Schedule, syllabus and examination date

Choose semester

Changes in the course due to coronavirus

Autumn 2020 we plan for teaching and examinations to be conducted as described in the course description and on semester pages. However, changes may occur due to the corona situation. You will receive notifications about any changes at the semester page and/or in Canvas.

Spring 2020: Teaching and examinations was digitilized. See changes and common guidelines for exams at the MN faculty spring 2020.

Course content

Security by Design means that security is integrated in the entire development lifecycle of IT systems, including programming, testing, deployment, configuration and operation. This course teaches how to build adequate security into systems that thereby are able to maintain their functionality while being exposed to cyberthreats.

Learning outcome

After completing this course, you will have:

  • Knowledge about how to include security requirements in system specifications, design, and testing,
  • Understanding of the trade-off between security risk, and the cost of implementing security controls,
  • Knowledge about GDPR (General Data Protection Regulation) as well as the major frameworks for threat modelling, vulnerability management, and secure systems development
  • Study of specific aspects of GDPR.

And you will be able to:

  • Perform threat modelling and security/privacy risk assessment of system functionality and components
  • Apply the principles of privacy by design and security by design during practical systems development,
  • Assess the maturity of secure systems development

Admission to the course

PhD candidates from the University of Oslo should apply for classes and register for examinations through Studentweb.

If a course has limited intake capacity, priority will be given to PhD candidates who follow an individual education plan where this particular course is included. Some national researchers’ schools may have specific rules for ranking applicants for courses with limited intake capacity.

PhD candidates who have been admitted to another higher education institution must apply for a position as a visiting student within a given deadline.

IN2000 – Software Engineering med prosjektarbeid or equivalent. The course requires good knowledge and skills in programming, familiarity with general principles of software development and knowledge related to web development. Knowledge of Java and/or PHP.

General knowledge of information security, e.g from IN2120 (previously INF3510).

Overlapping courses


Lectures and practice 4 hours per week


There will be a home exam that constitutes 40% of the final grade and a final exam that constitutes 60% of the final grade. Both exams must have a pass grade.

It will also be counted as one of your three attempts to sit the exam for this course, if you sit the exam for one of the following courses: IN5280 - Security by Design

Examination support material

No examination support material is allowed.

Grading scale

Grades are awarded on a pass/fail scale. Read more about the grading system.

Special examination arrangements, use of sources, explanations and appeals

See more about examinations at UiO

Last updated from FS (Common Student System) Sep. 22, 2020 8:15:50 PM

Facts about this course

Teaching language