Study Guide

Learning outcomes

The student is able to
- plan and perform penetration testing
- apply covert techniques to scan and attack a network
- assess and prevent security gaps in a network infrastructure
- implement security controls to network security
- identify and apply tools and techniques used to evade IDS, firewalls, and honeypots

Teaching methods

# This study unit is fully online learning with the possibilities of volunteer tutoring meetings with the teachers.
# The tutoring meetings are not compulsory. Any student can participate in tutoring meeting if they need any help from teachers.
# Virtual studies, weekly basis virtual learning, and assignments xxx

Module-1:
Business and Industry Influences and Risks
Organizational Security and Privacy Policies
Module-2:
Risk Mitigation Strategies and Controls
Risk Metric Scenarios for Enterprise Security
Module-3:
Integrating Network and Security Components, Concepts, and Architectures
Integrating Security Controls for Host Devices
Module-4:
Integrating Controls for Mobile and Small Form Factor Devices
Selecting Software Security Controls
Module-5:
Conducting Security Assessments
Implementing Incident Response and Recovery
Module-6:
Integrating Hosts, Storage, and Applications in the Enterprise
Integrating Cloud and Virtualization Technologies in the Enterprise
Module-7:
Integrating and Troubleshooting Advanced AAA Technologies
Implementing Cryptographic Techniques
Module-8:
Secure Communication and Collaboration Solutions
Applying Research Methods for Trend and Impact Analysis
Module-9:
Implementing Security Activities across the Technology Life Cycle
Interacting across Diverse Business Units

Location and time

# Fully online studies: Not dependent on place or time (virtual studies).
# Starting on Week-35 and ends on Week-48 (Complete weekly schedule will be provided to eligible and accepted students).

Learning materials and recommended literature

# Learning material is based on the CompTIA Advanced Security Practitioner (CASP) modules.
# The study unit provides preparatory training for CompTIA Advanced Security Practitioner (CASP) but not the certification exam.

Co-operation with working life and/or RDI

Nokia and Digia HackAthon (Student will be eligible to participate in HackAthon event if s/he participating in this study unit).

Important dates

# Study unit starts on week 35
# Study unit ends on week 48
# Detailed schedule is released at the beginning of the study unit
NOTE: There can be minor scheduling changes.

Forms of internationality

Teachers and students group are international (Finnish and English degree programme students). A teacher is also representing Finland in European Cybersecurity Organisation (EU, Brussels) as a chairman of the working group.

Students workload

Kindly notice following carefully before registering for the study unit. This is a professional training study unit and it requires regular weekly learning effort.
5 credits | Total 137.5 hours of student learning time | 8-10 hours per week

Content and scheduling

# Study unit starts on week 35
# Study unit ends on week 48
Module-1:
Business and Industry Influences and Risks
Organizational Security and Privacy Policies
Module-2:
Risk Mitigation Strategies and Controls
Risk Metric Scenarios for Enterprise Security
Module-3:
Integrating Network and Security Components, Concepts, and Architectures
Integrating Security Controls for Host Devices
Module-4:
Integrating Controls for Mobile and Small Form Factor Devices
Selecting Software Security Controls
Module-5:
Conducting Security Assessments
Implementing Incident Response and Recovery
Module-6:
Integrating Hosts, Storage, and Applications in the Enterprise
Integrating Cloud and Virtualization Technologies in the Enterprise
Module-7:
Integrating and Troubleshooting Advanced AAA Technologies
Implementing Cryptographic Techniques
Module-8:
Secure Communication and Collaboration Solutions
Applying Research Methods for Trend and Impact Analysis
Module-9:
Implementing Security Activities across the Technology Life Cycle
Interacting across Diverse Business Units

Further information for students

We are here to help in your learning process and professional competencies. However, consider following points before enrolling in the study unit.
o Study unit is suitable for graduate-level student finished first-semester compulsory studies.
o The student must know: how a company/organization works.
o The student knows the basics of ICT-technologies.
o The student is able to study independently with a weekly schedule.
o The student is willing to put effort for own learning.
NOTE: Any student finished Introduction to Information Security or Information Security Management study unit will get priority for the enrollment acceptance.

Grading scale

H-5

Evaluation methods and criteria

# Weekly study, assignment and tasks
# Students collect the points for different learning activities
# Online Tests
# Weekly studies
# Learning assignments and tasks

Evaluation criteria, satisfactory (1-2)

– use professional concepts in a consistent manner and demonstrate his/her familiarity with the knowledge basis
– report and communicate in a professional manner
– act independently taking into account the operating environment
– describe the significance of his/her actions for successful co-operation
– describe his/her competence in relation to the learning outcomes

Evaluation criteria, good (3-4)

– critically evaluate information and justify their actions with science-based knowledge
– propose creative solutions at work
- describe the development of his/her competence in relation to the learning outcomes

Evaluation criteria, excellent (5)

– analyse the acquired information, draw conclusions and combine theoretical knowledge with experiential knowledge
– evaluate the applicability of produced knowledge, skill or idea to other contexts as well as their impact
– evaluate the possibilities for utilising competence and plan his/her personal development