Cyber Intelligence
Study plans 2016-2017 - IMT4214 - 7.5 ECTS

Expected learning outcomes


  • The candidate possesses knowledge of the intelligence lifecycle
  • The candidate possesses thorough knowledge of cyber intelligence
  • The candidate possesses through knowledge the following steps: planning, collecting, processing, production and dissemination, related to cyber Intelligence.
  • The candidate possess thorough knowledge on how to build Cyber Situation Awareness
  • The candidate possess knowledge of treath actors, in particular APT
  • The candidate possess thorough knowledge of attribution and campagne analysis, related to cyber domain


  • The candidate is capable of applying malware analysis methodology and technology
  • The candidate is capable of applying advanced static malware analysis
  • The candidate is capable of applying advanced dynamic malware analysis
  • The candidate is able to disassemble binaries and analyzing assembly code
  • The candidate is able to identify basic and some advanced malware functionality
  • The candidate is able to identify known anti-reverse engineering techniques

General competence:

  • The candidate is capable of analyzing relevant professional and research problems in malware analysis
  • The candidate is capable of applying their knowledge and skills in new fields, in order to accomplish advanced task and projects in malware analysis
  • The candidate is capable of working independently as a malware analyst and is familiar with terminology.
  • The candidate is capable of discussing professional problems, analysis and conclusions in the field of malware analysis, both with professionals and with general audience
  • The candidate has the learning skills to continue acquiring new knowledge and skills in a largely self-directed manner
  • The candidate is capable of contributing to innovation and innovation processes


  • The intelligence lifecycle (general methodology)
    • Planning – building a collection plan
    • Collecting
    • Processing
    • Produce
    • Disseminate
  • Cyber Intelligence (specific methodology)
  • Open Source Intelligence
  • Information sharing (tools, procedures, trust, TAXII/STIXS)
  • Threat actors (APT, Attribution, diamond model)
  • Situation Awareness (RCP, products…)
  • Cyber SA (Threat awareness, mission awareness, network awareness)
  • (Cyber Threat landscape)

Teaching Methods

Laboratory work
Net Support Learning
Mandatory assignments
Project work

Teaching Methods (additional text)

The course will be made accessible for both campus and remote students. Students are free to choose the pedagogic arrangement that is best fitted for their own requirement. The lectures in the course will be given on campus and are recorded.

Form(s) of Assessment

Oral presentation
Written exam, 3 hours
Evaluation of Project(s)

Form(s) of Assessment (additional text)

An overall evaluation based on 100 point scale, where project work counts 40 points, oral presentation counts 20 points, and final, written exam (3 hours) counts 40 points. Conversion from 100 point scale to A-F scale according to recommended conversion table.In specificcircumstances, the course responsible can slightly adjust the limits in the conversion table to enforce compatibility with the qualitative descriptions on the A-F scale.

Grading Scale

Alphabetical Scale, A(best) – F (fail)

External/internal examiner

Evaluated by internal examiner, external examiner is used periodically (every four years)

Re-sit examination

For the final, written exam: Ordinary re-sit exam in August.

Coursework Requirements

Announced in fall 2017.

Teaching Materials

Books/standards, conference/journal papers and web resources, to be decided