Content, progress and pedagogy of the module

The aim of this project is to carry out security risk and threat analysis of a chosen technology, system or enterprise/organization and asses or implement mitigation strategies for dealing with these. Students can base the security analysis on actual testing of system (using for example penetration testing or the like) or create an analytical end-to-end description of the threats and risks. The analysis shall be used as a basis for creating a strategy for diminishing the threats and risks

Learning objectives

Knowledge

• Must have knowledge of different cyber treats, including threat actors and attack vectors.
• Must have knowledge of relevant methods and frameworks for risk assessment, including ISO27001/ISO27002 and NIST.
• Must have knowledge of relevant frameworks for understanding cyber-attacks, including the Cyber Kill Chain as well as the Mitre att&ck framework.

Skills

• Must have the ability to choose and describe relevant mitigation strategies, based on a cyber risk analysis.
• Must have the ability to select and apply methods and techniques to find known vulnerabilities in systems, i.e. using penetration-testing tools as well as OSINT techniques.
• Must have the ability to develop incident response plans along with procedures for testing and revising such plans.

Competences

• Must have competences in choosing and applying relevant methods and framework to conduct cyber risk analysis for a system.
• Must have competences in critically reflecting on the limitations, strengths and drawbacks of the selected methods.
• Must have competences in developing a strategy to mitigate and handle cyber risks, based on the analysis carried out with respect to a system.
• Must have competences in presenting the conducted assessments to a broad audience within an organisation.

Type of instruction

Types of instruction are listed at the start of §17; Structure and contents of the programme.

Exam

Exams