| Learning Outcomes |
Competences |
| Students are able to understand and describe basic security concepts and controls used to mitigate threats targeting IT-, IoT-, OT systems, and mobile devices. They can apply certain mitigation techniques, such as hardening, conduct various security tests, and find evidence as part of an incident response plan.
|
|
| Skills |
Knowledge |
- Systematically address, assess, and communicate security aspects by using threat modeling and risk management approaches (K4,K5)
- Describe vulnerabilities by using CVE, CWE, CVSS, or OWASP (K2,K3)
- Choose, deploy, or create proper hardening measures for Linux systems with focus on Discretionary Access Control (DAC), Mandatory Access Control (MAC), and fail2ban (K3,K5,K6)
- Conduct basic reverse engineering techniques, port scans, and brute-force/dictionary attacks to find weaknesses within a system or program while sticking to IEEE code of ethics (K3,K4)
- Understand the basics of an incident response plan (K2)
- Find evidence of an incident in a log file (K3, K4)
- Analyze and evaluate basic security concepts of network architectures (K4,K5)
- Understand basic security aspects in special environments, such as mobile systems, Internet-of-Things, and Industrial Control Systems (K2)
- Differentiate IT and OT security requirements (K2)
|
- Threats, vulnerabilities, and risks
- Vulnerability frameworks and scoring systems (e.g., CVE, CWE, CVSS, OWASP)
- Access control models like DAC and MAC
- Public-key cryptography
- Phases of a penetration test, including test types
- Incident response life cycle
- Malware types
- Steps how attackers design malware
- Basic network security concepts (e.g., DMZ, VLAN)
- OWASP (Mobile) Top 10
- Differentiation between IT and OT with regards to security
|
|
