ITPE3100 Computer Security Course description

Det benyttes to interne sensorer (YF/PF). Tilsynssensor evaluerer vurderingsformer og vurderingsprosesser i studieprogrammet.

The course builds on the courses Programming Software Engineering and Operating Systems.

Yrkesfag (YF) og profesjonsfag (PF):

• Administrasjon og økonomi (YF)
• Markedsføring og salg (YF)
• Sikkerhet og transport (YF)
• Yrkesfaglig fordypning (YF)
• Internkontroll (helse, miljø og sikkerhet), dokumentasjon og kvalitetssikring innen yrker og programområder (YF)
• Historisk og teknologisk utvikling innen eget yrke (YF)
• Utvikling og identitet (YF/PF)
• Samarbeid og veiledning (YF/PF)
• Spesialpedagogikk og betingelser for læring (PF
• Læringsmiljø i skole og arbeidsliv og premisser for dette (YF/PF)
• Ledelse i skole og arbeidsplass med perspektiv på opplæring (YF/PF)
• Miljøkonsekvenser av yrkesutøvelse, og bærekraftig utvikling (YF/PF)
• Systemforståelse og ta utgangspunkt i helhetlige systemer (YF/PF)
• Utdanningsorganisasjoner, samt lover, forskrifter, læreplaner og andre styringsdokumenter fra myndigheter og skolen som organisasjon (PF)
• Differensiering, tilpasset opplæring og sosialpedagogiske perspektiver (PF)
• Særskilt tilrettelagt opplæring, spesialpedagogikk og individuelle opplæringsplaner (PF)

After completing the course, the student is expected to have achieved the following learning outcomes defined in terms of knowledge, skills and general competence:

Knowledge

The student will be able to:

• know the basic security principles of confidentiality, integrity and availability
• identify common vulnerabilities, threats, threat agents, risks, and attack vectors
• know the basics of cryptography and how it is used to protect data at rest and in transit
• have knowledge of the protocols and standards related to modern cryptography
• understand the different forms of authentication methods that can be utilized
• explain the different types of access control models that can be used to safeguard information security
• describe the protocols and standards related to identity, authentication and authorization.
• understand the importance of controlling the flow of information in and out of the enterprise network and between security zones
• have knowledge of mechanism for detecting anomalies and incidents early to detect and handle attacks.
• understand the concept of Secure Software Development and Privacy by Design
• Have knowledge of OWASP top 10 software security risk
• have knowledge how to secure web applications and Application Programming Interface (API)

Skills

The student will be able to:

• utilize security tools for encryption and signing
• utilize programs to identify and detect vulnerabilities
• enforce the principle of least privilege in services and other resources by using the Identity and Access Management System
• scan and keep track of hardware and network equipment connected to enterprise networks using security tools
• filter and control the traffic between the various security zones in the business and towards the internet by using a firewall technology.
• detect and manage data attacks using Intrusion Detection and Prevention Systems (IDS / IPS)
• apply the concept of secure software development with built-in privacy
• develop secure web applications by utilizing standardized methods and protocols

General competence

The student is capable of:

• discussing and communicating issues related to security principles confidentiality, integrity and accessibility
• comparing, assessing and providing recommendations on the use and procurement of security solutions

Lectures and work on practical assignments.

None.

Individual written exam, 3 hours.

The exam result can be appealed.

None.

Grade scale A-F.

One internal examiner. External examiners are used regularly.

Emnet er ekvivalent (overlapper 10 studiepoeng) med: LO147A, LO147D, LO147I og LO116A.

Ved praktisering av 3-gangers regelen for oppmelding til eksamen teller forsøk brukt i ekvivalente emner.