One-year Programme: Assurance in Cybersecurity Management

Start semesters

2025 Autumn

One-year Programme: Assurance in Cybersecurity Management

Study Facts
- Area of Study
  Computing
- ECTS
  60
- NQF Level
  Bachelor's degree (Level 6 1. Cycle)
- Campus
  OnlinePLUS - Bergen, OnlinePLUS - Oslo, Online
- Study Mode
  OnlinePLUS, Full-time, Online
- Entry Requirements
  Entry Requirements
- Study Programme Leader
  Piet Delport

Introduction

Noroff University College (NUC) specialises in digital technology education, offering industry-relevant programmes that address modern security challenges. The one-year programme in Assurance in Cybersecurity Management provides students with a solid foundation in IT risk management, compliance frameworks, auditing processes, and information & cybersecurity.

In today’s digital landscape, businesses, governments, and organisations must secure systems, protect sensitive data, and ensure regulatory compliance. Effective IT governance goes beyond technology—it involves risk management, operational resilience, and maintaining trust in digital infrastructure. As cyber threats evolve, organisations need professionals who can identify, assess, and mitigate security risks while aligning IT operations with business goals.

This 60 ECTS programme equips students with essential knowledge in cybersecurity assurance, security governance, and regulatory compliance. Designed for those interested in the intersection of business, cybersecurity, and risk management, it serves as a stepping stone to further studies in cybersecurity management, auditing, and compliance.

Aims of the Degree Programme

This study aims to introduce students to the principles of IT governance, risk assessment, compliance, and information & cybersecurity assurance. Graduates will gain a fundamental understanding of how businesses manage digital security risks and ensure compliance with regulatory frameworks. The key areas of study include:

IT Fundamentals – Understanding how IT systems operate and their role in businesses and information security.
IT Risk Management – Learning how to assess and mitigate risks associated with IT systems, digital operations, and information assets.
IT Auditing Principles and Practice – Understanding auditing processes and the role of IT governance in securing organisations.
Business Processes and Financial Foundations – Examining how financial and operational risks impact digital security.
Regulatory Compliance – Learning about legal frameworks and industry standards that govern information security management.
Information Security and Governance – Understanding how businesses enforce security policies and manage related risks.

Course Model

This programme is a full-time study, based on a 40-hour per week study schedule. The study consists of two semesters which are delivered over 1 academic year (of a 10-month duration), providing 60 ECTS of educational material and qualification. This results in a 30 ECTS workload per semester, which equates to 1,500-1,800 hours of work. Each year the programmes and their courses are reviewed to ensure the degree continues to be appropriate for this fast-developing field. Some courses may span semesters and the credit value is only awarded in the semester they are completed. The courses that comprise this programme are therefore subject to minor changes each academic year.

YACSM - Assurance in Cybersecurity Management H25

Course	Course type	2025 Autumn	2026 Spring
UC1ITF05 IT Fundamentals	Core	5
UC1IBP10 Introduction to Business Processes	Core		10
UC1ISG05 Information Security and Governance	Core	5
UC1FOA05 Foundations of Accounting	Core		5
UC2IRM10 IT Risk Management	Core	10
UC2IAP10 IT Audit Principles	Core	10
UC2RCO05 Regulatory Compliance	Core		5
UC2APR10 IT Audit Practice	Core		10
Sum (60 total)		30	30

Programme Learning Outcomes

A Programme Learning Outcome (PLO) is essentially a statement that describes what the student has achieved upon successfully completing the study. Each course description has its own set of learning outcomes, which contribute to the achievement of Programme Learning Outcomes. The PLOs for this programme are based on the Norwegian Qualifications Framework for Lifelong Learning (NQF) at bachelor level. The NQF levels are formulated on the basis of what a person knows, can do and is capable of doing as a result of a learning process. The outcomes of the completed learning process are described in the categories: “knowledge”, “skills” and “general competences”.

Knowledge: Understanding of theories, facts, principles, procedures in subject areas and/or occupations.
Skills: Ability to utilise knowledge to solve problems or tasks (cognitive, practical, creative and communication skills.
General Competence: Ability to utilise knowledge and skills in an independent manner in different situations.

Students who complete the programme will attain a transcript confirming their results and are intended to acheive the following:

Knowledge

The candidate …

K1	can describe IT risk management principles and how they help organisations assess and mitigate security threats.
K2	can explain IT audit principles and the role of auditing in enforcing security and compliance..
K3	understands information security governance frameworks and how organisations establish security policies.
K4	can identify key regulatory compliance requirements and their impact on IT and business operations.

Skills

The candidate …

S1	can assess and manage IT risks, applying risk management frameworks to business and IT systems.
S2	can apply IT audit techniques to evaluate system security, data integrity, and compliance with industry standards.
S3	can evaluate the effectiveness of information security policies and governance strategies in protecting organisational assets.

General Competence

The candidate …

G1	demonstrates a structured approach to problem-solving and decision-making in information & cybersecurity management and governance.
G2	can work independently and collaboratively in IT governance, audit, and risk assessment tasks.
G3	understand the role of business and IT alignment in ensuring security, compliance, and risk mitigation.

Teaching and Learning

Learning Activities

All studies use a variety of teaching and learning activities to encourage students to actively explore and apply new knowledge, along with developing skills and competencies. Each course will incorporate a range of teaching and learning methods according to which are most appropriate for that course – determined through a process of constructive alignment. The primary aim of these methods is to support the students’ learning process and facilitate the achievement of the learning outcomes. The applicable teaching and learning methods include, but are not limited to, the following:

Teacher-Led Activities (TLA)
Lectures and video lectures Online lessons Tutorials	Seminars Presentations

Teacher-Supported Work (TSW)
Practical Work Workshops	Scheduled guidance Group work

Self-Study (SST)
Research Reflection	Group work (Individual) Virtual Laboratory Work

Learning Resources

Key information for the degree is delivered asynchronously through pre-recorded lectures and supported learning activities, which is made available on a defined schedule as per the LMS. Synchronous touch-points as a form of supported study are delivered through live laboratory-based sessions. All educational material is accessible through the LMS, which forms part of the Virtual Learning Environment (VLE), illustrated in Figure 1.

The LMS provides a central location for the distribution of all educational content and learning resources related to all courses throughout the study:

Programme Description
Course Descriptions
Lecture slides
Recorded lectures
Reading lists

Student Handbook
Tutorial exercises
Supplementary notes
Self-study material

The dates and times for all educational sessions for every course, including lectures and tutorials, can be found on the LMS.

Study Workload

The student workload has been carefully considered for each course to include an appropriate combination of activities suitable for the subject area.

Information and details about a specific course can be found in the respective Course Description. However, each course comprises a selection of lectures, tutorials, and other appropriate sessions.

At the start of each academic year, a Study Schedule is published and made accessible. It contains the planned start and end dates for all courses in the degree. The schedule also includes dedicated study time to work on projects and extra-curricular sessions, including seminars, workshops, and guest speakers from industry. If the schedule is updated, students are promptly informed.

Reading List

Literature

Hall, J.A. (2015). Information Technology Auditing (4th Edition). Cengage Learning.
ISACA. (2021). CRISC Review Manual (7 edition). USA: ISACA.
ISACA. (2016). CISM Review Manual (15 edition). USA: ISACA.
ISACA. (2019). CISA Review Manual (27 edition). USA: ISACA.
ISACA. (2020). CGEIT Review Manual (8 edition). USA: ISACA.
Piper, M. (2013). Accounting Made Simple: Accounting Explained in 100 Pages Or Less.
Zelle, J. (2019). Python Programming: An introduction to Computer Science (3rd edition)

Best Practices and Standards

ISO 19600 & ISO37301 (newest replacement)
ISO 27000 Series
ISO 31000 & 31010
ISO 15704:2019
ISO 38500:2015
Risk IT Framework, 2nd Edition (ISACA)
COBIT 2019 Framework, Governance and Management Objectives
IT Audit Framework (ITAF™): A Professional Practices Framework for IT Audit, 4th Edition (ISACA)

Assessment

Grading of Assessments

Each course in the study comprises of several graded (summative) assessments, where students can demonstrate their achievements and abilities. Information about assessments for each course is provided via the course pages on the LMS. When assessments are released, students are encouraged to always read through the instructions fully and carefully, to ensure the greatest chance of success. If anything is unclear, please contact the relevant Course Leader as soon as possible.

A course is successfully completed once the student has obtained a passing grade for that course. Every assessment has a specific completion deadline comprising a date and time. Work can be submitted any time up to the stated deadline. Students must be able to clearly demonstrate the extent to which they have met the learning outcomes of that course in order to pass. Students will encounter a variety of assessments, which may be used for formative and summative purposes, to ensure that students meet or exceeded the PLOs.

Specific assessment strategies for each course, and instructions for submitting course work, are detailed in the LMS course pages. Please see the regulations available on www.noroff.no/en.

Assessment
Formative	Continuous Assessment Online Test Interactive Online Test
Summative	Presentation of Practical Work Portfolio of Work Projects Online Exams Reports Term Paper Oral Test

Grading Scale

Both formative and summative results may be assessed as Approved / Not approved, Pass / Fail or A-F.
Assessments are graded according to the standard university grading scale, illustrated in the table below.

Grade Letter	Quality Indicator	Definition
A	Excellent	An excellent performance, clearly outstanding. Shows a high degree of independence.
B	Very good	A very good performance, above average. Shows a certain degree of independence.
C	Good	An average performance, satisfactory in most areas.
D	Satisfactory	A performance below average, with significant shortcomings.
E	Sufficient	A performance that meets the minimum criteria, but no more.
F	Fail	A performance that does not meet the minimum criteria.

Entry Requirements

For general admission it is required to document the following criteria as passed:

Higher Education Entrance Qualification, and
Candidates must be able to document proficiency in the English language.
Language requirements by Samordna Opptak

For admission on basis of prior learning and work experience:
Admission based on prior experience requires a written application for evaluation. Applicable candidates must be at least 25 years of age in the year of admission.

For candidates with foreign education the requirements for Higher Education are:

The country must be recognized by NOKUT, specified in the GSU-list.
Candidates must be able to document proficiency in the English language.
Language requirements by Samordna Opptak

For further information, please see the admission requirements: https://www.noroff.no/en/admission/admission-requirements

Opportunities for Further Studies

The subject material will enable graduates to go on to continue studying at Noroff University College B Digital Assurance and Security Management.

Possible Professions

This study aims to provide specialists in the cyber domain with a strong foundation in assurance, and it will challenge individuals to develop a scientific, rigorous approach to their work. Whilst a complete bachelor degree is not achieved, study will develop skills in students that are beneficial for work in areas such as:

Information Assurance Professional
Information Security Auditor
Information Security Analyst
Risk and Compliance Officer
Information Security Manager