Study Guide

Objective

The student will
• Understand the administrative and technical basics of information and cybersecurity
• Recognize the operational environment and threats, and be able to assess the impact of information and cybersecurity on organizational operations
• Understand the significance of a security culture for information and cybersecurity
• Be capable of planning, drafting, and implementing an information security policy for the organization
• Recognize the importance of information classification for safeguarding organizational information and be able to classify information and information systems
• Grasp the importance of competence and awareness in achieving information and cybersecurity
• Be able to assess the organization's level of cybersecurity competence (maturity) and plan and implement an organizational cybersecurity awareness program/training (awareness)
• Identify the importance of risk management in achieving information and cybersecurity
• Understand the significance of assessments and audits for continuous improvement

Content

• Operational environment and threats
• Impact and influence
• Competence and awareness
• Information security culture
• Information security policy, guidelines, models, frameworks
• Information classification
• Risk management and controls
• Auditing

SUMMARY
Upon completing the course, the student will possess a comprehensive understanding of information and cybersecurity concepts, as well as practical skills to assess and enhance the level of information and cybersecurity competence within an organization. The student will be capable of contributing to the planning and implementation of effective administrative controls, trainings, and policies related to information and cybersecurity. They will have the capability to assess the security situation and plan development measures.

Materials

The learning environment used is the It’s Learning platform provided by Turku University of Applied Sciences. All course materials and remote assignments are distributed through the platform. Any peer assessments will also be conducted within the system.

International connections

The pedagogical models and practices include applied problem-based learning, collaborative learning, and collaboration with work life. Peer learning during on-site days, through experience sharing and discussions, is an essential part of the content of these sessions.

Student workload

The course includes both group and individual assignments. As a rule, all assignments must be submitted.
Failure to submit an assignment will lower the grade.

Content scheduling

TOPICS
• Operational environment and threats
• Impact and influence
• Competence and awareness
• Information security culture
• Information security policy, guidelines, models, frameworks
• Information classification
• Risk management and controls
• Auditing

LEARNING OBJECTIVES
The student will
• Understand the administrative and technical basics of information and cybersecurity
• Recognize the operational environment and threats, and be able to assess the impact of information and cybersecurity on organizational operations
• Understand the significance of a security culture for information and cybersecurity
• Be capable of planning, drafting, and implementing an information security policy for the organization
• Recognize the importance of information classification for safeguarding organizational information and be able to classify information and information systems
• Grasp the importance of competence and awareness in achieving information and cybersecurity
• Be able to assess the organization's level of cybersecurity competence (maturity) and plan and implement an organizational cybersecurity awareness program/training (awareness)
• Identify the importance of risk management in achieving information and cybersecurity
• Understand the significance of assessments and audits for continuous improvement

SUMMARY
Upon completing the course, the student will possess a comprehensive understanding of information and cybersecurity concepts, as well as practical skills to assess and enhance the level of information and cybersecurity competence within an organization. The student will be capable of contributing to the planning and implementation of effective administrative controls, trainings, and policies related to information and cybersecurity. They will have the capability to assess the security situation and plan development measures.

Further information

The It’s Learning platform used by Turku University of Applied Sciences serves as the communication channel for the course.

Evaluation scale

H-5

Assessment methods and criteria

The course performance is assessed through individual and group assignments completed between on-site sessions. The assignments are essay-based and may include peer assessment. The key focus of the assignments is to critically reflect on the organization's current state and evaluate potential areas for improvement.

Assessment criteria, fail (0)

The student has not participated in on-site teaching or group work. The required written assignments are incomplete, and/or the student's skills are seriously lacking.

Assessment criteria, satisfactory (1-2)

The student has participated poorly in on-site teaching and group assignments. Based on the assessed written outputs, the student has difficulty understanding the fundamentals of information and cybersecurity.

Assessment criteria, good (3-4)

The student has actively participated in on-site teaching, group assignments, and discussions. The student is able to apply their learning to their own job role or work environment. They are capable of comprehensively and critically evaluating what they have learned through the assignments from the perspective of business and their own organization.

Assessment criteria, excellent (5)

The student's thinking is independent and comprehensive. They demonstrate a broad understanding of information and cybersecurity as part of business operations. The student has produced excellent written outputs, showcasing their ability to apply their learning to the needs of different organizations. They exhibit versatile and creative thinking as well as a holistic understanding of the importance of information and cybersecurity for organizational operations.