Cyber Security (5 cr)

Evaluation scale

H-5

Schedule

As this is an advanced course, the agenda can update during the course.

- Threat modeling
- Overview of current security scene
- Standards and models
- Security maturity
- Business continuity
- Encryption
- Authentication
- Student presentations

Student presentations are best enjoyed & discussed troughout the course - so reserve yours early.

Implementation methods, demonstration and Work&Study

Weekly classes: teacher talks, discussions, presentations, small groups, hands-on exercises on your own machine. Weekly homework includes reading, tests with a computer and reporting. Cross-evaluation and commenting classmates' reports. Classes are online or contact depending on realization.

Active class participation required. This course requires you join the classes, discuss with your classmates, ask and answer questions and provide feedback on your classmates presentations. You must do your homework in time and provide cross eveluation for your classmates' reports. When the implementation type of the course is contact, online or blended it is required that the student is present during those teaching hours that are marked in the study schedule. If you are absent more than 25%, your grade will be lowered by one. If you are absent more than 50%, the course is failed. Repeated absence or failing to return homework in time can result in failing the course earlier than those percentages.

Tools required: a computer with root/administrator access. Online realizations require camera, mic, headphones and an internet connection suitable for video conference. Contact realization require a laptop. (Macintosh users note: a normal PC computer, also known as amd64, is much easier to use for most exercises than a new M1, M2, M3, M4 Apple Macintosh.)

Recognition of prior learning (RPL): If students have acquired the required competence in previous work tasks, recreational activities or on another course, they can show their competence via a demonstration. The demonstration must be agreed with the course teacher. More information and instructions for recognising and validating prior learning (RPL) are available at https://www.haaga-helia.fi/en/recognition-learning Look at "Instructions to students (master)"

Intro

Learn cyber security.

Understand high level management view. Tie it to grass roots level with some simple hands-on exercises.

Materials

Articles, videos and book chapters provided by teacher. Software is mostly free open source software used in the industry, with the aim of providing a fully licensed copy to student's use even after the course.

For example

- Schneier 2015: Applied Cryptography
- Hutchins et al 2011: Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains (cyber kill chain)
- MITRE: ATT&CK Enterprise Matrix.
- Felten et al 2015: Bitcoin and Cryptocurrency Technologies
- Schneier 1999: Modeling security threats
- Cryptopals
- Karvinen 2022: Cracking Passwords with Hashcat

Please note that this is not a penetration testing course, even if some of the exercises demonstrate simplified versions of the same tools, tactics and procedures. If you want to learn penetration testing, have the time and technical background, consider my non-masters level course "Tunkeutumistestaus" in addition to this course.

Reading list is likely to change during the course. Paid content behind paywalls could be available for free using Haaga-Helia student access.

Teaching methods and instruction

ONLINE: Fully remote, mandatory participation to classes.

Online course, fully remote. Requires active participation to classes in video conference, at the time marked in the timetable.

To participate, you'll need Internet connection, headphones, camera and a computer where you can install Linux on a virtual machine (with instructions). To be able to discuss practical hacking techniques, you must accept course rules.

Working life connections

Many participants are usually already working in the field, which hopefully leads to interesting discussions. No matter if you're a CEO, CIO, helpdesk worker (or not working with IT at all), you're welcome here.

Exam dates and re-exam possibilities

No exam.

Internationality

Likely international participation. It's possible to publish homework reports to talk to an international audience. Course material is developed by authors from many countries, and some technical tools are multinational FOSS (Free, open source software) projects.

Learning assignments

- Active participation in the classes, including discussions and technical tasks
- Presentation
- Homework, including reporting technical tasks
- Cross evaluation of reports and giving helpful feedback to fellow students

Assessment methods

Homework reports, active participation in classes and discussions, cross evaluation, presentations.