Operational Cybersecurity (5 cr)

Evaluation scale

H-5

Content scheduling

Students are expected to expand their knowledge of the concept and functions of a Security Operations Center (SOC). During the course, students will have the opportunity to experiment with, evaluate, and promote technical solutions suitable for SOC operations, as well as conduct threat hunting using technical tools as part of SOC tasks and processes.

Upon completing the course, students will have improved abilities to design, lead, and execute various cyber incident handling and threat hunting activities, as well as compare monitoring solutions to enhance the overall security of ICT systems.

The course focuses particularly on building and enhancing the monitoring of networked infrastructure as part of organizational operational functions. The emphasis in monitoring processes related to incident detection and handling is on reactivity.

AREAS OF EXPERTISE
- Security management
- Structuring various data models
- Building capabilities for incident visualization and monitoring
- Designing, optimizing, and documenting incident management processes and workflows
- Threat hunting utilizing cyber intelligence

KNOWLEDGE
- Principles and best practices of cybersecurity
- Methods and frameworks for incident handling
- Tools and communication procedures for incident handling
- SOC operations, CSIRT operations
- Key detection and monitoring technologies related to cybersecurity
- Vulnerabilities in information systems

SKILLS
- Integrating technical cybersecurity solutions into the monitoring environment
- Utilizing cyber threat intelligence in threat hunting
- Using detection and response systems (XDR) in threat hunting

Timing:
The course will start on Sep 1st 2025 and end by Dec 14th 2025.

Objective

Students are expected to extend their knowledge of the security operations centre’s concept and activities, to trial, compare and promote technical solutions suitable for SOC operation, and to implement threat hunting and monitoring controls and tools as part of the security operations centre’s tasks and processes.
After completing the course the students are expected to plan, implement and conduct different cyber security incident handling and threat-hunting activities to enhance the overall security posture of computer systems and the network infrastructure.
This course focuses on the enhancement of networked infrastructure monitoring as part of organisations’ operational activities with emphasis on reactive actions in anomaly detection and respective control processes.

Content

COMPETENCES
• List the relevant standards overarching information security management
• Perform structurisation for various data types
• Build capabilities for visualising and monitoring anomalies and correlated threats in computer networks
• Plan and document cyber security incident handling processes and workflows for various SOC tiers and operators
• Utilise threat intelligence information in threat-hunting
KNOWLEDGE
• Cybersecurity policies
• Cybersecurity recommendations and best practices
• Incident handling standards, methodologies and frameworks
• Incident handling tools
• Incident handling communication procedures
• Security Operation Centres (SOC) operation
• Computer Security Incident Response Teams (CSIRTs) operation
• Cybersecurity-related technologies
• Computer system vulnerabilities
SKILLS
• Practice technical, functional and operational aspects of cybersecurity incident handling and response
• Utilise cyber threat information in threat-hunting activities
• Work on operating systems and relevant infrastructures
• Analyse network traffic semantics
• Integrate cybersecurity solutions to the organisation’s infrastructure
• Configure solutions according to the organisation’s security policy
• Use XDR platform for threat-hunting

Materials

The materials needed for the course, links to external sources, and the course information systems will be published in the itslearning learning environment.

Teaching methods

Self-directed and peer learning through assignments based on written source materials and technical laboratory tasks.

Pedagogic approaches and sustainable development

The teaching methodology follows innovation pedagogy, a learning approach that redefines how knowledge is assimilated, produced, and utilized in a way that can create innovations. The method supports the application of acquired skills in similar but new situations, in a broader context than where they were originally acquired. The teaching method aims to expand or deepen expertise and the ability to add value to each student's own field through innovative thinking and actions.

Student workload

The course will be implemented through contact sessions (lectures and lab assignments) and remote individual and group work.

Total working hours for the course is 135 h (5 credits).
- Contact sessions: 20h (5 x 4h)
- Home assignments & personal studies: 115h

Evaluation methods and criteria

The course includes individual and group assignments as well as a larger project work, each of which is assessed separately. The course grades are determined based on the total score (maximum 100 points). The assignments are divided into theoretical and practical tasks, as well as individual and group tasks as follows:

Technical laboratory tasks, individual assignment
- 6 tasks

Written assignments, group assignment
- 2 tasks

Visualization project 30 points, group assignment, peer assessment

Grade boundaries:
0-39 points = Fail
40-49 points = 1
50-59 points = 2
60-74 points = 3
75-89 points = 4
90-100 points = 5