Skip to main content

Auditing and Testing Technical SecurityLaajuus (5 cr)

Code: YTCP0300

Credits

5 op

Teaching language

  • English

Responsible person

  • Jarmo Nevala, IT-instituutti

Objective

The student understands the purpose of security auditing and knows the restrictions of related legislations and regulations. He (she) knows the security testing methods and techniques. The student can design testing processes and the activities needed when applying technical security.

Course Competences
EUR-ACE: Engineering Design, Master's Degree
EUR-ACE: Engineering Practice, Master's Degree
EUR-ACE: Investigations, Master's Degree

Content

The key topics of the course are:
- Restrictions of legislation and regulations
- Security testing, examination overview and techniques
- Target and environment identification and analysis techniques
- Target vulnerability validation techniques
- Testing process, activities and reporting (Remediation/Mitigation)

Qualifications

YTCP0100 Security Management in Cyber Domain

Assessment criteria, satisfactory (1)

Sufficient 1: Student has sufficient knowledge of auditing and testing process and is able to choose some of the appropriate tools and methods as a part of a testing process designing. Student is able to form a partially comprehensive analysis from technical results and can create appropriate suggestions for mitigating and remediating some of the vulnerabilities found during the auditing and testing process. In addition, student understands the restrictions of legislation and regulations affecting the operations of actors in sufficient level.

Satisfactory 2: Student has satisfying knowledge of auditing and testing process and is able to choose some of the appropriate tools and methods as a part of a testing process designing. Student is able to form a partially comprehensive analysis from technical results and can create appropriate suggestions for mitigating and remediating all critical vulnerabilities found during the auditing and testing process. In addition, student understands the restrictions of legislation and regulations affecting the operations of actors in satisfying level.

Assessment criteria, good (3)

Good 3: Student has good knowledge of auditing and testing process and is able to choose most of the appropriate tools and methods as a part of a testing process designing. Student is able to form a partially comprehensive analysis from technical results and can create appropriate suggestions for mitigating and remediating all critical vulnerabilities found during the auditing and testing process. In addition, student understands the restrictions of legislation and regulations affecting the operations of actors well.

Very Good 4: Student has very good knowledge of auditing and testing process and is able to choose appropriate tools and methods as a part of a testing process designing. Student is able to form a comprehensive analysis from technical results and can create appropriate suggestions for mitigating and remediating most vulnerabilities found during the auditing and testing process. In addition, student understands the restrictions of legislation and regulations affecting the operations of actors very well.

Assessment criteria, excellent (5)

Excellent 5: Student has excellent knowledge of auditing and testing process and is able to choose appropriate tools and methods as a part of a testing process designing. Student is able to form a comprehensive analysis from technical results and can create appropriate suggestions for mitigating and remediating most vulnerabilities found during the auditing and testing process. In addition, student understands excellently the restrictions of legislation and regulations affecting the operations of actors.

Enrollment

01.08.2024 - 31.08.2024

Timing

26.08.2024 - 18.12.2024

Number of ECTS credits allocated

5 op

Mode of delivery

Face-to-face

Unit

School of Technology

Campus

Lutakko Campus

Teaching languages
  • English
Seats

0 - 35

Degree programmes
  • Master's Degree Programme in Information Technology, Cyber Security
Teachers
  • Jarmo Nevala
  • Joonatan Ovaska
Groups
  • YTC23S1
    Master of Engineering, Degree Programme in Cyber Security

Objectives

The student understands the purpose of security auditing and knows the restrictions of related legislations and regulations. He (she) knows the security testing methods and techniques. The student can design testing processes and the activities needed when applying technical security.

Course Competences
EUR-ACE: Engineering Design, Master's Degree
EUR-ACE: Engineering Practice, Master's Degree
EUR-ACE: Investigations, Master's Degree

Content

The key topics of the course are:
- Restrictions of legislation and regulations
- Security testing, examination overview and techniques
- Target and environment identification and analysis techniques
- Target vulnerability validation techniques
- Testing process, activities and reporting (Remediation/Mitigation)

Learning materials and recommended literature

Materials in the e-learning environment.

Teaching methods

- lectures
- independent study
- distance learning
- webinars / visiting lecturers
- small group learning
- exercises
- learning tasks
- seminars

Practical training and working life connections

- visiting lecturers
- projects

Exam dates and retake possibilities

The possible date and method of the exam will be announced in the course opening.

Alternative completion methods

The admission procedures are described in the degree rule and the study guide. The teacher of the course will give you more information on possible specific course practices.

Student workload

One credit (1 Cr) corresponds to an average of 27 hours of work.

Further information for students

The course includes individual work, group work and a final exam

Evaluation scale

0-5

Evaluation criteria, satisfactory (1-2)

Sufficient 1: Student has sufficient knowledge of auditing and testing process and is able to choose some of the appropriate tools and methods as a part of a testing process designing. Student is able to form a partially comprehensive analysis from technical results and can create appropriate suggestions for mitigating and remediating some of the vulnerabilities found during the auditing and testing process. In addition, student understands the restrictions of legislation and regulations affecting the operations of actors in sufficient level.

Satisfactory 2: Student has satisfying knowledge of auditing and testing process and is able to choose some of the appropriate tools and methods as a part of a testing process designing. Student is able to form a partially comprehensive analysis from technical results and can create appropriate suggestions for mitigating and remediating all critical vulnerabilities found during the auditing and testing process. In addition, student understands the restrictions of legislation and regulations affecting the operations of actors in satisfying level.

Evaluation criteria, good (3-4)

Good 3: Student has good knowledge of auditing and testing process and is able to choose most of the appropriate tools and methods as a part of a testing process designing. Student is able to form a partially comprehensive analysis from technical results and can create appropriate suggestions for mitigating and remediating all critical vulnerabilities found during the auditing and testing process. In addition, student understands the restrictions of legislation and regulations affecting the operations of actors well.

Very Good 4: Student has very good knowledge of auditing and testing process and is able to choose appropriate tools and methods as a part of a testing process designing. Student is able to form a comprehensive analysis from technical results and can create appropriate suggestions for mitigating and remediating most vulnerabilities found during the auditing and testing process. In addition, student understands the restrictions of legislation and regulations affecting the operations of actors very well.

Evaluation criteria, excellent (5)

Excellent 5: Student has excellent knowledge of auditing and testing process and is able to choose appropriate tools and methods as a part of a testing process designing. Student is able to form a comprehensive analysis from technical results and can create appropriate suggestions for mitigating and remediating most vulnerabilities found during the auditing and testing process. In addition, student understands excellently the restrictions of legislation and regulations affecting the operations of actors.

Prerequisites

YTCP0100 Security Management in Cyber Domain

Enrollment

01.08.2023 - 08.09.2023

Timing

28.08.2023 - 19.12.2023

Number of ECTS credits allocated

5 op

Mode of delivery

Face-to-face

Unit

School of Technology

Teaching languages
  • English
Seats

20 - 35

Degree programmes
  • Master's Degree Programme in Information Technology, Cyber Security
Teachers
  • Jarmo Nevala
  • Joonatan Ovaska
Groups
  • YTC22S1
    Master of Engineering, Degree Programme in Cyber Security

Objectives

The student understands the purpose of security auditing and knows the restrictions of related legislations and regulations. He (she) knows the security testing methods and techniques. The student can design testing processes and the activities needed when applying technical security.

Course Competences
EUR-ACE: Engineering Design, Master's Degree
EUR-ACE: Engineering Practice, Master's Degree
EUR-ACE: Investigations, Master's Degree

Content

The key topics of the course are:
- Restrictions of legislation and regulations
- Security testing, examination overview and techniques
- Target and environment identification and analysis techniques
- Target vulnerability validation techniques
- Testing process, activities and reporting (Remediation/Mitigation)

Learning materials and recommended literature

Materials in the e-learning environment.

Teaching methods

- lectures
- independent study
- distance learning
- webinars
- small group learning
- exercises
- learning tasks
- seminars

Practical training and working life connections

- visiting lecturers
- projects

Exam dates and retake possibilities

The possible date and method of the exam will be announced in the course opening.

Alternative completion methods

The admission procedures are described in the degree rule and the study guide. The teacher of the course will give you more information on possible specific course practices.

Student workload

One credit (1 Cr) corresponds to an average of 27 hours of work.

Evaluation scale

0-5

Evaluation criteria, satisfactory (1-2)

Sufficient 1: Student has sufficient knowledge of auditing and testing process and is able to choose some of the appropriate tools and methods as a part of a testing process designing. Student is able to form a partially comprehensive analysis from technical results and can create appropriate suggestions for mitigating and remediating some of the vulnerabilities found during the auditing and testing process. In addition, student understands the restrictions of legislation and regulations affecting the operations of actors in sufficient level.

Satisfactory 2: Student has satisfying knowledge of auditing and testing process and is able to choose some of the appropriate tools and methods as a part of a testing process designing. Student is able to form a partially comprehensive analysis from technical results and can create appropriate suggestions for mitigating and remediating all critical vulnerabilities found during the auditing and testing process. In addition, student understands the restrictions of legislation and regulations affecting the operations of actors in satisfying level.

Evaluation criteria, good (3-4)

Good 3: Student has good knowledge of auditing and testing process and is able to choose most of the appropriate tools and methods as a part of a testing process designing. Student is able to form a partially comprehensive analysis from technical results and can create appropriate suggestions for mitigating and remediating all critical vulnerabilities found during the auditing and testing process. In addition, student understands the restrictions of legislation and regulations affecting the operations of actors well.

Very Good 4: Student has very good knowledge of auditing and testing process and is able to choose appropriate tools and methods as a part of a testing process designing. Student is able to form a comprehensive analysis from technical results and can create appropriate suggestions for mitigating and remediating most vulnerabilities found during the auditing and testing process. In addition, student understands the restrictions of legislation and regulations affecting the operations of actors very well.

Evaluation criteria, excellent (5)

Excellent 5: Student has excellent knowledge of auditing and testing process and is able to choose appropriate tools and methods as a part of a testing process designing. Student is able to form a comprehensive analysis from technical results and can create appropriate suggestions for mitigating and remediating most vulnerabilities found during the auditing and testing process. In addition, student understands excellently the restrictions of legislation and regulations affecting the operations of actors.

Prerequisites

YTCP0100 Security Management in Cyber Domain

Enrollment

01.08.2022 - 04.09.2022

Timing

29.08.2022 - 16.12.2022

Number of ECTS credits allocated

5 op

Mode of delivery

Face-to-face

Unit

School of Technology

Teaching languages
  • English
Seats

0 - 35

Degree programmes
  • Master's Degree Programme in Information Technology, Cyber Security
Teachers
  • Jarmo Nevala
  • Joonatan Ovaska
Groups
  • YTC21S1
    Master of Engineering, Degree Programme in Cyber Security

Objectives

The student understands the purpose of security auditing and knows the restrictions of related legislations and regulations. He (she) knows the security testing methods and techniques. The student can design testing processes and the activities needed when applying technical security.

Course Competences
EUR-ACE: Engineering Design, Master's Degree
EUR-ACE: Engineering Practice, Master's Degree
EUR-ACE: Investigations, Master's Degree

Content

The key topics of the course are:
- Restrictions of legislation and regulations
- Security testing, examination overview and techniques
- Target and environment identification and analysis techniques
- Target vulnerability validation techniques
- Testing process, activities and reporting (Remediation/Mitigation)

Learning materials and recommended literature

Materials in the e-learning environment.

Teaching methods

- lectures
- independent study
- distance learning
- webinars
- small group learning
- exercises
- learning tasks
- seminars

Practical training and working life connections

- visiting lecturers
- projects

Exam dates and retake possibilities

The possible date and method of the exam will be announced in the course opening.

Alternative completion methods

The admission procedures are described in the degree rule and the study guide. The teacher of the course will give you more information on possible specific course practices.

Student workload

One credit (1 Cr) corresponds to an average of 27 hours of work.

- lectures 52 h
- exercises 15 h
- assignment 35 h
- independent study 30 h
- company visits 3 h
Total 135 h

Evaluation scale

0-5

Evaluation criteria, satisfactory (1-2)

Sufficient 1: Student has sufficient knowledge of auditing and testing process and is able to choose some of the appropriate tools and methods as a part of a testing process designing. Student is able to form a partially comprehensive analysis from technical results and can create appropriate suggestions for mitigating and remediating some of the vulnerabilities found during the auditing and testing process. In addition, student understands the restrictions of legislation and regulations affecting the operations of actors in sufficient level.

Satisfactory 2: Student has satisfying knowledge of auditing and testing process and is able to choose some of the appropriate tools and methods as a part of a testing process designing. Student is able to form a partially comprehensive analysis from technical results and can create appropriate suggestions for mitigating and remediating all critical vulnerabilities found during the auditing and testing process. In addition, student understands the restrictions of legislation and regulations affecting the operations of actors in satisfying level.

Evaluation criteria, good (3-4)

Good 3: Student has good knowledge of auditing and testing process and is able to choose most of the appropriate tools and methods as a part of a testing process designing. Student is able to form a partially comprehensive analysis from technical results and can create appropriate suggestions for mitigating and remediating all critical vulnerabilities found during the auditing and testing process. In addition, student understands the restrictions of legislation and regulations affecting the operations of actors well.

Very Good 4: Student has very good knowledge of auditing and testing process and is able to choose appropriate tools and methods as a part of a testing process designing. Student is able to form a comprehensive analysis from technical results and can create appropriate suggestions for mitigating and remediating most vulnerabilities found during the auditing and testing process. In addition, student understands the restrictions of legislation and regulations affecting the operations of actors very well.

Evaluation criteria, excellent (5)

Excellent 5: Student has excellent knowledge of auditing and testing process and is able to choose appropriate tools and methods as a part of a testing process designing. Student is able to form a comprehensive analysis from technical results and can create appropriate suggestions for mitigating and remediating most vulnerabilities found during the auditing and testing process. In addition, student understands excellently the restrictions of legislation and regulations affecting the operations of actors.

Prerequisites

YTCP0100 Security Management in Cyber Domain

Enrollment

01.08.2022 - 04.09.2022

Timing

29.08.2022 - 16.12.2022

Number of ECTS credits allocated

5 op

Mode of delivery

Face-to-face

Unit

School of Technology

Campus

Lutakko Campus

Teaching languages
  • English
Seats

0 - 35

Degree programmes
  • Master's Degree Programme in Information Technology, Cyber Security
Teachers
  • Jarmo Nevala
  • Joonatan Ovaska
Groups
  • YTC21S2
    Master of Engineering, Degree Programme in Cyber Security

Objectives

The student understands the purpose of security auditing and knows the restrictions of related legislations and regulations. He (she) knows the security testing methods and techniques. The student can design testing processes and the activities needed when applying technical security.

Course Competences
EUR-ACE: Engineering Design, Master's Degree
EUR-ACE: Engineering Practice, Master's Degree
EUR-ACE: Investigations, Master's Degree

Content

The key topics of the course are:
- Restrictions of legislation and regulations
- Security testing, examination overview and techniques
- Target and environment identification and analysis techniques
- Target vulnerability validation techniques
- Testing process, activities and reporting (Remediation/Mitigation)

Learning materials and recommended literature

Materials in the e-learning environment.

Teaching methods

- lectures
- independent study
- distance learning
- webinars
- small group learning
- exercises
- learning tasks
- seminars

Practical training and working life connections

- visiting lecturers
- projects

Exam dates and retake possibilities

The possible date and method of the exam will be announced in the course opening.

Alternative completion methods

The admission procedures are described in the degree rule and the study guide. The teacher of the course will give you more information on possible specific course practices.

Student workload

One credit (1 Cr) corresponds to an average of 27 hours of work.

- lectures 52 h
- exercises 15 h
- assignment 35 h
- independent study 30 h
- company visits 3 h
Total 135 h

Evaluation scale

0-5

Evaluation criteria, satisfactory (1-2)

Sufficient 1: Student has sufficient knowledge of auditing and testing process and is able to choose some of the appropriate tools and methods as a part of a testing process designing. Student is able to form a partially comprehensive analysis from technical results and can create appropriate suggestions for mitigating and remediating some of the vulnerabilities found during the auditing and testing process. In addition, student understands the restrictions of legislation and regulations affecting the operations of actors in sufficient level.

Satisfactory 2: Student has satisfying knowledge of auditing and testing process and is able to choose some of the appropriate tools and methods as a part of a testing process designing. Student is able to form a partially comprehensive analysis from technical results and can create appropriate suggestions for mitigating and remediating all critical vulnerabilities found during the auditing and testing process. In addition, student understands the restrictions of legislation and regulations affecting the operations of actors in satisfying level.

Evaluation criteria, good (3-4)

Good 3: Student has good knowledge of auditing and testing process and is able to choose most of the appropriate tools and methods as a part of a testing process designing. Student is able to form a partially comprehensive analysis from technical results and can create appropriate suggestions for mitigating and remediating all critical vulnerabilities found during the auditing and testing process. In addition, student understands the restrictions of legislation and regulations affecting the operations of actors well.

Very Good 4: Student has very good knowledge of auditing and testing process and is able to choose appropriate tools and methods as a part of a testing process designing. Student is able to form a comprehensive analysis from technical results and can create appropriate suggestions for mitigating and remediating most vulnerabilities found during the auditing and testing process. In addition, student understands the restrictions of legislation and regulations affecting the operations of actors very well.

Evaluation criteria, excellent (5)

Excellent 5: Student has excellent knowledge of auditing and testing process and is able to choose appropriate tools and methods as a part of a testing process designing. Student is able to form a comprehensive analysis from technical results and can create appropriate suggestions for mitigating and remediating most vulnerabilities found during the auditing and testing process. In addition, student understands excellently the restrictions of legislation and regulations affecting the operations of actors.

Prerequisites

YTCP0100 Security Management in Cyber Domain