course-details-portlet

IIK4105

Foundations of Cybersecurity and Assurance

New from the academic year 2025/2026

Credits 7.5
Level Second degree level
Course start Autumn 2025
Duration 1 semester
Language of instruction English
Location Trondheim
Examination arrangement Aggregate score

About

About the course

Course content

The course focuses on fundamental concepts in cybersecurity and assurance. The covered topics include introduction to cybersecurity and assurance, networking fundamentals and cloud security, application security, threat intelligence and threat modeling, risk assessment and vulnerability management, incident response and business continuity. Regulatory frameworks and compliance standards (e.g. GDPR, NIS2, ISO 27001, and NIST), assurance audits, control processes, and ethics, and security policies, governance, and Security Information and Event Management (SIEM) tools are thought.

Learning outcome

A) Knowledge:

Students will develop an in-depth understanding of foundational cybersecurity principles, including key concepts in operating systems, networking, cryptography, and threat landscapes. They will gain knowledge about ethical and legal considerations related to cybersecurity practices and the role of audits and assurance in different industries as well as the use of SIEM tools for comprehensive security management.

B) Skills:

Students will be able to:

  • Apply networking and cryptographic techniques to develop secure digital solutions.
  • Utilize risk assessment and vulnerability management tools to identify and mitigate security risks within an organization.
  • Conduct threat modeling exercises using established frameworks such as STRIDE, developing actionable insights for securing systems.
  • Design and implement basic incident response plans, ensuring readiness for effective business continuity and disaster recovery.
  • Conduct assurance audits, understanding and applying control processes effectively.
  • Develop and manage security policies and governance models tailored to specific industry needs.
  • Use SIEM tools to monitor and analyze security incidents, providing real-time insights for security operations.

C) General competence:

Students will be able to research, design, and present cybersecurity case studies, reinforcing practical and analytical skills, both independently and in teams.

The course contributes to the following UN sustainable development goals:

  • SDG 4 (Target 4.4): By increasing the number of individuals who are equipped with foundational and advanced knowledge in cybersecurity, cryptography, risk assessment, cybersecurity ethics and governance, fostering a skilled workforce capable of navigating the complexities of the modern digital economy.
  • SDG 8 (Target 8.2): Educating future cybersecurity professionals and leaders, the course helps ensure that organizations and nations can protect their digital infrastructures, mitigate cyber risks, and maintain secure environments for business continuity. This supports sustainable economic development by securing digital economies.
  • SDG 9 (Target 9.1): By teaching students to secure cloud environments, apply secure software development practices, and manage security operations centers, the course contributes to the creation and maintenance of resilient digital infrastructures, vital for innovation and economic growth.
  • SDG 17 (Target 17.16): By involving students in real-world case studies and partnerships with cybersecurity professionals, the course fosters collaboration across sectors to address global cybersecurity challenges. Through this interdisciplinary approach, students learn how to engage in meaningful partnerships that contribute to the overall resilience of global digital systems.

Learning methods and activities

Lectures by academics and guests from industry. Much of the learning happens in teams. The lectures and discussions are in English.

Further on evaluation

Two assessments provide the basis for the final grade in the course: a project report and an oral presentation. The course is evaluated as passed / not passed, and both assessments must be passed to pass the course. Detailed requirements for the project report and the oral presentation, as well as the deadline for report submission, will be announced at the beginning of the semester. If any of the assessments are not passed, there will be an opportunity for continuation in January of the following semester, during which an improved report may be submitted and/or a new presentation given. If a student still receives a final grade of 'not passed' after the continuation, they must repeat the entire course.

Specific conditions

Admission to a programme of study is required:
Security and Cloud Computing (MSSECCLO)

Course materials

"Principles of information security" by Michael E. Whitman (Book available at NTNU library)

Subject areas

  • Information Security

Contact information

Department with academic responsibility

Department of Information Security and Communication Technology

Examination

Examination

Examination arrangement: Aggregate score
Grade: Passed / Not Passed

Ordinary examination - Autumn 2025

Project report
Weighting 50/100
Oral presentation
Weighting 50/100 Examination aids Code A Duration 30 minutes