Security in Organisations
Course infoSchedule
Course moduleNWI-I00153
Credits (ECTS)6
CategoryMA (Master)
Language of instructionEnglish
Offered byRadboud University; Faculty of Science; Informatica en Informatiekunde;
A.C. Serban, MSc
Other course modules lecturer
prof. dr. E.R. Verheul
Other course modules lecturer
prof. dr. E.R. Verheul
Other course modules lecturer
prof. dr. E.R. Verheul
Other course modules lecturer
Contactperson for the course
prof. dr. E.R. Verheul
Other course modules lecturer
Academic year2018
KW1-KW2  (03/09/2018 to 27/01/2019)
Starting block
Course mode
RemarksThis is the 6 ec course for Information Sciences. The 5 ec course for the TRU/e Security master is NWI-IMC053.
Registration using OSIRISYes
Course open to students from other facultiesYes
Waiting listNo
Placement procedure-
  • Learn to control information security risks within an organization in an holistic fashion (procedural, organizational and technical).
  • Getting familiar with the leading standards in this area, their shortcomings and practical implementation guidelines.
  • To learn to map policies to technical countermeasures and vice versa.
  • To learn how to write and enforce security policies.
  • To learn some basic techniques in security auditing.
  • Getting an idea of the practical aspects of information security and new directions.
Information security deals with the preservation of the confidentiality, integrity and availability of information. The leading standard on information security is ISO 27001 that defines the notion of a Information Security Management System (ISMS). This is a means for the management of an organization to be in control of the information security risks. Fundamental within ISO 27001 is that information security is considered to be a 'process' and not a 'product' one can simply buy. The process allows management to ensure that others within their organization are implementing security controls that are effective.
One of the difficulties of the information security process is its multidisciplinary nature: it needs to grasp security requirements from the organization business processes (where the managers typically are not savvy on information security) and to translate them to security controls. These controls can be of various types, including ICT technical or cryptographic but also related to personnel security (e.g. screening) or physical security (e.g. ‘locks’). The multidisciplinary nature of information security is reflected in the different areas ISO 27001 refers to. Moreover, the process needs to check that the operational effectiveness of the chosen controls is satisfactory and to adapt the controls (or the surrounding framework leading to the controls) if required.
Within the course this process is explored both from a theoretical and a practical level never losing sight of the computer science perspective. To this end the course also has several practical exercises including conducting an EDP audit and a vulnerability test.
The course provides the basic information on information security required by the security officer of an organization, by IT security auditors and by IT security consultants. As information security is still a rapidly evolving topic (some might argue it is even still in its infancy) the course can also provide inspiration for further scientific research.
The course starts with introduction of security management based on ISO27001 and then follows the different areas of ISO 27001. In each class one of these areas is discussed in more detail, in many cases by practical experts from the field, e.g. on internet banking fraud, ‘lock-picking’, ‘hacking’ etc.
Additional comments
Related courses:

• Software security
• Network security
• But also appropriate courses related to computers and law are an option.

N.B. Students taking the TRUE Security master take the 5 ec course (course code NWI-IMC053). Students taking the Information Sciences master will do some exta project work to complete the 6 ec course (course code NWI-I00153).

• International standards for information security and risk management
• Implementing information security and risk management
• Risk analysis methods
• Privacy
• Electronic signatures (law, practice, technical)
• EDP auditing
• Secure development and aquisition of software
• Business continuity management
• Background in Security Technologies and the right time & place to use them

• Security Architectures

• Network and database security
• Special topics: pseudonimization, phyiscal access control, digid, ideal
• Future Trends (e.g., Cloud Computing, Smart Grid)

Test information
Written exam and assignments. The final grade will be the average of the exam and assignment grades.

The bachelor course Security.

Required materials
This course has a reader.

Instructional modes
Course occurrence

The course consists of 2 hours of lectures per week and there is guided individual project work for 40 hours. The remainder is individual study.

Lab course


The course consists of 2 hours of lectures per week and the students need to work on assignments during the week. The later varies on the topic taught that week. Much of the course will be case-study based. The student will be expected to do a lot of background reading using the referred material.


Test weight1
Test typeExam
OpportunitiesBlock KW2, Block KW3

Test weight1
Test typeAssignment
OpportunitiesBlock KW2, Block KW3