Study Guide

Learning outcomes

The student is able to
- take sole responsibility for working as a member cybersecurity
analyst team (project target varies including research, innovation,
business, cyber ranges, cyber drill or cyber defense projects)
- participate and act ethically as a member of team, community
and working-life partners
- select appropriate tools and strategies for network
reconnaissance and vulnerability analysis project in real exercise
or company environment
- present the results of network reconnaissance and vulnerability
analysis in a professional format
- analyze critically the outcome of the project
- manifest cybersecurity professional practices and apply
practitioners skills in the community

Content

Note: The learning targets can be advance studies in one or more
of following (not limited to only those): cybersecurity practices,
cyber ranges, cyber drills, cyber forensics, cyber war, cyber
defence, cybersecurity for AI and robotics, cybersecurity for
blockchain, cybersecurity for supply chain management and
relevant advance cybersecurity topics.

Teaching methods

- The study unit offers students possibility to participate Hackathon or Capture the Flag (CTF) event or exercise
- The implementation of the study unit depends on current collaboration partner
- The students participate workshops, seminars, webinars and Hackathon / CTF event exercise
- The study unit is offered for the students who study cybersecurity as their major and they have already finished at least two of following study units: TO00BR89 Introduction to Information Security & TO00BR90 Information Security Management OR TO00BR88 Information Infrastructure and Security & A9185 Network Applications OR equivalent competence
- NOTE-1: We expect active participation in workshops, seminars and webinars
- NOTE-2: Use of microphone and camera is required in the virtual sessions

Learning materials and recommended literature

- Workshops, seminars, webinars and Hackathon/CTF-event
- Kali Linux Penetration Testing BibleLinks to an external site. (Khawaja, 2021)
- Penetration Testing For DummiesLinks to an external site. (Shimonski, 2020)
- Hands-On Web Penetration Testing with MetasploitLinks to an external site. (Singh & Sharma, 2020)
- Hands-On Application Penetration Testing with Burp SuiteLinks to an external site. (Lozano, Shah & Walikar, 2019)

Alternative completion methods of implementation

- If a student has existing domain specific competence he/she can request a process for recognition of existing competence before or during the Orientation-module

Co-operation with working life and/or RDI

- The study unit is offered in collaboration with industry partners or Laurea RDI-projects

Important dates

- Study unit starts on week 34 (preliminary plan)
- Study unit ends on week 44 (preliminary plan)
- Detailed schedule is released at the beginning of the study unit
- NOTE: There can be scheduling changes

Students workload

- 3 cr / 82,5 hours
- Study unit will last 11 weeks

Content and scheduling

Modules:
- Module-0: Orientation to the studies
- Module-1: Linux Fundamentals
- Module-2: Setup Testing Environment
- Module-3: Project Plan
- Module-4: Project Execution
- Module-5: Personal Development Plan

Further information for students

- The study unit is offered for the students who study cybersecurity as their major and who are planning their career in cybersecurity

Grading scale

Approved/Failed

Evaluation methods and criteria

- Weekly studies
- Students collect points for different learning activities
- Online Tests
- Learning assignments and tasks
- Group work
- Possible bonus task

Assessment scale:
100-90 points equals grade 5
89-80 points equals grade 4
79-70 points equals grade 3
69-60 points equals grade 2
59-50 points equals grade 1
49-0 points equals grade 0

Evaluation criteria, approved/failed

– use professional concepts in a consistent manner and demonstrate his/her familiarity with the knowledge basis
– report and communicate in a professional manner
– act independently taking into account the operating environment
– describe the significance of his/her actions for successful co-operation
– describe his/her competence in relation to the learning outcomes

Evaluation criteria, fail (0)

– is not able to use professional concepts in a consistent manner and demonstrate his/her familiarity with the knowledge basis
– is not able to report and communicate in a professional manner
– is not able to act independently taking into account the operating environment
– is not able to describe the significance of his/her actions for successful co-operation
– is not able to describe his/her competence in relation to the learning outcomes

Evaluation criteria, satisfactory (1-2)

– use professional concepts in a consistent manner and demonstrate his/her familiarity with the knowledge basis
– report and communicate in a professional manner
– act independently taking into account the operating environment
– describe the significance of his/her actions for successful co-operation
– describe his/her competence in relation to the learning outcomes

Evaluation criteria, good (3-4)

– critically evaluate information and justify their actions with science-based knowledge
– propose creative solutions at work
- describe the development of his/her competence in relation to the learning outcomes

Evaluation criteria, excellent (5)

– analyse the acquired information, draw conclusions and combine theoretical knowledge with experiential knowledge
– evaluate the applicability of produced knowledge, skill or idea to other contexts as well as their impact
– evaluate the possibilities for utilising competence and plan his/her personal development

Qualifications

Prerequisites:
R0318 Introduction to Information Security & R0319 Information
Security Management AND R0385 Information Infrastructure and
Security & A9185 Network Applications OR equivalent
competence