Skip to main content

Cyber Security Implementation in PracticeLaajuus (5 cr)

Code: YTCP0210

Credits

5 op

Teaching language

  • English

Responsible person

  • Heli Ciszek, IT-instituutti

Objective

The course concentrates on hardening a technical environment before a cyber incident has happened. Students focus on these technical controls how they actively prevent a cyber incident with group work and personal assignments. If the prevention isn’t sufficient the incident handling is also investigated and reported by Indicators of Compromise.
Main topics are updated each year, but mainly they correlate and draw inspiration from e.g. CIS Critical Security Controls and other related public recommendations. The students learn to implement these technical controls and test/audit them on the next course "Auditing and Testing Technical Security".

Course Competences
EUR-ACE: Engineering Design, Master's Degree
EUR-ACE: Engineering Analysis, Master's Degree
EUR-ACE: Engineering Practice, Master's Degree

Content

The key topics of the course are:
- Cyber Threats
- Malware Defences
- Asset Inventory and Management
- Hardening Operating System and Network Devices
- Situational Awareness
- User authentication & authorization
- Boundary Defence
- Maintenance, monitoring and analysis of security audit logs
- Defence Strategies & Tactics
- Red Teaming
- Cyber Security Incident Handling
- Conducting personal hands-on implementation and research of security controls
- Conducting group implementations of security controls to an enterprise

Assessment criteria, satisfactory (1)

Sufficient 1: The student demonstrates sufficient mastery of the practical implementations of cyber security and is able to analyze an enterprises existing state of implementations concerning cyber security. The student has satisfactory understanding of an enterprises technical cyber threats and risks that are formulated related to context. The student is able to design a satisfactory technical implementation to control cyber security based on given requirement definition. The student reflects on his (her) own learning sufficiently.

Satisfactory 2: The student demonstrates satisfactory mastery of the practical implementations of cyber security and is able to analyze an enterprises existing state of implementations concerning cyber security. The student understands an enterprises technical cyber threats and risks that are formulated related to context. The student is able to design a satisfactory technical implementation to control cyber security based on given requirement definition. The student reflects on his (her) own learning.

Assessment criteria, good (3)

Good 3: The student demonstrates good mastery of the practical implementations of cyber security and is able to analyze an enterprises existing state of implementations concerning cyber security. The student understands well an enterprises the technical cyber threats and risks that are formulated related to context. The student is able to design a technical implementation to control cyber security based on given requirement definition. The student reflects on his (her) own learning well.

Very Good 4: The student demonstrates very good mastery of the practical implementations of cyber security and is able to analyze an enterprises existing state of implementations concerning cyber security. The student understands very well an enterprises technical cyber threats and risks that are formulated related to context. The student is able to design a good technical implementation to control cyber security based on given requirement definition. The student reflects on his (her) own learning very well.

Assessment criteria, excellent (5)

Excellent 5: The student demonstrates excellent mastery of the practical implementations of cyber security and is able to analyze an enterprises existing state of implementations concerning cyber security. The student understands excellently enterprises technical cyber threats and risks that are formulated related to context. The student is able to design an excellent technical implementation to control cyber security based on given requirement definition. The student reflects on his (her) own learning commendably.

Enrollment

20.11.2023 - 04.01.2024

Timing

08.01.2024 - 30.04.2024

Number of ECTS credits allocated

5 op

Mode of delivery

Face-to-face

Unit

School of Technology

Teaching languages
  • English
Seats

20 - 35

Degree programmes
  • Master's Degree Programme in Information Technology, Cyber Security
Teachers
  • Pasi Hyytiäinen
Groups
  • YTC23S1
    Master of Engineering, Degree Programme in Cyber Security

Objectives

The course concentrates on hardening a technical environment before a cyber incident has happened. Students focus on these technical controls how they actively prevent a cyber incident with group work and personal assignments. If the prevention isn’t sufficient the incident handling is also investigated and reported by Indicators of Compromise.
Main topics are updated each year, but mainly they correlate and draw inspiration from e.g. CIS Critical Security Controls and other related public recommendations. The students learn to implement these technical controls and test/audit them on the next course "Auditing and Testing Technical Security".

Course Competences
EUR-ACE: Engineering Design, Master's Degree
EUR-ACE: Engineering Analysis, Master's Degree
EUR-ACE: Engineering Practice, Master's Degree

Content

The key topics of the course are:
- Cyber Threats
- Malware Defences
- Asset Inventory and Management
- Hardening Operating System and Network Devices
- Situational Awareness
- User authentication & authorization
- Boundary Defence
- Maintenance, monitoring and analysis of security audit logs
- Defence Strategies & Tactics
- Red Teaming
- Cyber Security Incident Handling
- Conducting personal hands-on implementation and research of security controls
- Conducting group implementations of security controls to an enterprise

Learning materials and recommended literature

Materials in the e-learning environment.

Teaching methods

- lectures
- independent study
- distance learning
- webinars
- small group learning
- exercises
- learning tasks
- seminars

Practical training and working life connections

- visiting lecturers
- projects

Exam dates and retake possibilities

The possible date and method of the exam will be announced in the course opening.

Alternative completion methods

The admission procedures are described in the degree rule and the study guide. The teacher of the course will give you more information on possible specific course practices.

Student workload

One credit (1 Cr) corresponds to an average of 27 hours of work.

- lectures 52 h
- exercises 15 h
- assignment 35 h
- independent study 30 h
- company visits 3 h
Total 135 h

Evaluation scale

0-5

Evaluation criteria, satisfactory (1-2)

Sufficient 1: The student demonstrates sufficient mastery of the practical implementations of cyber security and is able to analyze an enterprises existing state of implementations concerning cyber security. The student has satisfactory understanding of an enterprises technical cyber threats and risks that are formulated related to context. The student is able to design a satisfactory technical implementation to control cyber security based on given requirement definition. The student reflects on his (her) own learning sufficiently.

Satisfactory 2: The student demonstrates satisfactory mastery of the practical implementations of cyber security and is able to analyze an enterprises existing state of implementations concerning cyber security. The student understands an enterprises technical cyber threats and risks that are formulated related to context. The student is able to design a satisfactory technical implementation to control cyber security based on given requirement definition. The student reflects on his (her) own learning.

Evaluation criteria, good (3-4)

Good 3: The student demonstrates good mastery of the practical implementations of cyber security and is able to analyze an enterprises existing state of implementations concerning cyber security. The student understands well an enterprises the technical cyber threats and risks that are formulated related to context. The student is able to design a technical implementation to control cyber security based on given requirement definition. The student reflects on his (her) own learning well.

Very Good 4: The student demonstrates very good mastery of the practical implementations of cyber security and is able to analyze an enterprises existing state of implementations concerning cyber security. The student understands very well an enterprises technical cyber threats and risks that are formulated related to context. The student is able to design a good technical implementation to control cyber security based on given requirement definition. The student reflects on his (her) own learning very well.

Evaluation criteria, excellent (5)

Excellent 5: The student demonstrates excellent mastery of the practical implementations of cyber security and is able to analyze an enterprises existing state of implementations concerning cyber security. The student understands excellently enterprises technical cyber threats and risks that are formulated related to context. The student is able to design an excellent technical implementation to control cyber security based on given requirement definition. The student reflects on his (her) own learning commendably.

Enrollment

20.11.2023 - 04.01.2024

Timing

08.01.2024 - 20.05.2024

Number of ECTS credits allocated

5 op

Mode of delivery

Face-to-face

Unit

School of Technology

Campus

Lutakko Campus

Teaching languages
  • English
Seats

20 - 35

Degree programmes
  • Master's Degree Programme in Information Technology, Cyber Security
Teachers
  • Joonatan Ovaska

Objectives

The course concentrates on hardening a technical environment before a cyber incident has happened. Students focus on these technical controls how they actively prevent a cyber incident with group work and personal assignments. If the prevention isn’t sufficient the incident handling is also investigated and reported by Indicators of Compromise.
Main topics are updated each year, but mainly they correlate and draw inspiration from e.g. CIS Critical Security Controls and other related public recommendations. The students learn to implement these technical controls and test/audit them on the next course "Auditing and Testing Technical Security".

Course Competences
EUR-ACE: Engineering Design, Master's Degree
EUR-ACE: Engineering Analysis, Master's Degree
EUR-ACE: Engineering Practice, Master's Degree

Content

The key topics of the course are:
- Cyber Threats
- Malware Defences
- Asset Inventory and Management
- Hardening Operating System and Network Devices
- Situational Awareness
- User authentication & authorization
- Boundary Defence
- Maintenance, monitoring and analysis of security audit logs
- Defence Strategies & Tactics
- Red Teaming
- Cyber Security Incident Handling
- Conducting personal hands-on implementation and research of security controls
- Conducting group implementations of security controls to an enterprise

Learning materials and recommended literature

Materials in the e-learning environment.

Teaching methods

- lectures
- independent study
- distance learning
- webinars
- small group learning
- exercises
- learning tasks
- seminars

Practical training and working life connections

- visiting lecturers
- projects

Exam dates and retake possibilities

The possible date and method of the exam will be announced in the course opening.

Alternative completion methods

The admission procedures are described in the degree rule and the study guide. The teacher of the course will give you more information on possible specific course practices.

Student workload

One credit (1 Cr) corresponds to an average of 27 hours of work.

- lectures 52 h
- exercises 15 h
- assignment 35 h
- independent study 30 h
- company visits 3 h
Total 135 h

Evaluation scale

0-5

Evaluation criteria, satisfactory (1-2)

Sufficient 1: The student demonstrates sufficient mastery of the practical implementations of cyber security and is able to analyze an enterprises existing state of implementations concerning cyber security. The student has satisfactory understanding of an enterprises technical cyber threats and risks that are formulated related to context. The student is able to design a satisfactory technical implementation to control cyber security based on given requirement definition. The student reflects on his (her) own learning sufficiently.

Satisfactory 2: The student demonstrates satisfactory mastery of the practical implementations of cyber security and is able to analyze an enterprises existing state of implementations concerning cyber security. The student understands an enterprises technical cyber threats and risks that are formulated related to context. The student is able to design a satisfactory technical implementation to control cyber security based on given requirement definition. The student reflects on his (her) own learning.

Evaluation criteria, good (3-4)

Good 3: The student demonstrates good mastery of the practical implementations of cyber security and is able to analyze an enterprises existing state of implementations concerning cyber security. The student understands well an enterprises the technical cyber threats and risks that are formulated related to context. The student is able to design a technical implementation to control cyber security based on given requirement definition. The student reflects on his (her) own learning well.

Very Good 4: The student demonstrates very good mastery of the practical implementations of cyber security and is able to analyze an enterprises existing state of implementations concerning cyber security. The student understands very well an enterprises technical cyber threats and risks that are formulated related to context. The student is able to design a good technical implementation to control cyber security based on given requirement definition. The student reflects on his (her) own learning very well.

Evaluation criteria, excellent (5)

Excellent 5: The student demonstrates excellent mastery of the practical implementations of cyber security and is able to analyze an enterprises existing state of implementations concerning cyber security. The student understands excellently enterprises technical cyber threats and risks that are formulated related to context. The student is able to design an excellent technical implementation to control cyber security based on given requirement definition. The student reflects on his (her) own learning commendably.

Enrollment

01.11.2022 - 05.01.2023

Timing

09.01.2023 - 28.04.2023

Number of ECTS credits allocated

5 op

Mode of delivery

Face-to-face

Unit

School of Technology

Campus

Lutakko Campus

Teaching languages
  • English
Seats

0 - 35

Degree programmes
  • Master's Degree Programme in Information Technology, Cyber Security
Teachers
  • Jarmo Viinikanoja
  • Heli Ciszek
Groups
  • YTC22S1
    Master of Engineering, Degree Programme in Cyber Security

Objectives

The course concentrates on hardening a technical environment before a cyber incident has happened. Students focus on these technical controls how they actively prevent a cyber incident with group work and personal assignments. If the prevention isn’t sufficient the incident handling is also investigated and reported by Indicators of Compromise.
Main topics are updated each year, but mainly they correlate and draw inspiration from e.g. CIS Critical Security Controls and other related public recommendations. The students learn to implement these technical controls and test/audit them on the next course "Auditing and Testing Technical Security".

Course Competences
EUR-ACE: Engineering Design, Master's Degree
EUR-ACE: Engineering Analysis, Master's Degree
EUR-ACE: Engineering Practice, Master's Degree

Content

The key topics of the course are:
- Cyber Threats
- Malware Defences
- Asset Inventory and Management
- Hardening Operating System and Network Devices
- Situational Awareness
- User authentication & authorization
- Boundary Defence
- Maintenance, monitoring and analysis of security audit logs
- Defence Strategies & Tactics
- Red Teaming
- Cyber Security Incident Handling
- Conducting personal hands-on implementation and research of security controls
- Conducting group implementations of security controls to an enterprise

Learning materials and recommended literature

Materials in the e-learning environment.

Teaching methods

- lectures
- independent study
- distance learning
- webinars
- small group learning
- exercises
- learning tasks
- seminars

Practical training and working life connections

- excursions
- visiting lecturers
- projects

Exam dates and retake possibilities

The possible date and method of the exam will be announced in the course opening.

Alternative completion methods

The admission procedures are described in the degree rule and the study guide. The teacher of the course will give you more information on possible specific course practices.

Student workload

One credit (1 Cr) corresponds to an average of 27 hours of work.

- lectures 52 h
- exercises 15 h
- assignment 35 h
- independent study 30 h
- company visits 3 h
Total 135 h

Evaluation scale

0-5

Evaluation criteria, satisfactory (1-2)

Sufficient 1: The student demonstrates sufficient mastery of the practical implementations of cyber security and is able to analyze an enterprises existing state of implementations concerning cyber security. The student has satisfactory understanding of an enterprises technical cyber threats and risks that are formulated related to context. The student is able to design a satisfactory technical implementation to control cyber security based on given requirement definition. The student reflects on his (her) own learning sufficiently.

Satisfactory 2: The student demonstrates satisfactory mastery of the practical implementations of cyber security and is able to analyze an enterprises existing state of implementations concerning cyber security. The student understands an enterprises technical cyber threats and risks that are formulated related to context. The student is able to design a satisfactory technical implementation to control cyber security based on given requirement definition. The student reflects on his (her) own learning.

Evaluation criteria, good (3-4)

Good 3: The student demonstrates good mastery of the practical implementations of cyber security and is able to analyze an enterprises existing state of implementations concerning cyber security. The student understands well an enterprises the technical cyber threats and risks that are formulated related to context. The student is able to design a technical implementation to control cyber security based on given requirement definition. The student reflects on his (her) own learning well.

Very Good 4: The student demonstrates very good mastery of the practical implementations of cyber security and is able to analyze an enterprises existing state of implementations concerning cyber security. The student understands very well an enterprises technical cyber threats and risks that are formulated related to context. The student is able to design a good technical implementation to control cyber security based on given requirement definition. The student reflects on his (her) own learning very well.

Evaluation criteria, excellent (5)

Excellent 5: The student demonstrates excellent mastery of the practical implementations of cyber security and is able to analyze an enterprises existing state of implementations concerning cyber security. The student understands excellently enterprises technical cyber threats and risks that are formulated related to context. The student is able to design an excellent technical implementation to control cyber security based on given requirement definition. The student reflects on his (her) own learning commendably.