The programme comprises 120 credits distributed over two years. It provides in-depth studies within the information security management field and comprises both theoretical and practical elements.
The programme opens with an introduction to the field with the course Introduction to Information Security (7.5 credits). The aim of this course is for the students to develop a basic understanding of information security and the central concepts and responsibilities within the field. To create conditions for adequate information security and prevent incidents, organisations combine various security measures. These may be of a regulatory, social or technical nature. Therefore, three courses organised around these types of information security measures follow next: Regulatory Aspects of Information Security (7.5 credits), Social Aspects of Information Security, second cycle (7.5 credits) and Introduction to IT Security (7.5 credits). The first of these discusses how information security is created by means of legislation, policies and regulations. The second course focuses on the way in which employees' knowledge and awareness of information security can contribute to a higher degree of information security. The third course is an introduction to how software and hardware can be used to create information security.
The second semester of the programme focuses on ways in which an organisation can apply a systematic approach to information security management. The first course of the semester, Applied Information Security Management (12 credits), discusses management systems for information security. A management system is the management's tool to safeguard that the operations are carried out in a way that is consistent with its identified goals; in this case a support for systematic planning, development, follow-up and evaluation of the quality of the organisation's information security efforts. The second course, Setting Requirements for Information Security (7.5 credits), focuses on the way in which the client defines and follows up information security criteria requirements in the development and procurement of information systems. During the final course of the semester, Information Security Management - Application Areas (10.5 credits), students apply the knowledge they have obtained to a real-life information security problem.
The second year aims at allowing students to develop their knowledge of and skills in research and investigation work; providing them with the ability to identify and meet their need for knowledge; and allowing them to develop their ability to communicate the knowledge obtained and developed. Moreover, the second year aims at providing the students with an increased ability to reflect on research and investigation activities within the IT field. The second year is important, not only for students who opt to pursue a doctoral degree, but also for those who, in different ways, would like to work with the management, development or evaluation of information security. The third semester opens with the course Information Systems Theories (7.5 credits), which discusses what theories are and how they can be used as a tool of analysis or design in relation to information security. Next are two courses on investigation methodology, relevant to both research and investigation concerning information security: Qualitative Methods in Information Systems Research (7.5 credits) and Quantitative Methods in Information Systems Research (7.5 credits). The semester closes with the course Professional and Academic Communication (7.5 credits), discussing the communication of investigation results to both practicians and researchers. Students spend the fourth semester taking the course Thesis (30 credits), during which the students complete an independent project.