Expected learning outcomes
- The candidate possesses knowledge of the intelligence lifecycle
- The candidate possesses thorough knowledge of cyber intelligence
- The candidate possesses through knowledge the following steps: planning, collecting, processing, production and dissemination, related to cyber Intelligence.
- The candidate possess thorough knowledge on how to build Cyber Situation Awareness
- The candidate possess knowledge of treath actors, in particular APT
- The candidate possess thorough knowledge of attribution and campagne analysis, related to cyber domain
- The candidate is capable of applying malware analysis methodology and technology
- The candidate is capable of applying advanced static malware analysis
- The candidate is capable of applying advanced dynamic malware analysis
- The candidate is able to disassemble binaries and analyzing assembly code
- The candidate is able to identify basic and some advanced malware functionality
- The candidate is able to identify known anti-reverse engineering techniques
- The candidate is capable of analyzing relevant professional and research problems in malware analysis
- The candidate is capable of applying their knowledge and skills in new fields, in order to accomplish advanced task and projects in malware analysis
- The candidate is capable of working independently as a malware analyst and is familiar with terminology.
- The candidate is capable of discussing professional problems, analysis and conclusions in the field of malware analysis, both with professionals and with general audience
- The candidate has the learning skills to continue acquiring new knowledge and skills in a largely self-directed manner
- The candidate is capable of contributing to innovation and innovation processes
- The intelligence lifecycle (general methodology)
- Planning – building a collection plan
- Cyber Intelligence (specific methodology)
- Open Source Intelligence
- Information sharing (tools, procedures, trust, TAXII/STIXS)
- Threat actors (APT, Attribution, diamond model)
- Situation Awareness (RCP, products…)
- Cyber SA (Threat awareness, mission awareness, network awareness)
- (Cyber Threat landscape)
Net Support Learning
Teaching Methods (additional text)
The course will be made accessible for both campus and remote students. Students are free to choose the pedagogic arrangement that is best fitted for their own requirement. The lectures in the course will be given on campus and are recorded.
Form(s) of Assessment
Written exam, 3 hours
Evaluation of Project(s)
Form(s) of Assessment (additional text)
An overall evaluation based on 100 point scale, where project work counts 40 points, oral presentation counts 20 points, and final, written exam (3 hours) counts 40 points. Conversion from 100 point scale to A-F scale according to recommended conversion table.In specificcircumstances, the course responsible can slightly adjust the limits in the conversion table to enforce compatibility with the qualitative descriptions on the A-F scale.
Alphabetical Scale, A(best) – F (fail)
Evaluated by internal examiner, external examiner is used periodically (every four years)
For the final, written exam: Ordinary re-sit exam in August.
Announced in fall 2017.
Books/standards, conference/journal papers and web resources, to be decided