Cyber Security Implementation in PracticeLaajuus (5 cr)

Objective

The students learn how to harden a technical environment before a cyber incident has happened. Different technical controls are learnt to minimize the risk of a future cyber incident. Students learn how to utilize information related to cyber threats, e.g. Indicators of Compromise, to further enhance the security of their technical environment.

Main topics are updated each year, but mainly they correlate and draw inspiration from e.g. CIS Critical Security Controls and other related public recommendations. The students learn to implement these technical controls based on the recommendations.

Course Competences
EUR-ACE: Engineering Design, Master's Degree
EUR-ACE: Engineering Analysis, Master's Degree
EUR-ACE: Engineering Practice, Master's Degree

Content

The key topics of the course are:

- Cyber Threats
- Malware Defences
- Asset Inventory and Management
- Hardening Operating System and Network Devices
- User authentication & authorization
- Boundary Defence
- Maintenance, monitoring and analysis of security audit logs
- Cyber Security Incident Handling
- Defence Strategies & Tactics

Qualifications

Recommended: Modern Management of IT

Assessment criteria, satisfactory (1)

Sufficient 1: The student demonstrates sufficient mastery of the practical implementations of cyber security and is able to analyze an enterprises existing state of implementations concerning cyber security. The student has satisfactory understanding of an enterprises technical cyber threats and risks that are formulated related to context. The student is able to design a satisfactory technical implementation to control cyber security based on given requirement definition. The student reflects on his (her) own learning sufficiently.

Satisfactory 2: The student demonstrates satisfactory mastery of the practical implementations of cyber security and is able to analyze an enterprises existing state of implementations concerning cyber security. The student understands an enterprises technical cyber threats and risks that are formulated related to context. The student is able to design a satisfactory technical implementation to control cyber security based on given requirement definition. The student reflects on his (her) own learning.

Assessment criteria, good (3)

Good 3: The student demonstrates good mastery of the practical implementations of cyber security and is able to analyze an enterprises existing state of implementations concerning cyber security. The student understands well an enterprises the technical cyber threats and risks that are formulated related to context. The student is able to design a technical implementation to control cyber security based on given requirement definition. The student reflects on his (her) own learning well.

Very Good 4: The student demonstrates very good mastery of the practical implementations of cyber security and is able to analyze an enterprises existing state of implementations concerning cyber security. The student understands very well an enterprises technical cyber threats and risks that are formulated related to context. The student is able to design a good technical implementation to control cyber security based on given requirement definition. The student reflects on his (her) own learning very well.

Assessment criteria, excellent (5)

Excellent 5: The student demonstrates excellent mastery of the practical implementations of cyber security and is able to analyze an enterprises existing state of implementations concerning cyber security. The student understands excellently enterprises technical cyber threats and risks that are formulated related to context. The student is able to design an excellent technical implementation to control cyber security based on given requirement definition. The student reflects on his (her) own learning commendably.