Skip to main content

Security Operations CenterLaajuus (5 cr)

Code: TT00CE12

Credits

5 op

Teaching language

  • English
  • Finnish

Responsible person

  • Heikki Järvinen

Objective

The student controls the most important aspects related to the functionality of cyber security centers (Security Operations Center): organizational models, functionalities and technical environments. The student understands the process of deviation management in cyber security centers and utilizes the tools used in the analysis and management of deviations. The student can communicate about the progress of the deviation management process within the team and report on it to target groups. The student knows how to extract cyber threat information (Indicator of Compromise, IoC) from a report and use a tool for sharing cyber threat information. In addition, he knows how to use cyber threat information to investigate anomalies. The student knows how to produce cyber threat information about deviations handled by the cyber security center.

EUR-ACE Knowledge and understanding
The student masters the most central aspects related to the functionality of cyber security centers: organizational models, functionalities, processes, and technical environments. The student knows the types of cyber threat information and what they are used for.

EUR-ACE Engineering practice
The student knows how to work in the cyber security center as part of the process and use tools to investigate deviations. In addition, the student can extract threat information from reports and investigated deviations. The student knows how to use them to find out deviations. He also knows how to use a tool for sharing cyber threat information.

EUR-ACE Communication and team-working
The student can tell about the deviation management situation within the cyber security center and report the situation to outsiders. In addition, the student knows how to convey essential threat information within the cyber security center and to convey new information to outsiders.

Content

In this course, you will learn the key aspects of Security Operations Center (SOC) functionalities, including organizational models, operations, and technical environments. You will understand the incident management process and use the necessary tools for analysis and management. You will learn to communicate the progress of incident management within the team and report to relevant stakeholders. Additionally, you will be able to extract and utilize threat intelligence (Indicators of Compromise, IoCs) in incident resolution and use tools designed for sharing threat intelligence.

The purpose and nature of cyber security centers
Deviation management process
Technical tools for handling anomalies and cyber threat information
Principles, types and usability of cyber threat information in the operation of cyber security centers

Qualifications

Cyber security
Information security technologies

Assessment criteria, satisfactory (1)

Sufficient (1)
The student knows and understands the basic concepts of cyber security centers and related theory and processes. The student knows how to use the tools of cyber security centers with assistance. The student knows how to use communication and reporting tools in a controlled manner. The student knows how to communicate issues related to anomaly management and cyber threat information.

Satisfactory (2)
The student knows and understands the basic concepts of cyber security centers and the related theory and processes. The student knows how to use the tools of cyber security centers in a guided manner. The student knows how to use communication and reporting tools. The student knows how to communicate issues related to anomaly management and cyber threat information.

Assessment criteria, good (3)

Good (3)
The student knows and understands the basic concepts of cyber security centers and the related theory and processes in a versatile way. The student knows how to use the tools of cyber security centers. The student knows how to use communication and reporting tools in accordance with the instructions. The student can communicate essential issues related to anomaly management and cyber threat information.

Very good (4)
The student knows and understands the concepts of cyber security centers and the related theory and processes in a versatile way. The student knows how to use the tools of cyber security centers in an advanced manner. The student knows how to use communication and reporting tools in accordance with the instructions. The student can communicate essential issues related to anomaly management and cyber threat information.

Assessment criteria, excellent (5)

Excellent (5)
The student knows and understands the concepts of cyber security centers and the related theory and processes excellently. The student knows how to use and select suitable cyber security center tools in an advanced manner and is able to use new tools independently. The student knows how to use communication and reporting tools in accordance with the instructions. The student knows how to clearly communicate essential issues related to anomaly management and cyber threat information.