Course content

The course focuses on fundamental concepts in cybersecurity and assurance. The covered topics include introduction to cybersecurity and assurance, networking fundamentals and cloud security, application security, threat intelligence and threat modeling, risk assessment and vulnerability management, incident response and business continuity. Regulatory frameworks and compliance standards (e.g. GDPR, NIS2, ISO 27001, and NIST), assurance audits, control processes, and ethics, and security policies, governance, and Security Information and Event Management (SIEM) tools are thought.

Learning outcome

A) Knowledge:

Students will develop an in-depth understanding of foundational cybersecurity principles, including key concepts in operating systems, networking, cryptography, and threat landscapes. They will gain knowledge about ethical and legal considerations related to cybersecurity practices and the role of audits and assurance in different industries as well as the use of SIEM tools for comprehensive security management.

B) Skills:

Students will be able to:

• Apply networking and cryptographic techniques to develop secure digital solutions.
• Utilize risk assessment and vulnerability management tools to identify and mitigate security risks within an organization.
• Conduct threat modeling exercises using established frameworks such as STRIDE, developing actionable insights for securing systems.
• Design and implement basic incident response plans, ensuring readiness for effective business continuity and disaster recovery.
• Conduct assurance audits, understanding and applying control processes effectively.
• Develop and manage security policies and governance models tailored to specific industry needs.
• Use SIEM tools to monitor and analyze security incidents, providing real-time insights for security operations.

C) General competence:

Students will be able to research, design, and present cybersecurity case studies, reinforcing practical and analytical skills, both independently and in teams.

The course contributes to the following UN sustainable development goals:

• SDG 4 (Target 4.4): By increasing the number of individuals who are equipped with foundational and advanced knowledge in cybersecurity, cryptography, risk assessment, cybersecurity ethics and governance, fostering a skilled workforce capable of navigating the complexities of the modern digital economy.
• SDG 8 (Target 8.2): Educating future cybersecurity professionals and leaders, the course helps ensure that organizations and nations can protect their digital infrastructures, mitigate cyber risks, and maintain secure environments for business continuity. This supports sustainable economic development by securing digital economies.
• SDG 9 (Target 9.1): By teaching students to secure cloud environments, apply secure software development practices, and manage security operations centers, the course contributes to the creation and maintenance of resilient digital infrastructures, vital for innovation and economic growth.
• SDG 17 (Target 17.16): By involving students in real-world case studies and partnerships with cybersecurity professionals, the course fosters collaboration across sectors to address global cybersecurity challenges. Through this interdisciplinary approach, students learn how to engage in meaningful partnerships that contribute to the overall resilience of global digital systems.

Learning methods and activities

Lectures by academics and guests from industry. Much of the learning happens in teams. The lectures and discussions are in English.

Specific conditions

Course materials

"Principles of information security" by Michael E. Whitman (Book available at NTNU library)