Designing and Preparing a Cyber Exercise (10 cr)

Evaluation scale

0-5

Objective

The student masters the most essential content for design and implementation of a cyber security exercise: concepts, utilized implementation methods and general information on the structure of an exercise. In addition, the student masters the exercise design principles and is able to design a suitable exercise model for the personnel of the company.

Content

The course consists of general concepts and requirements for a Cyber Security Exercise. The course includes organizing and acting in different roles (organizing, defending and attacking) in the exercise. The exercise structure and roles of participants are designed in the course for the implementation of Cyber Security Exercise course.

Materials

Materials in the e-learning environment.

Jason Kick, C. 2014. Cyber Exercise Playbook, The MITRE Corporation 2014, https://www.mitre.org/publications/technical-papers/cyber-exercise-playbook

Zimmerman, C. 2014. Ten Strategies of a World-Class Cybersecurity Operations Center. ISBN: 978-0-692-24310-7, https://www.mitre.org/sites/default/files/publications/pr-13-1028-mitre-10-strategies-cyber-ops-center.pdf

Teaching methods

- lectures
- independent study
- small group learning
- exercises
- learning tasks
- seminars

Employer connections

- visiting lecturers
- projects

Exam schedules

The possible date and method of the exam will be announced in the course opening.

Completion alternatives

The admission procedures are described in the degree rule and the study guide. The teacher of the course will give you more information on possible specific course practices.

Student workload

One credit (1 Cr) corresponds to an average of 27 hours of work.

- lectures 40 h
- assignment 100 h
- independent study 130 h
Total 270 h

Assessment criteria, satisfactory (1)

Sufficient 1: The student understands some of the theory behind Cyber Security Exercises. The student can design and implement some parts of a technical information system for a Cyber Security Exercise. The student contributes to design of a Cyber Security Exercise for an organization in a group.

Satisfactory 2: The student understands the basic theory behind Cyber Security Exercises. The student is able to design and implement a basic technical information system for a Cyber Security Exercise. The student is able to participate in the design of a Cyber Security Exercise for an organization in a group.

Assessment criteria, good (3)

Good 3: The student has a good understanding of the theory behind Cyber Security Exercises. The student is able to design and implement a technical information system for a Cyber Security Exercise. The student is able to participate in the design of a Cyber Security Exercise for an organization in a group .

Very good 4: The student has a thorough understanding of the theory behind Cyber Security Exercises. The student is able to commendably design and implement a technical information system for a Cyber Security Exercise. The student is able to design thoroughly a Cyber Security Exercise for an organization in a group.

Assessment criteria, excellent (5)

Excellent 5: The student understands exceptionally well the theory behind Cyber Security Exercises. The student is able to exceptionally well design and implement a technical information system for a Cyber Security Exercise. The student is able to design an excellent Cyber Security Exercise for an organization in a group.

Qualifications

The student must have completed their professional studies of their specialization option in order to participate in the course. The knowledge is based on theory on Company Networks and practices, knowledge and practices of various network technologies and server operating systems.