This course focuses on ISMS (Information Security Management System) which can be seen as a systematic approach to managing information security.To have an ISMS is a requirement for organisations to be compliant with laws and regulations regarding information security and privacy. More specifically the course teaches security and risk management in terms of assessing relevant threats and risks to an organisation's information assets, and then selecting, implementing and operating an appropriate set of security controls to reduse and balance the risks.

Learning outcome

After completing this course, you will:

  • have knowledge of the principles of security and risk management
  • have knowledge of the role of security and risk management in organisations
  • have knowledge of relevant laws, standards and frameworks for information security
  • have knowledge of the responsibilities of top level management wrt. information security
  • be able to establish and operate an ISMS (Information Security Management System)
  • be able to conduct threat and risk assessment for information security
  • be able to judge the appropriateness of security controls for reducing security risks
  • be able to organise security-awareness training

Admission to the course

PhD candidates from the University of Oslo should apply for classes and register for examinations through Studentweb.

If a course has limited intake capacity, priority will be given to PhD candidates who follow an individual education plan where this particular course is included. Some national researchers’ schools may have specific rules for ranking applicants for courses with limited intake capacity.

PhD candidates who have been admitted to another higher education institution must apply for a position as a visiting student within a given deadline.

General knowledge about information security, e.g. IN2120 Informasjonssikkerhet and IN1020 Introduksjon til datateknologi.

Overlapping courses


The course will have:

  • 2 hours of lectures per week (plenary sessions)
  • 2 hours of workshops per week (plenary sessions)

The workshop sessions will be used for practical exercises, case studies and seminar talks given by students.


The course grade is based on the following assessments:

  • Home exam in the form of a case study: 30%

  • Digital final exam: 70%

Both exams must be passed and must be passed in the same semester. Note that the exam in IN9080 will be more extensive than the one in IN5080.

The home exam consists of writing a report on a specific case study. The report can be written individually or in a group of 2 or 3 students.

Examination support material

For the home exam, any support material is permitted.

For the digital final exam, no support material is permitted.

Language of examination

You may write your examination paper in Norwegian, Swedish, Danish or English.

Grading scale

Grades are awarded on a pass/fail scale. Read more about the grading system

Special examination arrangements, use of sources, explanations and appeals

See more about examinations at UiO

Last updated from FS (Common Student System) Nov. 29, 2020 2:16:19 PM

Facts about this course

Teaching language