Information Security
Course ICI002AS2AE-3005 - Early Autumn 2024

Data security course, in English as you asked.

Understand adversarial view on security. Recognize key concepts of security. Be able to safely practice hands-on with security tools.

Enroll 2024-05-15 w20 Wednesday at 08:00 in MyNet / Peppi.

Course name and code:Information Security ICI002AS2AE-3005
Timing2024 period 1, early autumn, w34-w50.
Credits5 cr
ClassesMondays 08:00 - 10:45, in Pasila pa5001, bring your laptop
Max students30
LanguageEnglish
TypeContact, in physical classroom, mandatory participation [as requested]
Feedback4.2 - 4.6 / 5 Excellent feedback Five star experience *
ServicesMoodle, Laksu. Optionally Tero's list.
First class

* Feedback average of each course instance: from 4.2 "good" to 4.6 "excellent", including the same course under the name Data Security from the previous curriculum. I'm giving other security courses, too. Penetration testing (challenging course in Finnish) has reached excellent 5.0 /5, with every participant giving feedback and each feedback being 5. And Master level (YAMK) Trust to Blockchain has reached excellent 4.9 /5.

Agenda

Mondays from 08:15 to 10:45 in Pasila pa5001.

DateTheme
2024-10-21 w431. Organizing. Fundamentals. Practice environments.
2024-10-28 w442. Threath modeling.
2024-11-04 w453. Cyber kill chain. (Optional: a bit of ATT&CK.)
2024-11-11 w464. Web security. OWASP 10.
2024-11-18 w475. Encryption. Asymmetric vs symmetric. GPG. SSH.
2024-11-25 w486. Passwords. Hashes. Cracking hashes.
2024-12-02 w497. Applied (e.g. cryptocurrencies or darknet).
2024-12-09 w508. Recap. Last presentations.

Eight security Mondays in Pasila. All classes require active participation. I have changed this course to contact (physically in the class) as requested in the feedback.

There will likely be updates to the contents of the classes as the course advances.

You can reserve a spot for your presentation as soon as on the second class.

Goals

After completing this course, you will

  • Understand adversarial view on security
  • Recognize key concepts of security
  • Be able to safely practice hands-on with security tools

Hands-on exercises will emphasize environments fully controlled by you, using free open source software in your possession.

Assessment

  • Active participation in classes
  • Homework (66%)
  • Presentation (33%)

Evaluation of the course is based on totality of the work presented.

Previous courses - student feedback, old homework

Homework

Homeworks are done with a computer and reported at the same time. If some task does not require performing tests with a computer, it's specied writing.

Each homework is returned

  • 24 h before start of next lecture
  • you can publish your homework report in any website you like
  • return a link to Laksu
  • cross-evaluate two other homeworks

To save everyone's time, I will remove those from the course who don't return homework.

Github is a convenient place to publish your reports, others are Gitlab and Wordpress.com. I highly recommend publishing your work, it seems to help getting (better) job offers. But if you don't dare or want to publish, you can put your web page behind a password (e.g. in Wordpress.com, same password for all reports), and share this password with your group.

AI and large language models (LLM): You can ask AI or LLM a question and use the answer as facts for your own answer, written in your own words. AI must be marked as a reference, with details such as prompt (and for advanced users system prompts, temperature, jailbreaks...). LLMs tend to hallucinate, so you should check answers from more reliable sources. It's not allowed to generate text with AI or similar technologies. For example, it's not allowed to generate essay answers or summaries with AI, LLM or similar technologies.

The homeworks are official after they are given in the class. Don't start them before, because they might change.

h0

h1

h2

h3

h4

h5

h6

h7

h8

Adminstrivia

I will keep updating this page during and after the course.