Cyber Security - 2025 late autumn
ICB705AS3YE-1 +cy
Learn cyber security. Understand high level management view.
Tie it to grass roots level with some simple hands-on exercises.
Watch this page for updates! The first realization of this course is 2025 autumn. I'm planning this course, and there could be major changes.
| Course name and code | Cyber Security - ICB705AS3YE-1 (study guide) |
| Timing | 2025 period 2 late autumn, w43-w50 |
| ECTS Credits | 5 credits |
| Degree programme | LITEM Degree Programme in Business Technologies (master's level) |
| Classes | One evening a week, online, mandatory participation |
| Max students | 30 |
| Language | English |
| Remote | Yes |
| Feedback | First realization. Replaces my "Trust to Blockchain", which has reached 4.9 / 5 excellent feedback. |
| Services | Moodle: Cyber Security, Zoom, Laksu. Voluntary extra: Tero's list. |
| First class | 2025-10-22 w43 17:40. Zoom video conference, invite link already emailed to participants. |
This is a master's level course. You can only enroll if you're studying master's degree (YAMK).
Learning objectives
In this course, you will
- Get an overview of cyber security
- Use threat modeling to identify and priorize key risks for your own organization
- Try some aspects of security with simple hands on exercises
Agenda
Wednesdays 17:40 - 20:30, Zoom video conference. The themes will be updated during the course.
| Date | Theme |
|---|---|
| 2025-10-22 w43 Wed | 1. Threat modeling |
| 2025-10-29 w44 Wed | 2. Overview of current security scene. Fedor: Security in Google Cloud. Tomi: Cybersecurity Today: Evolving Threats, Services, and Business Impact. Kari: Passwordless authentication. |
| 2025-11-05 w45 Wed | 3. Standards and models. Martti: End user security from SOC analyst. Thiên. Henri. |
| 2025-11-12 w46 Wed | 4. Security maturity. Miika. Toni. |
| 2025-11-19 w47 Wed | 5. Business continuity. Chenette: Human factors. Nidhi. Aku. |
| 2025-11-26 w48 Wed | 6. Encryption. Akash. Niko. Paras. |
| 2025-12-03 w49 Wed | 7. Authentication. Elham. Tommy. |
| 2025-12-10 w50 Wed | 8. Recap and last presentations. Henri. Altti. Arshpreet. |
Use of Feedback from Previous Courses
Feedback from other security courses have been used when creating "Cyber Security" course. This includes feedback from "Tunkeutumistestaus" (Penetration Testing, has reached 5.0/5), "ICT Security Basics - from Trust to Blockchain" (has reached 4.9/5), "Information Security" (has reached 4.8/5) and others. Based on feedback, an attempt is made to: discuss in the class; link theory to practical exercises (that are not highly demanding technically); have homework with both varied reading and applied tasks. Both numeric and free form feedback for these courses is available on https://terokarvinen.com/
Other Infosec Courses
Emphasis of this course, Cyber Security, is to give a bird's eye, management view to information security.
This course gives you grand overview of cyber security and some practice with tools implementing these principles. Even though you're expected to be able to install and configure programs and troubleshoot some errors, this is not my most technical course.
For demanding technical, non-masters level offensive courses, you should consider other courses such as
- Tunkeutumistestaus (Penetration testing)
- Sovellusten hakkerointi ja haavoittuvuudet (Application hacking and vulnerabilities)
- Verkkoon tunkeutuminen ja tiedustelu (Network attacks in reconnaissance).
Homework
Homework
Homework is due 24 hours before next class starts. Return a link to Laksu and evaluate two. Link to Laksu is in Moodle.
Homeworks are done with a computer and reported at the same time. If some task does not require performing tests with a computer, it's specied writing in the subtask. Computer tests must be done, not imagined.
Each homework is returned
- 24 h before start of next lecture
- you can publish your homework report in any website you like
- return a link to Laksu
- cross-evaluate two other homeworks
To save everyone's time, I will remove those from the course who don't return homework.
Github is a convenient place to publish your reports, others are Gitlab and your own homepage. I highly recommend publishing your work. But if you don't dare or want to publish, you can use a pseudonym or alias. Or in the extreme case, put your web page behind a password (e.g. in Wordpress.com, same password for all reports), and share this password with the whole class. I recomend publishing.
All sources must be refered to: this task page, classes, reports from your classmates, classmate presentations, man pages, the article you found...
Returned link must open the report directly. For example, return link to your "h1-helsec.md", not the front page of your website. Web page must directly open in web browser, so it must be HTML. (Github will automatically convert your Markdown to HTML). Other formats are not accepted (no docx, no pdf, no odx, no xlsx...).
AI and large language models (LLM): You can ask AI or LLM a question and use the answer as facts for your own answer, written in your own words. AI must be marked as a reference, with details such as prompt (and for advanced users system prompts, temperature, jailbreaks...). LLMs tend to hallucinate, so you should check answers from more reliable sources. It's not allowed to generate text with AI or similar technologies. For example, it's not allowed to generate essay answers or summaries with AI, LLM or similar technologies as someone will have to read it.
The homeworks are official after they are given in the class. Don't start them before, because they might change. I will of course give homeworks based on what we actually talked about.
h0 Hello
Voluntary.
This exercise is the first, easy step towards version control systems. Even though you're just clicking buttons on the website, it uses world leading tool git in the background. Git even uses a tree of hashes of blocks, just like Bitcoin.
- a) Create a web page using Github. Add a heading, some paragraphs and some code style. Return it to Laksu, and cross evaluate two.
Tips
- Read this first: Karvinen 2023: Create a Web Page Using Github
- Write the page in Markdown. Add headings and paragraphs.
- Add some code style.
- Browse to the page where you can see your new page normally (headings in bigger text than paragraphs). The correct link to return is shown in your browsers address bar.
- Remember to use md suffix, so that the website knows it's Markdown. E.g. "tero.md". If you page file name has multiple words, use kebab case: separate-words-with-dashes.md.
- Normally, the cross evaluation has free form feedback: good, bad, ideas for improvement, tips... But for this h0, there is not much to comment and one sentence is enough. If you can see a page with paragraph and heading, it's a five. (For the rest of the course, in feedback for actual homework (h1, h2...), your classmates will surely appreciate longer and insightful feedback).
h1 CyberScience
Science wants to be free! And you can have it on the Internet.
Busy? Just read articles that are the real deal, and skip the mundane. Could someone do me a literature review => review article. Task h1 does not require performing any technical tests on a computer.
- a) Science hunt. Find a review article related to the themes in the course. Detail your process to find and choose the article. For advise, see Karvinen 2025: Start Your Research with a Review Article.
- The article should be
- Review article (fi: katsausartikkeli)
- Published in a reputable peer-reviewed academic journal, with JUFO rating 1, 2 or 3.
- Preferably fresh, <2 years
- Some search terms for Google Scholar to get you started (you can also use others). "intitle:review" and
- threat modeling
- cloud security
- penetration testing
- red teaming
- social engineering
- radio equipment directive
- you can also think about your areas of intrest
- work
- hacker hobbies
- future thesis
- The article should be
- b) Review the review. Read the article and create a brief summary around these questions. Use bullet list format.
- What are the key areas being researched?
- What's widely agreed upon?
- What are the open questions?
- c) Voluntary bonus: Create an alert that emails you interesting articles. Good for your future thesis. Start with a wide net, then reduce it after a couple of days; and reduce it more after a week. You want to be happy to get email of a new article.
- d) Voluntary bonus: Install Linux on a virtual machine. Debian or Kali. (Everyone will do this later on the class.)
Wrong way to save time (meme format): Buys a gym card. [picture of non-athletic person] Does not go to the gym.
So read the article yourself, don't let AI steal your learning.
Adminstrivia
Updates to this page could happen before, during and after the course. First realization of the course, there could be major changes before committing to course description. Picture of Mika's cryptomining rig by Mika Hirvelä.