Introduction to Information Security (5cr)

Qualifications

Prerequisites:
For tiko students: study units R0240 ICT-toimintaympäristö, R0241 Tiedonhallinta ja tietokannat & R0242 Tietoverkot ja tietoturva
For BIT students: study units R0277 ICT Environment and Infrastructure, R0279 Information Management and Databases & R0280 Data Networks and Information Security
Or equivalent competence.

Learning outcomes

The student is able to
- act ethically as a member of study group and community
- recognize and comprehend the importance of confidentiality,
integrity and availability model for the information and
cybersecurity
- recognize and comprehend different threats, attacks and
vulnerabilities
- comprehend and describe security technologies and tools
- comprehend and describe security architectures and designs
- comprehend and describe identity and access management
approaches
- comprehend, describe and apply risk management principles
- comprehend and describe cryptography and PKI concepts
- differentiate cybersecurity domains and subdomains from each
other
- comprehend and explain the importance of the cybersecurity in
the modern society
- reflect and develop their own learning process

Teaching methods

- This study unit is a partially automated, self-paced online learning course complemented with applied assignments and an entry-level Capture the Flag (CTF) exercise
- The tutoring meetings are not compulsory. Any student can participate in a tutoring meeting if they need any help from teachers
- Virtual studies, on a weekly basis, virtual learning and assignments
- This is an introductory-level study unit, and it gives a good basis for more advanced study units
- This study unit is suitable for any student who is willing to learn the overview of information security technologies
- Students need to commit to weekly based studies
- NOTE-1: There are no scheduled lectures given by a teacher but the teacher is available for counselling and solving study-related problems
- NOTE-2: The Student should have basic competency in ICT environments and IT infrastructure
- NOTE-3: Programming (Python) and Linux skills are beneficial but not mandatory in the Capture the Flag (CTF) exercise

Time and location

- Not dependent on place or time (virtual studies)
- The study unit is implemented in Canvas LMS

Learning materials and recommended literature

- Learning material is based on CompTIA Security+ SY0-501 certification training material
- Video material
- Course book (CompTIA Security+ 7th Edition, Dulaney Emmett)
- The study unit provides preparatory training for CompTIA Security+ but not the certification exam
- NOTE: There are no scheduled lectures given by a teacher but the teachers are available for counselling and solving study-related problems

Alternative completion methods of implementation

- If a student has existing domain-specific competence he/they can request a process for recognition of existing competence before or during the Orientation module

Co-operation with working life and/or RDI

- The study unit content equals professional CompTIA Security+ certification

Important dates

- A detailed schedule is released at the beginning of the study unit

Student workload

- 5 cr / 137,5 hours
- The study unit will last 12 weeks

Content and scheduling

- Weekly-based schedule and one (1) module per week
- A student can proceed at his/her own pace from Module-1 to Module-10
- Integrated Capture the Flag (CTF) exercise

Modules:
- Module-0: Learning target and goal
- Module-1: Network Security Part 1
- Module-2: Network Security Part 2
- Module-3: Compliance and Operational Security Part 1
- Module-4: Compliance and Operational Security Part 2
- Module-5: Threats and Vulnerabilities Part 1
- Module-6: Threats and Vulnerabilities Part 2
- Module-7: Threats and Vulnerabilities Part 3
- Module-8: Application, Data, and Host Security
- Module-9: Access Control and Identity
- Module-10: Cryptography

Further information

- This is an introductory-level study unit, and it gives good basis for more advanced cybersecurity study units
- This study unit is suitable for any student who is willing to learn the overview of information security technologies
- Students need to commit to weekly based studies
- NOTE: Inactive students are removed from the study unit after the orientation period (the first week of the study unit)

Evaluation scale

H-5

Evaluation methods and criteria

- Weekly studies
- Students collect points for different learning activities
- Online Tests
- Learning assignments and tasks
- Possible bonus task

Assessment scale:
100-90 points equals grade 5
89-80 points equals grade 4
79-70 points equals grade 3
69-60 points equals grade 2
59-50 points equals grade 1
49-0 points equals grade 0

Assessment criteria, satisfactory (1-2)

– use essential professional concepts when explaining various work practices and situations
– search for information in different sources
– report
– work under guidance using the skills and methods learned
– receive guidance
– plan the progress of his/her work and use of time under guidance
– work safely and in accordance with the professional code of conduct
– follow the provided instructions and rules

Assessment criteria, good (3-4)

– use professional concepts in a consistent manner when explaining various work practices and situations
– gather information and use his/her knowledge basis
– report in the agreed manner
– work using the skills and methods learned
– take part in guidance and utilise it
– plan and manage the progress of his/her work and use of time
– justify this/her actions in accordance with the professional code of conduct

Assessment criteria, excellent (5)

– use professional concepts extensively
– compare and choose relevant information
– report and communicate in a professional manner
– work independently, using the skills and methods learned
– anticipate his/her need for guidance
– manage his/her time appropriately, completing the agreed tasks at the required quality level
– work responsibly, applying the skills and methods learned
– plan and evaluate their work, taking safety and/or ethical aspects into consideration