Course content

The intelligence lifecycle (general methodology)

Planning - building a collection plan

Collecting

Processing

Produce

Disseminate

Cyber Intelligence (specific methodology)

Open Source Intelligence

Information sharing (tools, procedures, trust, TAXII/STIXS)

Threat actors (APT, Attribution, diamond model)

Situation Awareness (RCP, products¿)

Cyber SA (Threat awareness, mission awareness, network awareness)

(Cyber Threat landscape)

Learning outcome

Knowledge:

The candidate possesses knowledge of the intelligence lifecycle

The candidate possesses thorough knowledge of cyber intelligence

The candidate possesses through knowledge the following steps: planning, collecting, processing, production and dissemination, related to cyber Intelligence.

The candidate possess thorough knowledge on how to build Cyber Situation Awareness

The candidate possess knowledge of treath actors, in particular APT

The candidate possess thorough knowledge of attribution and campagne analysis, related to cyber domain

Skills:

The candidate is capable of applying malware analysis methodology and technology

The candidate is capable of applying advanced static malware analysis

The candidate is capable of applying advanced dynamic malware analysis

The candidate is able to disassemble binaries and analyzing assembly code

The candidate is able to identify basic and some advanced malware functionality

The candidate is able to identify known anti-reverse engineering techniques

General competence:

The candidate is capable of analyzing relevant professional and research problems in malware analysis

The candidate is capable of applying their knowledge and skills in new fields, in order to accomplish advanced task and projects in malware analysis

The candidate is capable of working independently as a malware analyst and is familiar with terminology.

The candidate is capable of discussing professional problems, analysis and conclusions in the field of malware analysis, both with professionals and with general audience

The candidate has the learning skills to continue acquiring new knowledge and skills in a largely self-directed manner

The candidate is capable of contributing to innovation and innovation processes

Learning methods and activities

Forelesninger|Lab.øvelser|Nettstøttet læring|Obligatoriske oppgaver|Prosjektarbeid

Utfyllende informasjon:

The course will be made accessible for both campus and remote students. Students are free to choose the pedagogic arrangement that is best fitted for their own requirement. The lectures in the course will be given on campus and are recorded.

Obligatoriske arbeidskrav:

Announced in fall 2017.

Further on evaluation

Utfyllende om kontinuasjon:

For the final, written exam: Ordinary re-sit exam in August.

Vurderingsformer:

An overall evaluation based on 100 point scale, where project work counts 40 points, oral presentation counts 20 points, and final, written exam (3 hours) counts 40 points. Conversion from 100 point scale to A-F scale according to recommended conversion table.In specificcircumstances, the course responsible can slightly adjust the limits in the conversion table to enforce compatibility with the qualitative descriptions on the A-F scale.

Specific conditions

Course materials

Books/standards, conference/journal papers and web resources, to be decided

Credit reductions