ACIT4290 Practical cybersecurity Emneplan

This course will teach theoretical and in-depth practical skills in operative cybersecurity. It addresses security testing and defensive as well as offensive techniques in securing networked information systems against security threats. You will learn about the legal background and limitations of such activities, about professional ethics in cybersecurity, learn about information collection (reconnaissance), practical vulnerability testing and intrusion detection and participate in exercises such as capture-the-flag and red-blue-teaming, and you will learn to use tools for practical cybersecurity work.

ACIT4280 Privacy by Design

ACIT4050 Applied Computer and Networks Security

No formal requirements over and above the admission requirements.

After completing this course, the students have the following learning outcomes, defined in terms of knowledge, skills and general competence:

Knowledge

On successful completion of this course the student has:

• an understanding of the theoretical foundations of operative cybersecurity

• knowledge of offensive and defensive cybersecurity measures
• awareness of reference databases for vulnerabilities, exploits and information security advisories
• knowledge of professional ethics in cybersecurity and penetration testing
• knowledge of legal limitations for cybersecurity activities
• familiarity with international, national and sectorial crisis response and cybersecurity authorities

Skills

On successful completion of this course the student can:

• gather information (reconnaissance) about target systems and target organizations, identify vulnerabilities and choose targets for penetration testing
• run penetration testing with practical attacks against systems, software and users
• detect and identify intrusion to systems and execute countermeasures

• retrieve current intelligence about vulnerabilities, security patches and attack methods
• distinguish risk-based approach to cybersecurity operations from ad hoc cybersecurity operations
• configure intrusion detection or endpoint detection and response (EDR) agents
• configure and collect logs
• detect and monitor intrusions
• recover and secure evidence from log files and other resources for analysis of events
• find, exploit and mitigate vulnerabilities in networked information systems.

General competence

On successful completion of this course the student can:

• organize cybersecurity operations

• use relevant tools for cybersecurity operations
• use relevant tools for passive and active cybersecurity operations
• apply their knowledge of general incident management

• Online course material for preparatory reading (flipped classroom approach)
• Lectures
• Group tutorials with live demonstrations
• Group exercises applying tools and techniques for attack, testing and defense
• Home assignments (written and practical, e.g. attacking or securing virtual machines)

• Blue-Red-team competitions in defender and attacker roles

The following required coursework must be approved before the student can take the exam:

• Five assignments composed of the following: search for information, find vulnerabilities in virtual servers, scan/attack virtual machines, find attack patterns, competitive exercises (capture the flag, red-blue-teaming). Assignments may need presence or collaboration with other students on campus.
• Participation in a round of hacking or defense-attack competition and a written report based on the activity

An individual written portfolio consisting of five assignments based on activities undertaken in the course. Each of the assignments has a word limit of 1000 words (+/- 10%), or 7 minutes (+/- 1 minute) for video or audio submissions.

The portfolio is assessed as a whole and given one single grade, but all assignments must be passed in order for the portfolio to receive a grade E or higher.

All assignments in the portfolio must be written in either English or a Scandinavian language.

The exam can be appealed.

All aids are permitted, provided the rules for plagiarism and source referencing are complied with.

A-F

Two internal examiners. External examiners are used regularly.

Lothar Fritsch