Cyber Threat Management and Incident Response, 15 credits

Main field of study with advanced study

Digital Forensics, First cycle, has less than 60 credits in first-cycle course/s as entry requirements. (G1F)

The courses Networking Basics 7.5 credits and Network Support and Security 7.5 credits. English 6 or English level 2. Exemption of the requirement in Swedish is granted for those with foreign grades.

The course is included in the course package Cyber Security Analyst 60 credits, and is also given as a single subject course.

The goal of the course is to equip the student with the fundamental knowledge, skills, and abilities to effectively identify, analyze, and respond to cyber threats. The student will develop an understanding of the cyber threat landscape and learn how to anticipate and mitigate potential risks. The student will be trained in industry-standard incident response frameworks and proven methodologies, enabling the development and implementation of robust incident response plans.

Following successful completion of the course the student should be able to:

Knowledge and understanding

• Describe the current cyber threat landscape, including attack vectors and emerging threats
• Explain the Incident Response Framework and best practices

Skills and abilities

• Identify and analyse cyber threats
• Conduct incident response, communicate and report its results
• Develop and implement incident response plans for business recovery and damage limitation

Judgement and approach

• Identify and assess the potential risk of threat vectors in terms of attack patterns and potential harm to the organization
• Review past incidents and propose strategies to mitigate risks in future events

The course focuses on the identification, analysis, and response to various types of cyber threats. It addresses the current threat landscape and the most common attack vectors, including malware, phishing, and ransomware. Furthermore, the course introduces key principles of threat intelligence and emphasises the importance of proactive threat hunting to strengthen organisational cybersecurity. A central component is the development and implementation of incident response plans in accordance with established industry standards and best practices. Students are trained to structure response processes, prioritise actions, and coordinate incident management in a systematic manner.

Practical skills are developed through laboratory exercises where students conduct simulations of incident response scenarios. These include the analysis of security breaches using both traditional security tools and AI-based techniques. The course also covers the application of strategies for containment, recovery, and preventive measures across diverse threat environments.

The teaching consists of lectures and laboratory sessions.

The examination consists of an individual written exam, a group workshop, a written report with presentation, and laboratory exercises

If there are special reasons, the examiner may make exceptions from the specified examination format and allow a student to be examined in another way. Special reasons can e.g. be study support for students with disabilities.

Course evaluation is part of the course. This evaluation offers guidance in the future development and planning of the course. Course evaluation is documented and made available to the students.