•   Data Security ICT4TF022-3009 22.08.2022-14.10.2022  5   (TF3SWD, ...) +-
    Learning objectives
    Upon successful completion of this course, the student should be able to
    - understand the needs of enterprise information security and the importance of risk management
    - be familiar with the laws and regulations related to information security
    - identify company's security risks
    - know the company's security policies
    - protect against security risks
    Starting level and linkage with other courses
    Student has completed courses Orientation to ICT Infrastructures, ICT1TF010 and Server Technologies, ICT4TF021
    Contents
    Topics to be covered in the course include the following:
    - Security and Risk Management
    - Protection of information assets
    - Security Engineering
    - Communications and Network Security
    - Identity and Access Management
    - Security Assessment and Testing
    - Security Operations
    - Security in the Software Development
    - OWASP
    Assessment criteria
    Assessment criteria - grade 1
    Grade 1 (40%)
    - Knows the basic concepts of network security.
    - Understands the importance of information security to the corporation.
    - Knows the basics of information security practices.
    - Manages the basics of using information security tools.
    Assessment criteria - grade 3
    Grade 3 (70%)
    - Knows the information security concepts well
    - Able to perceive how the various information security areas are related to the company's operations.
    - Manages security practices well
    - Able to use information security tools independently
    Assessment criteria - grade 5
    Grade 5 (90%)
    - Knows the information security concepts in depth.
    - Able to define and analyze the security requirements resulting from the activities of the company.
    - Able to develop security practices.
    - Knows how to use information security tools excellently.

    Teaching methods and instruction

    ONLINE: Fully remote, mandatory participation to classes.

    Teaching 48 h
    Independent study 87 h
    The assessment of one’s own learning 1 h
    Studying includes classes and exercises

    Online course, fully remote. Requires active participation to classes in video conference, at the time marked in the timetable.

    To participate, you'll need Internet connection, headphones, camera and a computer where you can install Linux on a virtual machine (with instructions). To be able to discuss pentest techniques, you must accept course rules.

    Excellent 4.6 feedback mean.

    Learning material and recommended literature

    The course web pages

    Material given by the teacher, including articles and book chapters. Paid content behind paywalls could be available for free using Haaga-Helia student access. Free software and tools in student's possession is used as much as practical. For example

    - Hutchins et al 2011: Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains,
    - Santos et al: The Art of Hacking (Video Collection)
    - Open Web Application Security Project: OWASP 10 2021
    - MITRE: ATT&CK Enterprise Matrix
    - Debian 11 Bullseye non-free
    - Metasploitable
    - Webgoat

    For previous courses, student feedback and articles, see https://TeroKarvinen.com

    Working life connections

    Guest lectures are organized if feasible. Teacher provides information about important security events during the course.

    Campus

    Pasila Campus

    Exam dates and re-exam possibilities

    No exams.

    Teaching language

    English

    Internationality

    Likely international participation. It's possible to publish homework reports to talk to international audience. Course material is developed by authors from many countries, and some technical tools are multinational FOSS (Free, open source software) projects.

    Timing

    22.08.2022 - 14.10.2022

    Learning assignments

    - Active participation in the classes, including discussions, presentations and technical tasks - Homework, including reporting technical tasks - Cross evaluation of reports and giving helpful feedback to fellow students

    Enrollment

    13.06.2022 - 19.08.2022

    Content scheduling

    In course homepage, updated during the course.

    Groups
    • TF3SWD
    • TF3DIG
    • EXCH
    • ONLINE
    Teachers

    Tero Karvinen

    Seats

    15 - 25

    Further information

    Accepted course is evaluated with grades 1 to 5.

    Degree Programme

    BITE Degree Programme in Business Information Technology

    R&D proportion

    1 cr

    Virtual proportion

    5 cr

    Evaluation scale

    H-5