Bachelor in Digital Assurance and Security Management

Start semesters

2024 Autumn

Bachelor in Digital Assurance and Security Management

Study Facts
- Area of Study
  Computing
- ECTS
  180
- NQF Level
  Bachelor's degree (Level 6 1. Cycle)
- Campus
  OnlinePLUS - Bergen, OnlinePLUS - Oslo, Online
- Study Mode
  OnlinePLUS, Full-time, Online
- Entry Requirements
  Entry Requirements
- Study Programme Leader
  Piet Delport

Introduction

Noroff University College (NUC) offers awards that specialise in the utilisation of digital technology. The objective of the Bachelor in Digital Assurance and Security Management is to provide you with a background in the field of information assurance and security. This degree explores the range of issues relating to the international field of information assurance and security through methods and techniques relating to ensuring that the organisation’s cyber risk has been correctly identified; that the relevant information and cyber security policies have been implemented; and that the Organisational information and cyber security practitioners adhere to these policies.

Many commercial organisations in Norway store data in Digital form; ranging from the business records of a sole trader on a laptop to extensive corporate records. The 2012 Norwegian Business Security Council’s cybercrime survey suggests securing this data is a significant concern:

"…there is an increase in […] dependency on ICT. Norwegian companies, especially at the executive level, lack knowledge about information security and do not have an overview of threats and incidents…”

The 2012 Norwegian Business Security Council’s cyber-crime survey, quoted in the Cyber Security Strategy for Norway. (https://www.regjeringen.no/globalassets/upload/FAD/Vedlegg/IKT- politikk/Cyber_Security_Strategy_Norway.pdf)

Organisations are connected, not just in terms of networks and technology, but also information and services. An attack on a single element of an infrastructure has the potential to affect the whole infrastructure. It can be difficult to distinguish between civilian and what may be considered ‘legitimate’ military targets in a cyber-attack. It is therefore imperative for all organisations to take appropriate steps to protect their information and information resources. Access to information resources have become so vital for modern organisations that it is no longer something that provides a competitive edge, but should rather be seen as an essential utility, similar to electricity, without which organisations cannot function. At the organisational and planning level, it is not sufficient to just have security policies and controls in place, the organisation also needs assurance that the selected cyber security policies and controls are adequate for the degree of risk the organisation is facing; have been implemented correctly; and complies to all relevant legislation. In the light of many large data breaches, issues relating to privacy have become increasingly important to organisations and there are many new laws and legal regulations ensuring the protection of customer rights. Digital assurance professionals play a vital role in ensuring that organisations are compliant to such legal requirements.

There is an increasing demand for skilled information assurance and security professionals worldwide and very few study programmes focus specifically on addressing the need for assurance professionals. Traditionally, many assurance professionals started as accountancy professionals and then cross-skilled into the cyber security domain. However, the complexity of the cyber domain has made such a cross-over increasingly more difficult.

Aims of the Degree Programme

This degree programme aims to develop candidates with a holistic understanding of key practice, principles and procedures of IT governance, IT auditing, and IT risk and compliance management. Through a blend of knowledge and skills enabling candidates to understand the role(s) of IT systems in supporting business operations, the needed information and cyber security controls to secure such systems, and the processes of assuring these systems are implemented and maintained as they should be. Graduates have a high level of proficiency in a wide range of skills including problem solving, business analytics, organisational IT architectures, cloud computing, IT Auditing, cyber risk assessment, and information security governance. The programme has been specifically designed to equip graduates with the conceptual understanding and principles of both business decision making and information security, to produce a well- rounded, employment ready, graduate.

The following are the broad core elements for the degree programme.

Foundational IT Knowledge: Business processes, computational thinking and programming, database systems, IT architectures, business intelligence
IT Audit and Assurance: Foundations of accounting, management accounting, IT Audit Principles, IT Audit Practice
Information Security Management: IT operational management, IT governance, risk, and regulatory compliance
Cloud Computing: Cloud architectures, audit and assurance in cloud environment
Information Assurance: Policies, procedures, risk management, and legal, ethical and social issues of security, stakeholder motivation

Throughout the programme there is a strong emphasis on the processes, technology, tools, legal and ethical requirements relevant to this fast-moving, technically challenging yet exciting domain. The self-reflective practices aim for candidates to understand the importance of an explorative yet focused approach to information for life-long learning and engagement in industry-standard best practices.

Course Model

This bachelor's degree is a full-time programme of study, based on a 40-hour per week study schedule. The degree consists of six semesters which are delivered over three academic years (each of a 10-month duration), with each year providing 60 ECTS of educational material and qualification. This results in a 30 ECTS workload per semester and total of 180 ECTS for the full bachelor’s degree, which equates to 1,500-1,800 hours of work. Each year the programmes and their courses are reviewed to ensure the degree continues to be appropriate for this fast-developing field. Some courses may span semesters and the credit value is only awarded in the semester they are completed. The courses that comprise this degree are therefore subject to minor changes each academic year.

BDASM - Digital Assurance and Security Management H24

Elective Courses: The elective courses in this degree programme aim to provide students with a focus on one of three paths. In essence, the electives provide a form of specialisation knowledge situated within the mentioned path.
The first path aims to assess cloud challenges and risks, recommend corresponding measures and controls to mitigate these, and address governance and compliance issues.
The second path aims to consolidate the knowledge needed to audit, control, monitor and assess an organization’s business systems and IT environments.
Lastly, the third path aims to use risk management techniques, and to understand and manage organisational IT risks. To impart the technical knowledge to implement and maintain information system (IS) controls in order to reduce organisational IT risks.

Course	Course type	2024 Autumn	2025 Spring	2025 Autumn	2026 Spring	2026 Autumn	2027 Spring
UC1AS105 Academic Skills 1	Shared	5
UC1ITF05 IT Fundamentals	Core	5
UC1PR110 Introduction to Programming	Shared	10
UC1BAN10 Business Analytics	Core	10
UC1PR210 Programming and Databases	Shared		10
UC1IBP10 Introduction to Business Processes	Core		10
UC1ISG05 Information Security and Governance	Core		5
UC1FOA05 Foundations of Accounting	Core		5
UC2MAC05 Management Accounting	Core			5
UC2IRM10 IT Risk Management	Core			10
UC2IAP10 IT Audit Principles	Core			10
UC2RCO05 Regulatory Compliance	Core				5
UC2GRC10 IT Governance, Risk, and Compliance 1	Core				10
UC2IAR10 IT Architecture	Core				10
UC2APR10 IT Audit Practice	Core				10
UC3BIN10 Business Intelligence	Core					10
UC3IOM10 IT Operational Management	Core					10
UC3GRC10 IT Governance, Risk and Compliance 2	Core					10
Elective Courses							10
UC3ECE10 Audit and Assurance of Cloud Environments	Elective Course						10
UC3EIA10 Information Systems Auditing and Assurance	Elective Course						10
UC3EIC10 Information Systems Control	Elective Course						10
UC3BAS20 Bachelor Project	Spesialism						20
Sum (180 total)		30	30	25	35	30	30

Programme Learning Outcomes

A Programme Learning Outcome (PLO) is essentially a statement that describes what the student has achieved upon successfully completing the degree. Each course description has its own set of learning outcomes, which contribute to the achievement of Programme Learning Outcomes. The PLOs for this degree are based on the Norwegian Qualifications Framework for Lifelong Learning (NQF) at bachelor level. The NQF levels are formulated on the basis of what a person know, can do and is capable of doing as a result of a learning process. The outcomes of the completed learning process are described in the categories: “knowledge”, “skills” and “general competences”.

Knowledge: Understanding of theories, facts, principles, procedures in subject areas and/or occupations.
Skills: Ability to utilise knowledge to solve problems or tasks (cognitive, practical, creative and communication skills.
General Competence: Ability to utilise knowledge and skills in an independent manner in different situations.

Students who are awarded a Bachelor in Digital Assurance and Security Management have attained:

Knowledge

The candidate …

K1	has broad knowledge of important theories, processes and methods within Information Technology Assurance and related fields.
K2	has broad knowledge of complex digital environments and the problems these environments pose to risk-, assurance-, and compliance management.
K3	has broad knowledge of important concepts, principles and methods that apply to risk analysis and mitigation in complex digital environments.
K4	is familiar with current and emerging research and development work within Information Security and Assurance.
K5	can update their knowledge of national and international regulatory frameworks and compliance to relevant frameworks.
K6	has knowledge of organisational values and ethics required by corporate governance principles to achieve organisational goals.

Skills

The candidate …

S1	can apply knowledge, relevant research and current developments for IT audits and assurance processes and consulting to solve problems in a diverse business environment.
S2	can apply knowledge and emerging developments to calculate and quantify risks and recommend appropriate risk mitigation to solve business problems.
S3	can reflect upon their own practice using a risk-based approach to planning, executing and reporting on assurance engagements.
S4	masters relevant tools and techniques to conduct and manage IT assurance activities.
S5	masters relevant tools, techniques and communication methods to conduct interviews and take structured notes in assurance processes.

General Competence

The candidate …

G1	has insight into relevant academic and professional issues relating to computing, ethics and socio-culture in Assurance and Compliance within Information Security.
G2	can plan, carry out and manage IT assurance activities and projects over time, alone or as part of a group, in accordance with relevant legal and ethical requirements and principles.
G3	can communicate important concepts, processes, problems and solutions professionally, both in writing and orally, to selected stakeholders using appropriate theories and methods.
G4	can communicate in a clear and concise to present arguments both rationally and logically using acceptable academic referencing.
G5	can exchange opinions, experiences and ideas with peers and professionals within Information Security and Assurance, thereby contributing to good development practices.
G6	is familiar with current and evolving processes and emerging technologies within Information and Communication Technology and Information Security.

Teaching and Learning

Learning Activities

All studies use a variety of teaching and learning activities to encourage students to actively explore and apply new knowledge, along with developing skills and competencies. Each course will incorporate a range of teaching and learning methods according to which are most appropriate for that course – determined through a process of constructive alignment. The primary aim of these methods is to support the students’ learning process and facilitate the achievement of the learning outcomes. The applicable teaching and learning methods include, but are not limited to, the following:

Teacher-Led Activities (TLA)
Lectures and video lectures Online lessons Tutorials	Seminars Presentations

Teacher-Supported Work (TSW)
Practical Work Workshops	Scheduled guidance Group work

Self-Study (SST)
Research Reflection	Group work (Individual) Virtual Laboratory Work

Learning Resources

Key information for the degree is delivered in lectures, normally in one of the Campus auditoriums and as a live stream. Tutorials and supported study are delivered through laboratory-based sessions. All educational material is accessible through the LMS, which forms part of the Virtual Learning Environment (VLE), illustrated in Figure 1.

The LMS provides a central location for the distribution of all educational content and learning resources related to all courses throughout the study:

Programme Description
Course Descriptions
Lecture slides
Recorded lectures
Reading lists

Student Handbook
Tutorial exercises
Supplementary notes
Self-study material

The dates and times for all educational sessions for every course, including lectures and tutorials, can be found in the online timetabling system (TimeEdit).

Study Workload

The student workload has been carefully considered for each course to include an appropriate combination of activities suitable for the subject area.

Information and details about a specific course can be found in the respective Course Description. However, each course comprises a selection of lectures, tutorials, and other appropriate sessions. These are timetabled based on a full-time study schedule of 08:00 to 16:00, Monday to Friday.

At the start of each academic year, a Study Schedule is published and made accessible. It contains the planned start and end dates for all courses in the degree. The schedule also includes dedicated study time to work on projects and extra-curricular sessions, including seminars, workshops, and guest speakers from industry. If the schedule is updated, students are promptly informed.

Reading List

Literature

Hall, J.A. (2015). Information Technology Auditing (4th Edition). Cengage Learning.
ISACA. (2021). CRISC Review Manual (7 edition). USA: ISACA.
ISACA. (2016). CISM Review Manual (15 edition). USA: ISACA.
ISACA. (2019). CISA Review Manual (27 edition). USA: ISACA.
ISACA. (2020). CGEIT Review Manual (8 edition). USA: ISACA.
Piper, M. (2013). Accounting Made Simple: Accounting Explained in 100 Pages Or Less.
Zelle, J. (2019). Python Programming: An introduction to Computer Science (3rd edition)

Best Practices and Standards

ISO 19600 & ISO37301 (newest replacement)
ISO 27000 Series
ISO 31000 & 31010
ISO 15704:2019
ISO 38500:2015
Risk IT Framework, 2nd Edition (ISACA)
COBIT 2019 Framework, Governance and Management Objectives
IT Audit Framework (ITAF™): A Professional Practices Framework for IT Audit, 4th Edition (ISACA)

Assessment

Grading of Assessments

Each course in the study comprises of several graded (summative) assessments, where students can demonstrate their achievements and abilities. Information about assessments for each course is provided via the course pages on the LMS. When assessments are released, students are encouraged to always read through the instructions fully and carefully, to ensure the greatest chance of success. If anything is unclear, please contact the relevant Course Leader as soon as possible.

A course is successfully completed once the student has obtained a passing grade for that course. Every assessment has a specific completion deadline comprising a date and time. Work can be submitted any time up to the stated deadline. Students must be able to clearly demonstrate the extent to which they have met the learning outcomes of that course in order to pass. Students will encounter a variety of assessments, which may be used for formative and summative purposes, to ensure that students meet or exceeded the PLOs.

Specific assessment strategies for each course, and instructions for submitting course work, are detailed in the LMS course pages. Please see the regulations available on www.noroff.no/en.

Assessment
Formative	Continuous Assessment Online Test Interactive Online Test
Summative	Presentation of Practical Work Portfolio of Work Projects Online Exams Reports Term Paper Oral Test

Grading Scale

Both formative and summative results may be assessed as Approved / Not approved, Pass / Fail or A-F.
Assessments are graded according to the standard university grading scale, illustrated in the table below.

Grade Letter	Quality Indicator	Definition
A	Excellent	An excellent performance, clearly outstanding. Shows a high degree of independence.
B	Very good	A very good performance, above average. Shows a certain degree of independence.
C	Good	An average performance, satisfactory in most areas.
D	Satisfactory	A performance below average, with significant shortcomings.
E	Sufficient	A performance that meets the minimum criteria, but no more.
F	Fail	A performance that does not meet the minimum criteria.

Entry Requirements

For general admission it is required to document the following criteria as passed:

Higher Education Entrance Qualification, and
Candidates must be able to document proficiency in the English language.
Language requirements by Samordna Opptak

For admission on basis of prior learning and work experience:
Admission based on prior experience requires a written application for evaluation. Applicable candidates must be at least 25 years of age in the year of admission.

For candidates with foreign education the requirements for Higher Education are:

The country must be recognized by NOKUT, specified in the GSU-list.
Candidates must be able to document proficiency in the English language.
Language requirements by Samordna Opptak

For further information, please see the admission requirements: https://www.noroff.no/en/admission/admission-requirements

Campus and Online Study

All students follow the same progression according to their education plan, irrespective of whether they study online or on campus. All students study the courses at the same time, with the same delivery and workload, following identical assessment strategies for every course. At the study level no distinction is therefore made between campus and online students. All students are required to engage in live education sessions (such as lectures) and undertake all required educational activities.

Students are encouraged to interact with each other via online forums and chat systems, enabling discussions to take place involving both online and campus students. Each student cohort is therefore a single learning community, concurrently engaging in all educational activities irrespective of actual physical location. Throughout all educational sessions course staff actively encourage participation from campus and online students simultaneously, and do not focus solely on those who are physically present.

This tight integration of campus and online ensures students will be part of a cohesive learning community throughout their study. As a result, this also means that should students personal situations change during their studies, and they must change their mode of study from online to campus (or vice versa) this can be done with little to no disruption to their studies

Opportunities for Further Studies

The subject material will enable graduates to go on to postgraduate study, for example:

M Management and Innovation (Høyskolen Kristiania)
M Informasjonssystemer (UiA)
M Information Security (NTNU)
M Cyber Security (Teesside University)

Undertaking some period of study at an international educational institution can result in many benefits to those who take part, including:

Language and general competence in the destination country and culture
Development of personal and professional networks in other parts of the world
Personal growth and holistic development.

All students are eligible to apply to undertake a period of study at an international university. All international study opportunities are subject to the application processes and admissions requirements of the international institution, in addition to an evaluation of the suitability of the proposed study exchange within the students’ study at NUC. Full details of international study opportunities and the application process is available to all students within the LMS.

Possible Professions

This degree aims to provide specialists in the cyber domain with a strong foundation in assurance, and it will challenge individuals to develop a scientific, rigorous approach to their work. Graduates must not only understand business security needs examined, but also be able to ensure these security solutions are implemented correctly and are in fact adequate to mitigate the risks the organisation faces in the given context. The graduate is also enabled to fulfil a number of distinct employment titles, such as the following:

Information Assurance Professional
Information Security Auditor
Information Security Analyst
Risk and Compliance Officer
Information Security Manager
Cloud Security Analyst

Accredited

June, 2023