Skip to main content

Information Security Testing and Assessment (5 cr)

Code: 5051244-3004

General information


Enrollment

02.12.2023 - 08.01.2024

Timing

01.01.2024 - 30.04.2024

Number of ECTS credits allocated

5 op

Mode of delivery

Contact teaching

Unit

Engineering and Business

Campus

Kupittaa Campus

Teaching languages

  • English

Seats

30 - 70

Degree programmes

  • Degree Programme in Information and Communication Technology
  • Degree Programme in Business Information Technology
  • Degree Programme in Information and Communications Technology

Teachers

  • Jani Ekqvist

Teacher in charge

Jani Ekqvist

Groups

  • PTIVIS21T
    Data Networks and Cybersecurity
  • PTIETS21dncs
    PTIETS21 Data Networks and Cybersecurity
  • 08.01.2024 10:00 - 12:00, Introductory Lecture, Information Security Testing and Assessment 5051244-3004
  • 15.01.2024 13:00 - 16:00, Laboratory work, group 1, Information Security Testing and Assessment 5051244-3004
  • 18.01.2024 13:00 - 16:00, Laboratory work, group 2, Information Security Testing and Assessment 5051244-3004
  • 22.01.2024 13:00 - 16:00, Laboratory work, group 1, Information Security Testing and Assessment 5051244-3004
  • 25.01.2024 13:00 - 16:00, Laboratory work, group 2, Information Security Testing and Assessment 5051244-3004
  • 29.01.2024 13:00 - 16:00, Laboratory work, group 1, Information Security Testing and Assessment 5051244-3004
  • 01.02.2024 13:00 - 16:00, Laboratory work, group 2, Information Security Testing and Assessment 5051244-3004
  • 05.02.2024 13:00 - 16:00, Laboratory work, group 1, Information Security Testing and Assessment 5051244-3004
  • 08.02.2024 13:00 - 16:00, Laboratory work, group 2, Information Security Testing and Assessment 5051244-3004
  • 12.02.2024 13:00 - 16:00, Laboratory work, group 1, Information Security Testing and Assessment 5051244-3004
  • 15.02.2024 13:00 - 16:00, Laboratory work, group 2, Information Security Testing and Assessment 5051244-3004
  • 26.02.2024 13:00 - 16:00, Laboratory work, group 1, Information Security Testing and Assessment 5051244-3004
  • 29.02.2024 13:00 - 16:00, Laboratory work, group 2, Information Security Testing and Assessment 5051244-3004
  • 04.03.2024 13:00 - 16:00, Laboratory work, group 1, Information Security Testing and Assessment 5051244-3004
  • 07.03.2024 13:00 - 16:00, Laboratory work, group 2, Information Security Testing and Assessment 5051244-3004
  • 11.03.2024 13:00 - 16:00, Laboratory work, group 1, Information Security Testing and Assessment 5051244-3004
  • 14.03.2024 13:00 - 16:00, Laboratory work, group 2, Information Security Testing and Assessment 5051244-3004
  • 18.03.2024 13:00 - 16:00, Laboratory work, group 1, Information Security Testing and Assessment 5051244-3004
  • 21.03.2024 13:00 - 16:00, Laboratory work, group 2, Information Security Testing and Assessment 5051244-3004
  • 25.03.2024 13:00 - 16:00, Laboratory work, group 1, Information Security Testing and Assessment 5051244-3004
  • 28.03.2024 13:00 - 16:00, Laboratory work, group 2, Information Security Testing and Assessment 5051244-3004
  • 04.04.2024 13:00 - 16:00, Laboratory work, group 2, Information Security Testing and Assessment 5051244-3004
  • 08.04.2024 13:00 - 16:00, Laboratory work, group 1, Information Security Testing and Assessment 5051244-3004
  • 11.04.2024 13:00 - 16:00, Laboratory work, group 2, Information Security Testing and Assessment 5051244-3004
  • 15.04.2024 13:00 - 16:00, Laboratory work, group 1, Information Security Testing and Assessment 5051244-3004

Objective

After completing the course the student:
- is able to explain the basic principles of information security testing and assessment
- can list the phases of information security testing process
- is able to organize and conduct information security risk testing to an SME sector enterprise or similar size organization
- can analyse and report the results from information security testing
- is able to give justified improvement proposals to mitigate information security vulnerabilities

Content

- Social Engineering
- Penetration Testing
- Network Discovery
- Network Service Identification
- Vulnerability Scanning
- Password Cracking

Materials

We are using the TryHackMe.com training platform in addition to ItsLearning. Licenses for the duration of the course will be provided.

Exam schedules

Practical exam is in late March / early April, with re-take chance in April.

Student workload

Lectures 8h
Laboratory assignments 27h
Homework 27h
Exam 3h
Testing project 70h

Content scheduling

Course begins with introductory lecture. In laboratory exercises student learns to use the tools of trade. Finally, students perform a penetration testing engagement and report the results.

Further information

All communication will be through ItsLearning.

Evaluation scale

H-5

Assessment methods and criteria

Laboratory and homework assignments 10-20% of grade
Exam 10-20% of grade
Project report 60-70% of grade

Assessment criteria, fail (0)

Student is unable to perform and report a penetration testing engagement independently.

Assessment criteria, satisfactory (1-2)

Student understands the basics of penetration testing and is able to perform a penetration test against a web application independently. Student can write an understandable and actionable report about the test results.

Assessment criteria, good (3-4)

Student has a good grasp of information security testing methodologies and tools. Student can independently test various types of internet connected applications. Student can write an understandable and actionable report about the test results that contains guidance for both the management and the developers responsible for the application.

Assessment criteria, excellent (5)

Student is has knowledge and is able to select the best suited tool and methodology for the engagement. Student can independently test most types of internet connected applications. Student can write a clear, concise and actionable report about the test results that effectively guides management decisions and provides the software developers with detailed guidance on both fixing to found issues and methods for avoiding similar issues in the future.

Qualifications

Courses Internet Networks and Security and Linux and Virtualization