Data Security - Study guide

Upon successful completion of this course, the student should be able to
- understand the needs of enterprise information security and the importance of risk management
- be familiar with the laws and regulations related to information security
- identify company's security risks
- know the company's security policies
- protect against security risks

Student has completed courses Orientation to ICT Infrastructures, ICT1TF010 and Server Technologies, ICT4TF021

Topics to be covered in the course include the following:
- Security and Risk Management
- Protection of information assets
- Security Engineering
- Communications and Network Security
- Identity and Access Management
- Security Assessment and Testing
- Security Operations
- Security in the Software Development
- OWASP

Grade 1 (40%)
- Knows the basic concepts of network security.
- Understands the importance of information security to the corporation.
- Knows the basics of information security practices.
- Manages the basics of using information security tools.

Grade 3 (70%)
- Knows the information security concepts well
- Able to perceive how the various information security areas are related to the company's operations.
- Manages security practices well
- Able to use information security tools independently

Grade 5 (90%)
- Knows the information security concepts in depth.
- Able to define and analyze the security requirements resulting from the activities of the company.
- Able to develop security practices.
- Knows how to use information security tools excellently.

ONLINE: Fully remote, mandatory participation to classes.

Teaching 48 h
Independent study 87 h
The assessment of one’s own learning 1 h
Studying includes classes and exercises

Online course, fully remote. Requires active participation to classes in video conference, at the time marked in the timetable.

To participate, you'll need Internet connection, headphones, camera and a computer where you can install Linux on a virtual machine (with instructions). To be able to discuss pentest techniques, you must accept course rules.

Excellent 4.6 feedback mean.

The course web pages

Material given by the teacher, including articles and book chapters. Paid content behind paywalls could be available for free using Haaga-Helia student access. Free software and tools in student's possession is used as much as practical. For example

- Hutchins et al 2011: Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains,
- Santos et al: The Art of Hacking (Video Collection)
- Open Web Application Security Project: OWASP 10 2021
- MITRE: ATT&CK Enterprise Matrix
- Debian 11 Bullseye non-free
- Metasploitable
- Webgoat

For previous courses, student feedback and articles, see https://TeroKarvinen.com

Guest lectures are organized if feasible. Teacher provides information about important security events during the course.

Pasila Campus

No exams.

English

Likely international participation. It's possible to publish homework reports to talk to international audience. Course material is developed by authors from many countries, and some technical tools are multinational FOSS (Free, open source software) projects.

22.08.2022 - 14.10.2022

- Active participation in the classes, including discussions, presentations and technical tasks - Homework, including reporting technical tasks - Cross evaluation of reports and giving helpful feedback to fellow students

13.06.2022 - 19.08.2022

In course homepage, updated during the course.

TF3SWD
TF3DIG
EXCH
ONLINE

Tero Karvinen

15 - 25

Accepted course is evaluated with grades 1 to 5.

BITE Degree Programme in Business Information Technology

1.00 cr

5.00 cr

H-5