Course - Foundations of Cybersecurity and Assurance - IIK4105
Foundations of Cybersecurity and Assurance
About
About the course
Course content
The course focuses on fundamental concepts in cybersecurity and assurance. The covered topics include introduction to cybersecurity and assurance, network and cloud security, application security, threat intelligence and threat modeling, risk assessment and vulnerability management, incident response and business continuity. Regulatory frameworks and compliance standards (e.g. GDPR, NIS2, ISO 27001, and NIST); assurance audits, control processes, and ethics; security policies, governance, and Security Information and Event Management (SIEM) tools are thought.
Learning outcome
A) Knowledge:
Students will develop an in-depth understanding of foundational cybersecurity principles, including key concepts in operating systems, networking, cryptography, and threat landscapes. They will gain knowledge about ethical and legal considerations related to cybersecurity practices and the role of audits and assurance in different industries as well as the use of SIEM tools for comprehensive security management.
B) Skills:
Students will be able to:
- Apply networking and cryptographic techniques to develop secure digital solutions.
- Utilize risk assessment and vulnerability management tools to identify and mitigate security risks within an organization.
- Conduct threat modeling exercises using established frameworks such as STRIDE, developing actionable insights for securing systems.
- Design and implement basic incident response plans, ensuring readiness for effective business continuity and disaster recovery.
- Conduct assurance audits, understanding and applying control processes effectively.
- Develop and manage security policies and governance models tailored to specific industry needs.
- Use SIEM tools to monitor and analyze security incidents, providing real-time insights for security operations.
C) General competence:
Students will be able to research, design, and present cybersecurity case studies, reinforcing practical and analytical skills, both independently and in teams.
This course contributes to the following UN Sustainability Development Goals (SDGs): SDG 8 (Target 8.2) ensuring that organizations and nations can protect their digital infrastructures, mitigate cyber risks, and maintain secure environments for business continuity; SDG 9 (Target 9.1) teaching students to secure and maintain resilient digital infrastructures, vital for innovation and economic growth; SDG 17 (Target 17.16) involving students in real-world case studies and partnerships with cybersecurity professionals.
Learning methods and activities
Lectures by academics and guests from industry. Most of the learning happens in teams. The lectures and discussions are in English. Compulsory oral presentations.
Compulsory assignments
- Oral presentations
Further on evaluation
(the information may be changed until June 15th)
Portfolio assessment provides the basis for the final grade in the course. The portfolio consists of project reports. The entire portfolio is evaluated as passed/not passed. Detailed requirements for the project reports, including submission deadlines, will be announced at the beginning of the semester. If a student receives the final grade not passed, the student must repeat the entire course.
Specific conditions
Admission to a programme of study is required:
Cybersecurity and Assurance (MSCYBSURE)
Course materials
"Principles of information security" by Michael E. Whitman (Book available at NTNU library)
Subject areas
- Information Security
Contact information
Course coordinator
Department with academic responsibility
Department of Information Security and Communication Technology