Auditing and Testing Technical Security (5 cr)

Evaluation scale

0-5

Objective

The student understands the purpose of security auditing and knows the restrictions of related legislations and regulations. He (she) knows the security testing methods and techniques. The student can design testing processes and the activities needed when applying technical security.

Course Competences
EUR-ACE: Engineering Design, Master's Degree
EUR-ACE: Engineering Practice, Master's Degree
EUR-ACE: Investigations, Master's Degree

Content

The key topics of the course are:
- Restrictions of legislation and regulations
- Security testing, examination overview and techniques
- Target and environment identification and analysis techniques
- Target vulnerability validation techniques
- Testing process, activities and reporting (Remediation/Mitigation)

Materials

Will be announced at the beginning of the course.

Completion alternatives

Exercises, learning diaries, reports, presentations

Student workload

Lectures 32 h Assignments 80h Independent studies 23h Total 135h ( one credit equals 27 hours of student work)

Assessment criteria, satisfactory (1)

Sufficient 1: Student has sufficient knowledge of auditing and testing process and is able to choose some of the appropriate tools and methods as a part of a testing process designing. Student is able to form a partially comprehensive analysis from technical results and can create appropriate suggestions for mitigating and remediating some of the vulnerabilities found during the auditing and testing process. In addition, student understands the restrictions of legislation and regulations affecting the operations of actors in sufficient level.

Satisfactory 2: Student has satisfying knowledge of auditing and testing process and is able to choose some of the appropriate tools and methods as a part of a testing process designing. Student is able to form a partially comprehensive analysis from technical results and can create appropriate suggestions for mitigating and remediating all critical vulnerabilities found during the auditing and testing process. In addition, student understands the restrictions of legislation and regulations affecting the operations of actors in satisfying level.

Assessment criteria, good (3)

Good 3: Student has good knowledge of auditing and testing process and is able to choose most of the appropriate tools and methods as a part of a testing process designing. Student is able to form a partially comprehensive analysis from technical results and can create appropriate suggestions for mitigating and remediating all critical vulnerabilities found during the auditing and testing process. In addition, student understands the restrictions of legislation and regulations affecting the operations of actors well.

Very Good 4: Student has very good knowledge of auditing and testing process and is able to choose appropriate tools and methods as a part of a testing process designing. Student is able to form a comprehensive analysis from technical results and can create appropriate suggestions for mitigating and remediating most vulnerabilities found during the auditing and testing process. In addition, student understands the restrictions of legislation and regulations affecting the operations of actors very well.

Assessment criteria, excellent (5)

Excellent 5: Student has excellent knowledge of auditing and testing process and is able to choose appropriate tools and methods as a part of a testing process designing. Student is able to form a comprehensive analysis from technical results and can create appropriate suggestions for mitigating and remediating most vulnerabilities found during the auditing and testing process. In addition, student understands excellently the restrictions of legislation and regulations affecting the operations of actors.

Qualifications

YTCP0100 Security Management in Cyber Domain