Course - Foundations of Cybersecurity and Assurance - IIK4105
Foundations of Cybersecurity and Assurance
New from the academic year 2025/2026
About
About the course
Course content
The course focuses on fundamental concepts in cybersecurity and assurance. The covered topics include introduction to cybersecurity and assurance, networking fundamentals and cloud security, application security, threat intelligence and threat modeling, risk assessment and vulnerability management, incident response and business continuity. Regulatory frameworks and compliance standards (e.g. GDPR, NIS2, ISO 27001, and NIST), assurance audits, control processes, and ethics, and security policies, governance, and Security Information and Event Management (SIEM) tools are thought.
Learning outcome
A) Knowledge:
Students will develop an in-depth understanding of foundational cybersecurity principles, including key concepts in operating systems, networking, cryptography, and threat landscapes. They will gain knowledge about ethical and legal considerations related to cybersecurity practices and the role of audits and assurance in different industries as well as the use of SIEM tools for comprehensive security management.
B) Skills:
Students will be able to:
- Apply networking and cryptographic techniques to develop secure digital solutions.
- Utilize risk assessment and vulnerability management tools to identify and mitigate security risks within an organization.
- Conduct threat modeling exercises using established frameworks such as STRIDE, developing actionable insights for securing systems.
- Design and implement basic incident response plans, ensuring readiness for effective business continuity and disaster recovery.
- Conduct assurance audits, understanding and applying control processes effectively.
- Develop and manage security policies and governance models tailored to specific industry needs.
- Use SIEM tools to monitor and analyze security incidents, providing real-time insights for security operations.
C) General competence:
Students will be able to research, design, and present cybersecurity case studies, reinforcing practical and analytical skills, both independently and in teams.
The course contributes to the following UN sustainable development goals:
- SDG 4 (Target 4.4): By increasing the number of individuals who are equipped with foundational and advanced knowledge in cybersecurity, cryptography, risk assessment, cybersecurity ethics and governance, fostering a skilled workforce capable of navigating the complexities of the modern digital economy.
- SDG 8 (Target 8.2): Educating future cybersecurity professionals and leaders, the course helps ensure that organizations and nations can protect their digital infrastructures, mitigate cyber risks, and maintain secure environments for business continuity. This supports sustainable economic development by securing digital economies.
- SDG 9 (Target 9.1): By teaching students to secure cloud environments, apply secure software development practices, and manage security operations centers, the course contributes to the creation and maintenance of resilient digital infrastructures, vital for innovation and economic growth.
- SDG 17 (Target 17.16): By involving students in real-world case studies and partnerships with cybersecurity professionals, the course fosters collaboration across sectors to address global cybersecurity challenges. Through this interdisciplinary approach, students learn how to engage in meaningful partnerships that contribute to the overall resilience of global digital systems.
Learning methods and activities
Lectures by academics and guests from industry. Much of the learning happens in teams. The lectures and discussions are in English.
Further on evaluation
Two assessments provide the basis for the final grade in the course: a project report and an oral presentation. The course is evaluated as passed / not passed, and both assessments must be passed to pass the course. Detailed requirements for the project report and the oral presentation, as well as the deadline for report submission, will be announced at the beginning of the semester. If any of the assessments are not passed, there will be an opportunity for continuation in January of the following semester, during which an improved report may be submitted and/or a new presentation given. If a student still receives a final grade of 'not passed' after the continuation, they must repeat the entire course.
Specific conditions
Admission to a programme of study is required:
Security and Cloud Computing (MSSECCLO)
Course materials
"Principles of information security" by Michael E. Whitman (Book available at NTNU library)
Subject areas
- Information Security
Contact information
Department with academic responsibility
Department of Information Security and Communication Technology