Master's Project: Strategies for Secure Organisations


Content, progress and pedagogy of the module

The aim of this project is to carry out security risk and threat analysis of a chosen technology, system or enterprise/organization and asses or implement mitigation strategies for dealing with these. Students can base the security analysis on actual testing of system (using for example penetration testing or the like) or create an analytical end-to-end description of the threats and risks. The analysis shall be used as a basis for creating a strategy for diminishing the threats and risks

Learning objectives


  • Must have knowledge of different cyber treats, including threat actors and attack vectors.
  • Must have knowledge of relevant methods and frameworks for risk assessment, including ISO27001/ISO27002 and NIST.
  • Must have knowledge of relevant frameworks for understanding cyber-attacks, including the Cyber Kill Chain as well as the Mitre att&ck framework.


  • Must have the ability to choose and describe relevant mitigation strategies, based on a cyber risk analysis.
  • Must have the ability to select and apply methods and techniques to find known vulnerabilities in systems, i.e. using penetration-testing tools as well as OSINT techniques.
  • Must have the ability to develop incident response plans along with procedures for testing and revising such plans.


  • Must have competences in choosing and applying relevant methods and framework to conduct cyber risk analysis for a system.
  • Must have competences in critically reflecting on the limitations, strengths and drawbacks of the selected methods.
  • Must have competences in developing a strategy to mitigate and handle cyber risks, based on the analysis carried out with respect to a system.
  • Must have competences in presenting the conducted assessments to a broad audience within an organisation.

Type of instruction

Types of instruction are listed at the start of ยง17; Structure and contents of the programme.



Name of examMaster's Project: Strategies for Secure Organisations
Type of exam
Master's thesis/final project
Assessment7-point grading scale
Type of gradingInternal examination
Criteria of assessmentThe criteria of assessment are stated in the Examination Policies and Procedures

Facts about the module

Danish titleMasterprojekt: Strategier for sikker organisationer
Module codeESNMCSPM3P1
Module typeProject
Duration1 semester
Language of instructionEnglish
Empty-place SchemeYes
Location of the lectureCampus Copenhagen
Responsible for the module


Education ownerMaster of Cyber Security and Privacy
Study BoardStudy Board of Electronics and IT
DepartmentDepartment of Electronic Systems
FacultyThe Technical Faculty of IT and Design