Master's Programme in Information Systems - Information Security Management, 120 credits

In today's complex environments, safeguarding an organisation's information assets is difficult and requires more than solely technical skills. In order to facilitate a broad understanding of the field, our programme includes courses considering organisational, social and technical aspects of information security.

During the first year, students will gain a broad understanding of information security and develop advanced knowledge and skills within information security management. The second year aims to develop advanced knowledge and skills in research and investigation. Students will learn how to develop and communicate knowledge within the field of study as well as increase their degree of reflection on research and practice within the field. Teaching is based on case-based learning and flipped classroom pedagogy. These pedagogical methods encourage students to active learning and to develop their problem-solving skills which are necessary to address the complexity of information security management in organisations. By working with cases developed in collaboration with our industry partners, the students gain a deeper understanding and practical field experience.

Programme syllabus Master's Programme in Information Systems - Information Security Management, 120 credits

The programme comprises 120 credits distributed over two years. It provides in-depth studies within the information security management field and comprises both theoretical and practical elements.

The programme opens with an introduction to the field with the course Introduction to Information Security (7.5 credits). The aim of this course is for the students to develop a basic understanding of information security and the central concepts and responsibilities within the field. To create conditions for adequate information security and prevent incidents, organisations combine various security measures. These may be of a regulatory, social or technical nature. Therefore, three courses organised around these types of information security measures follow next: Regulatory Aspects of Information Security (7.5 credits), Social Aspects of Information Security, second cycle (7.5 credits) and Introduction to IT Security (7.5 credits). The first of these discusses how information security is created by means of legislation, policies and regulations. The second course focuses on the way in which employees' knowledge and awareness of information security can contribute to a higher degree of information security. The third course is an introduction to how software and hardware can be used to create information security.

The second semester of the programme focuses on ways in which an organisation can apply a systematic approach to information security management. The first course of the semester, Applied Information Security Management (12 credits), discusses management systems for information security. A management system is the management's tool to safeguard that the operations are carried out in a way that is consistent with its identified goals; in this case a support for systematic planning, development, follow-up and evaluation of the quality of the organisation's information security efforts. The second course, Setting Requirements for Information Security (7.5 credits), focuses on the way in which the client defines and follows up information security criteria requirements in the development and procurement of information systems. During the final course of the semester, Information Security Management - Application Areas (10.5 credits), students apply the knowledge they have obtained to a real-life information security problem.

The second year aims at allowing students to develop their knowledge of and skills in research and investigation work; providing them with the ability to identify and meet their need for knowledge; and allowing them to develop their ability to communicate the knowledge obtained and developed. Moreover, the second year aims at providing the students with an increased ability to reflect on research and investigation activities within the IT field. The second year is important, not only for students who opt to pursue a doctoral degree, but also for those who, in different ways, would like to work with the management, development or evaluation of information security. The third semester opens with the course Information Systems Theories (7.5 credits), which discusses what theories are and how they can be used as a tool of analysis or design in relation to information security. Next are two courses on investigation methodology, relevant to both research and investigation concerning information security: Qualitative Methods in Information Systems Research (7.5 credits) and Quantitative Methods in Information Systems Research (7.5 credits). The semester closes with the course Professional and Academic Communication (7.5 credits), discussing the communication of investigation results to both practicians and researchers. Students spend the fourth semester taking the course Thesis (30 credits), during which the students complete an independent project.

Specific entry requirements: A first-cycle qualification comprising at least 180 credits, of which at least 90 are for progressively specialised study within either of the main fields of study informatics, computer science or business administration. The applicant must also have qualifications corresponding to the course "English 6" or "English B" from the Swedish upper secondary school.

First semester: Autumn semester 2023

Pace of study: Full Time

Level: Second Cycle

Study places: 12

Selection: Number of credits obtained no later than on the last application date

Study venue: Örebro

School: Örebro University School of Business

Qualifications: Degree of Master of Arts/Science [120 credits]

Language of instruction: The language of instruction is English.

Application code ORU-M2300

The program is aimed for people who want to work with information security management both nationally or internationally; in business or public administration. After the education the students can work as managers, advisers, supervisors, and consultants in the field of information security.