Course syllabus - Cybersecurity Operations

Objectives

The course aims to provide students with a good understanding of incident management and security work in the IT society. The course also aims to develop skills in literature search, documentation, and presentation. 

Learning outcomes

After completeding the course, the student shall be able to: 

1. explain the role of the Cybersecurity Operations Analyst in the enterprise,
2. explain common Operating System features and characteristics needed to support cybersecurity analyses,
3. analyze the operation of network protocols and services,
4. explain the operation of the network infrastructure,
5. classify the various types of network attacks,
6. use network monitoring tools to identify attacks against network protocols and services,
7. explain how to prevent malicious access to computer networks, hosts, and data,
8. explain the impacts of cryptography on network security monitoring,
9. explain how to investigate endpoint vulnerabilities and attacks,
10. evaluate network security alerts,
11. analyze network intrusion data to identify compromised hosts,
12. apply incident response models to manage network security incidents and 
13. present operational work in writing and presentations. 

Course content

Today's organizations are challenged with rapidly detecting cybersecurity breaches and effectively responding to security incidents. Teams of people in Security Operations Centers keep a vigilant eye on security systems, protecting their organizations by detecting and responding to cybersecurity exploits and threats. The course prepares candidates to act and treat security operations.  

Specific requirements

Cybersecurity fundamentals 7.5 hp at advanced level. In addition, Swedish B/Swedish 3 and English A/English 6 are required. For courses given in entirely in English exemption is made from the requirement in Swedish B/Swedish 3.

Examination

Written examination (TEN1), , 3 credits, examines the theoretical aspects of the learning outcomes 1-12 marks Fail (U), 3, 4 or 5.
Laboratory work (LAB1), 4,5 hp, examines the operational aspects of the learning outcomes 1-12 and presenting in speech and writing for the learning outcome 13, marks Fail (U) or Pass (G).

A student who has a certificate from MDU regarding a disability has the opportunity to submit a request for supportive measures during written examinations or other forms of examination, in accordance with the Rules and Regulations for Examinations at First-cycle and Second-cycle Level at Mälardalen University (2020/1655). It is the examiner who takes decisions on any supportive measures, based on what kind of certificate is issued, and in that case which measures are to be applied.

Suspicions of attempting to deceive in examinations (cheating) are reported to the Vice-Chancellor, in accordance with the Higher Education Ordinance, and are examined by the University’s Disciplinary Board. If the Disciplinary Board considers the student to be guilty of a disciplinary offence, the Board will take a decision on disciplinary action, which will be a warning or suspension.

Grade

Pass with distinction, Pass with credit, Pass, Fail

Interim Regulations and Other Regulations

The course overlaps with 2,5 credits with DVA487 Methods and Tools for Industrial Cybersecurity.