The document discusses an information security management course conducted by the Department of Information Management and Logistics at Tampere University of Technology (TUT). It provides details about the course content, which involves identifying information security risks in companies and how to address them. As part of the course, student groups interview case companies to analyze their key information assets, vulnerabilities, risks, and make recommendations. Examples of risk analyses from three student groups are also presented, showing the identification and prioritization of risks in different risk areas. Companies interested in participating in interviews are instructed to contact the listed course personnel.

1. Information Security Management
Course conducted by Department of Information
Management and Logistics &
Novi Research Center - TUT
Dr. Ilona Ilvonen (Course Teacher)
Karan Menon (Course Assistant)

2. What are the information and knowledge security
related issues in your firm and how can they be
mitigated?
• 2015-16 – 6 Kampusklubi Companies Case
interviews conducted by student groups
• KSRM Model
• Target for 2016-17 approximately 15 companies
with a focus on Digitalization and/or IoT related
activities
• Interviews will be conducted in December or
January by groups of 3-4 students and the
course assistant
4.10.2016 2

3. Summary of 15 Groups
4.10.2016 3
Risk areas
Table shows amount of risks in a certain risk area.
Risk area Total
3.1 Unintentional harm 18 9 21 36 12 2 98
3.2 Intentional harm 7 7 12 46 9 2 83
3.3 Employee turnover 9 7 7 12 1 4 40
3.4 Other threats 0 0 1 3 1 0 5
Total 34 23 41 97 23 8 226
Scale shows the sum of the risk values in a certain risk area.
Risk areas
Table shows amount of risks in a certain risk area.
Risk area Total
3.1 Unintentional harm 18 9 21 36 12 2 98
3.2 Intentional harm 7 7 12 46 9 2 83
3.3 Employee turnover 9 7 7 12 1 4 40
3.4 Other threats 0 0 1 3 1 0 5
Total 34 23 41 97 23 8 226
Scale shows the sum of the risk values in a certain risk area.

4. Contact Us to register as a Case Company
Write an email for queries and registration to the following persons.
Dr. Ilona Ilvonen – ilona.ilvonen@tut.fi
Karan Menon – karan.menon@tut.fi 0401 305 046
Jaana Hanninen – jaana.hanninen@sykoy.fi 0400 414 117
4.10.2016 4

5. What is the course about?
• The course aims for understanding of issues
related to information security management:
recognizing risks that information and
knowledge face in companies, how to
address those risks, and how to develop the
information security status
• Both Finnish and international students
4.10.2016 5

6. KSRM model, focus on steps 1-5 in
this assignment
4.10.2016 6
1. BUSINESS NEED OR PROBLEM,
EXPECTED BENEFITS SOUGHT FROM
CHANGE
- costs of implementation
- expected monetary business benefits
2. KNOWLEDGE IDENTIFICATION
- identify communication genres
and containers
3. THREAT IDENTIFICATION
- identify vulnerabilities and motives
to exploit them
- identify threat agents
4. RISK ANALYSIS
- identify risks connected to the most
important communication genres
- analyse the size of risk and costs of
risk realization
- identify mitigation means
5. COST/BENEFIT ASSESSMENT
- business benefits vs. implementation
costs
- mitigation costs vs. mitigation benefits
6. MITIGATION
- implementation of mitigation
means that are deemed
reasonable
7. MONITORING
- set triggers for action
- any change should trigger re-
evaluation of business need
and threats

7. Examples of results: Group 1
4.10.2016 7
Risk areas
Table shows amount of risks in a certain risk area.
Risk area Total
3.1 Unintentional harm 1 0 0 1 0 0 2
3.2 Intentional harm 0 0 0 1 0 0 1
3.3 Employee turnover 0 0 0 1 0 0 1
3.4 Other threats 0 0 1 1 0 0 2
Total 1 0 1 4 0 0 6
Scale shows the sum of the risk values in a certain risk area.
Risk areas
Table shows amount of risks in a certain risk area.
Risk area Total
3.1 Unintentional harm 1 0 0 1 0 0 2
3.2 Intentional harm 0 0 0 1 0 0 1
3.3 Employee turnover 0 0 0 1 0 0 1
3.4 Other threats 0 0 1 1 0 0 2
Total 1 0 1 4 0 0 6
Scale shows the sum of the risk values in a certain risk area.

8. Examples of results: Group 1
4.10.2016 8

9. Examples of results: Group 2
4.10.2016 9
Risk areas
Table shows amount of risks in a certain risk area.
Risk area Total
3.1 Unintentional harm 1 3 3 1 0 0 8
3.2 Intentional harm 2 1 1 7 0 0 11
3.3 Employee turnover 3 1 2 2 0 0 8
3.4 Other threats 0 0 0 0 0 0 0
Total 6 5 6 10 0 0 27
Scale shows the sum of the risk values in a certain risk area.
Risk areas
Table shows amount of risks in a certain risk area.
Risk area Total
3.1 Unintentional harm 1 3 3 1 0 0 8
3.2 Intentional harm 2 1 1 7 0 0 11
3.3 Employee turnover 3 1 2 2 0 0 8
3.4 Other threats 0 0 0 0 0 0 0
Total 6 5 6 10 0 0 27
Scale shows the sum of the risk values in a certain risk area.

10. Examples of
results: Group 2
4.10.2016 10

11. Examples of results: Group 3
4.10.2016 11
Risk areas
Table shows amount of risks in a certain risk area.
Risk area Total
3.1 Unintentional harm 0 1 2 0 0 0 3
3.2 Intentional harm 0 0 0 0 2 0 2
3.3 Employee turnover 0 0 1 0 1 1 3
3.4 Other threats 0 0 0 1 0 0 1
Total 0 1 3 1 3 1 9
Scale shows the sum of the risk values in a certain risk area.
Risk areas
Table shows amount of risks in a certain risk area.
Risk area Total
3.1 Unintentional harm 0 1 2 0 0 0 3
3.2 Intentional harm 0 0 0 0 2 0 2
3.3 Employee turnover 0 0 1 0 1 1 3
3.4 Other threats 0 0 0 1 0 0 1
Total 0 1 3 1 3 1 9
Scale shows the sum of the risk values in a certain risk area.

12. Examples of results: Group 3
4.10.2016 12

13. Examples of the most severe risks
• Employee leaves and takes customer contacts with them
• Losing company reputation due to mistakes, technical
problems or intentional actions by employees
• New employee gives information to their previous
employer
• Leaving employee tells information to their new employer
4.10.2016 13

14. Contact Us to register as a Case Company
Write an email for queries and registration to the following persons.
Dr. Ilona Ilvonen – ilona.ilvonen@tut.fi
Karan Menon – karan.menon@tut.fi 0401 305 046
Jaana Hanninen – jaana.hanninen@sykoy.fi 0400 414 117
4.10.2016 14