Courses

The study program for the Master in Cyber Security consists of 8 taught courses.

Security Principles (and their implementation in systems)
Objective: to provide an overview of fundamental security principles and their implementation in computer systems.
Content: introduction to the fundamental security principles, which include Simplicity, Open Design, Compartmentalization, Minimum Exposure, Least Privilege, Minimum Trust and Maximum Trustworthiness, Secure & Fail-Safe Defaults, Complete Mediation, No Single Point of Failure, Traceability, Generating Secrets, and Usability.

Risk Management
Objective: to introduce and train methodical risk management techniques, to help identify and justify necessary risk mitigations to management.
Content: introduction to a standard risk management process (e.g. based on ISO 27005) including different approaches to risk analysis, risk assessment, risk mitigation and monitoring controls. Students must understand that risk management must cover all business processes that rely in IT in some way.

IT Security Governance (legislation/regulation/standards)
Objective: to expand theory and practise in cyber security with an understanding of how IT Security Governance relates to Corporate Governance aligns with the overall strategy of the organisation.
Content: introduction to security governance issues (based on ISO 27001), such as Information Security Management System (ISMS), managing security operations, awareness and security training, data management issues, business continuity planning, management of suppliers and security service providers, contingency planning and testing, and satisfying legal, regulatory and contractual obligations.  

Identity & Access Management
Objective: to introduce the theoretical foundations for Identity and Access Management (IAM) and provide an overview of the most common techniques and tools in IAM.
Content: Common identity management architectures and frameworks, authentication and access control models, policies and mechanisms, including multifactor authentication, biometric systems for both identification and verification and provision, administration and enforcement of access control policies.

Enterprise Security Architectures
Objective: to introduce the most common elements in an Enterprise Security Architecture and provide a framework for the security engineering process of developing an Enterprise Security Architecture for both new and legacy systems.
Content: overview of common frameworks for Enterprise Security Architectures (e.g. SABSA, COBIT and TOGAF) and a working understanding of enterprise security design and implementation.

Application Security
Objective: to provide an overview of the most critical application security risks and introduce to proactive techniques to prevent them.
Content: application security risks (e.g. injection, sensitive data exposure, …), proactive security programming techniques.

Data Protection & Privacy
Objective: to provide an overview of privacy models and privacy protection approaches.
Content: privacy models, privacy-by-design, privacy enhancing technologies, anonymization, privacy-preserving data mining.

Trends in Cyber Security
Objective: to provide an overview of current trends and introduce emerging technologies in cyber security, i.e. the course provides a security technology foresight.
Content: course content will reflect current trends in cyber security, so topics covered in the course will change to reflect the changing challenges organisations are facing and the emerging solutions to address these challenges.

Projects

The study program in cyber security includes 2 project courses, which are both scheduled in the spring semesters.

Consultancy Project
The consultancy project is scheduled for the end of the 2nd semester and has a workload of 140 hours, which corresponds to 5 ECTS. The consultancy project is completed in groups, which typically consist of 4-6 students.
As part of this course, students will undertake a consultancy assignment that focus on a cyber security problem, this problem is typically proposed by the students’ own organisations. 

Master Project
The Master Thesis Project takes up the majority of the 4th semester and has a workload of 420 hours, which corresponds to 15 ECTS. The Master Project is typically completed individually by the students addressing a relevant problem from the student’s own organisation. It is, however, possible for students to collaborate on a Master Project; up to 4 students can work together on a Master Project.