Text

Course syllabus - Cybersecurity Operations

Scope

7.5 credits

Course code

DVA515

Valid from

Autumn semester 2026

Education level

Second cycle

Progressive Specialisation

A1F (Second cycle, has second-cycle course/s as entry requirements)

Main area(s)

Computer Science

Organisation

Department of Computer Science & Engineering

Ratified

2025-12-19

Literature lists

Course literature is preliminary up to 8 weeks before course start. Course literature can be valid over several semesters.

Objectives

The course aims to provide students with a good understanding of incident management and security work in the IT society. The course also aims to develop skills in literature search, documentation, and presentation.

Learning outcomes

After completing the course, the student shall be able to:

  1. explain the role of the Cybersecurity Operations Analyst in the enterprise,
  2. explain common Operating System features and characteristics needed to support cybersecurity analyses,
  3. analyze the operation of network protocols and services,
  4. explain the operation of the network infrastructure,
  5. classify the various types of network attacks,
  6. use network monitoring tools to identify attacks against network protocols and services,
  7. explain how to prevent malicious access to computer networks, hosts, and data,
  8. explain the impacts of cryptography on network security monitoring,
  9. explain how to investigate endpoint vulnerabilities and attacks,
  10. evaluate network security alerts,
  11. analyze network intrusion data to identify compromised hosts,
  12. apply incident response models to manage network security incidents and
  13. present operational work in writing and presentations.

Course content

Today's organizations are challenged with rapidly detecting cybersecurity breaches and effectively responding to security incidents. Teams of people in Security Operations Centers keep a vigilant eye on security systems, protecting their organizations by detecting and responding to cybersecurity exploits and threats. The course prepares candidates to act and treat security operations.

Specific requirements

Cybersecurity fundamentals 7.5 hp at advanced level. In addition Swedish course 3 or Swedish level 3 and English course 6 or English level 2 are required. For courses given entirely in English exemption is made from the requirement in Swedish course 3 or Swedish level 3.

Examination

LAB1, Laboratory session , 3 credits, examines the operational aspects of the learning outcomes 1-12, marks Fail (U) or Pass (G).
SEM1, Seminar, 4,5 credits, examines the learning outcomes 1-13, marks Fail (U), 3, 4 or 5.

A student who has a certificate from MDU regarding disability study support, can request adaptions for the examination. It is the examiner who takes decisions on any adaptions, based on the certificate and other conditions.

Grade

Grading scale: 5, 4, 3

Interim Regulations and Other Regulations

The course completely overlaps with DVA496 Cybersecurity Operations and also 2,5 credits with DVA487 Methods and Tools for Industrial Cybersecurity.