Curriculum for the Master's Programme in Cyber Security, 2020

1: Preface

Pursuant to consolidation Act 778 of August 7, 2019 on Universities (the University Act), the following is established. The programme also follows the Joint Programme Regulations and the Examination Policies and Procedures for Aalborg University.

2: Basis in Ministerial orders

The Master’s programme is organised in accordance with the Ministry of Higher Education and Science’s Order no. 20 of January 9, 2020 on Bachelor’s and Master’s Programmes at Universities (the Ministerial Order of the Study Programmes) and Ministerial Order no. 22 of January 9, 2020 on University Examinations (the Examination Order). Further reference is made to Ministerial Order no. 153 of February 26, 2020 (the Admission Order) and Ministerial Order no. 114 of February 3, 2015 (the Grading Scale Order).

3: Campus

The programme is offered in Copenhagen.

4: Faculty affiliation

The Master’s programme falls under the The Technical Faculty of IT and Design, Aalborg University.

5: Study board affiliation

The Master’s programme falls under the Study Board of Electronics and IT.

6: Affiliation to corps of external examiners

The Master’s programme is associated with the Nationwide engineering examiners/Electronics, IT and Energy (Electromagnetic direction).

7: Admission requirements

Applicants with a legal right of admission (retskrav)

Aalborg University offers no bachelor’s programmes with a legal right of admission to this Master's programme.

Applicants without legal right of admission

Bachelor’s programmes qualifying students for admission:

• Aalborg University:
  • Bachelor in IT, Communication and New Media
  • Bachelor in Computer Engineering
  • Bachelor in Electronic Engineering
  • Bachelor of Engineering in Electronics
  • Bachelor in Computer Science
  • Bachelor in Software
  • Bachelor in Information Technology
• Technical University of Denmark:
  • Bachelor in Electrical Engineering
  • Bachelor of Engineering in Electrical Engineering
  • Bachelor in Cyber Technology (former Network Technology and IT)
  • Bachelor in Software Technology
  • Bachelor of Engineering in Software Technology
• University of Copenhagen:
  • Bachelor in Computer Science
• IT University of Copenhagen:
  • Bachelor in Software Development
• Aarhus University:
  • Bachelor in Computer Science
    Bachelor in Computer Engineering
  • Bachelor of Engineering in Electronics
• University of Southern Denmark:
  • Bachelor in Electronics
  • Bachelor in Software Engineering
  • Bachelor in Computer Science

All applicants must prove that their English language qualifications is equivalent to level B (Danish level) in English.

8: The programme title in Danish and English

The Master’s programme entitles the graduate to the Danish designation Civilingeniør, cand.polyt. i cybersikkerhed. The English designation is: Master of Science (MSc) in Engineering (Cyber Security)

9: Programme specifications in ECTS credits

The Master’s programme is a 2-year, research-based, full-time study programme. The programme is set to 120 ECTS credits.

10: Rules concerning credit transfer (merit), including the possibility for choice of modules that are part of another programme at a university in Denmark or abroad

The Study Board can approve that passed programme elements from other educational programmes at the same level replaces programme elements within this programme (credit transfer).

Furthermore, the Study Board can, upon application, approve that parts of this programme is completed at another university or a further education institution in Denmark or abroad (pre-approval of credit transfer).

The Study Board’s decisions regarding credit transfer are based on an academic assessment.

11: Exemptions

The Study Board’s possibilities to grant exemption, including exemption to further examination attempts and special examination conditions, are stated in the Examination Policies and Procedures published at this website: https://www.studieservice.aau.dk/regler-vejledninger

12: Rules for examinations

The rules for examinations are stated in the Examination Policies and Procedures published at this website: https://www.studieservice.aau.dk/regler-vejledninger

13: Rules concerning written work, including the Master’s Thesis

In the assessment of all written work, regardless of the language it is written in, weight is also given to the student's formulation and spelling ability, in addition to the academic content. Orthographic and grammatical correctness as well as stylistic proficiency are taken as a basis for the evaluation of language performance. Language performance must always be included as an independent dimension of the total evaluation. However, no examination can be assessed as ‘Pass’ on the basis of good language performance alone; similarly, an examination normally cannot be assessed as ‘Fail’ on the basis of poor language performance alone.

The Study Board can grant exemption from this in special cases (e.g., dyslexia or a native language other than Danish).

The Master’s Thesis must include an English summary. If the project is written in English, the summary can be in Danish. The summary is included in the evaluation of the project as a whole.

14: Requirements regarding the reading of texts in a foreign language

It is assumed that the student can read academic texts and use reference works, etc., in English.

15: Competence profile on the diploma

The following competence profile will appear on the diploma:

A Candidatus graduate has the following competency profile:

A Candidatus graduate has competencies that have been acquired via a course of study that has taken place in a research environment.

A Candidatus graduate is qualified for employment on the labour market based on his or her academic discipline as well as for further research (PhD programmes). A Candidatus graduate has, compared to a Bachelor, developed his or her academic knowledge and independence so as to be able to apply scientific theory and method on an independent basis within both an academic and a professional context.

16: Competence profile of the programme

The graduate of the Master’s programme

Knowledge

• Must have knowledge about the analysis of complex security problems and the design of secure distributed solutions for such problems.
• Must have knowledge about the relation between security risks and business processes, including identification and protection of business critical assets.
• Must have knowledge about implementation of distributed systems, with a focus on the security aspects.
• Must have knowledge that is based on the highest international research in a number of subject areas within cyber security, such as:
  • Network security
  • Design of secure systems and software
  • Security in IoT and cloud architectures
  • Risk assessment
• Must have knowledge in one or more of the following areas:
  • Privacy engineering
  • Enterprise security
  • Models of software security
  • IT security regulation and governance

Skills

• Must have skills in monitoring and analysing network activity and traffic, including techniques for detection of anomalies and malicious activities.
• Must have skills in configuring and operating secure test environments for e.g. malware analysis and data generation.
• Must be able to choose the most relevant theory/model and perform a security analysis and evaluation of a system/network.
• Must be able to use various state-of-the-art frameworks for identifying adversaries as well as for developing/deploying attacks
• Must be able to identify the research and development challenges for a cyber-security engineering project and propose/develop relevant solutions
• Must have skills in communicating cyber security challenges and solutions to non-experts.
• Must be able to 
  • select and apply relevant machine learning algorithms and techniques for detection of cyber-attacks or anomalous behaviour in cyber systems
    OR
  • select and apply relevant technologies and frameworks for identity and access management to implement strong authentication and access control

Competencies

• Must have the competency to assess and select relevant scientific and technical literature within the various subject areas of cyber security
• Must have the competency to connect research challenges and questions within cyber security to real world problems and products that will have an impact on society
• Must have the competency to analyse cyber risks and identify cyber security needs of an organization
• Must have the competency to compare and assess the potential of different technologies, methods and approaches to make proper security design choices
• Must have the competency to combine a wide range of technologies and devices to realize advanced and non-trivial cyber-security applications and solutions
• Must have the competency to assess, choose and apply methods for securing and/or security testing systems, and to evaluate and reflect on the results achieved

17: Structure and Contents of the programme

The programme is structured in modules and organised as a problem-based study. A module is a programme element or a group of programme elements, which aims to give students a set of professional skills within a fixed time frame specified in ECTS credits, and concluding with one or more examinations within specific exam periods. Examinations are defined in the curriculum.

The programme is based on a combination of academic, problem-oriented and interdisciplinary approaches and organized based on the following work and evaluation methods that combine skills and reflection:

• lectures
• classroom instruction
• project work
• workshops
• exercises (individually and in groups)
• self-study
• teacher feedback
• reflection
• portfolio work

In total, 90 ECTS out of 120 ECTS are common for all students. The common part consists of:

• All courses and projects on the 1^st semester
• 2 mandatory courses and a semester project on the 2^nd semester
• 1 mandatory course on “Advanced topics in cyber security” (5 ECTS) on the 3^rd semester, and 
• The thesis project on the 4^th semester

Electives: The remaining 30 ECTS can be obtained by choosing elective courses and projects on the 2^nd and 3^rd semester as described below. Note that elective courses might not be offered if less than 10 students register for the course during the registration period. Students will be offered other options if a chosen course is not offered.

18: Overview of the programme

All modules are assessed through individual grading according to the 7-point scale or Pass/Fail. All modules are assessed by external examination (external grading) or internal examination (internal grading or by assessment by the supervisor only).

The master’s thesis can be conducted as a long master’s thesis. If choosing to do a long master’s thesis, it has to include experimental work and has to be approved by the study board. The amount of experimental work must reflect the allotted ECTS-credits.

NOTE: Elective courses might not be offered if less than 10 students register for the course during the registration period. Students will be offered other options if a chosen course is not offered.

19: Additional information

All students who have not participated in Aalborg University’s PBL introductory course during their Bachelor’s degree must attend the introductory course “Problem-based Learning and Project Management”. The introductory course must be approved before the student can participate in the project exam. For further information, please see Department of Electronics Systems's webiste.

20: Commencement and transitional rules

The curriculum is approved by the dean and enters into force as of 01.09.2020.

21: Amendments to the curriculum and regulations

On 26^th April 2021 the Vice-Dean of Education has approved, that the competence learning objectives of the Master's Thesis (30, 45 and 50 ECTS respecticely) are revised. The amendment is valid from Spring 2021.

On 7^th September 2021 the Vice-Dean of Education has approved, that the assessment in the course module "Fundamentals of Security and Cryptography" on the 1^st Semester is changed from 7-point grading scale to "Passed/Not Passed". The amendment is valid from Autumn 2021.