Curriculum for the master's programme in Cyber Security, 2023

1: Preface

Pursuant to consolidation Act 778 of August 7, 2019 on Universities (the University Act), the following is established. The programme also follows the Examination Policies and Procedures incl. the Joint Programme Regulations for Aalborg University.

2: Basis in Ministerial orders

The Master’s programme is organised in accordance with the Ministry of Higher Education and Science’s  Order no. 2285 of December 1, 2021 on Full-time University Programmes (the University Programme Order) and Ministerial Order no. 2271 of December 1, 2021 on University Examinations (the Examination Order). Further reference is made to Ministerial Order no. 35 of January 13, 2023 (the Admission Order) and Ministerial Order no. 1125 of July 4, 2022 (the Grading Scale Order).

3: Campus

The programme is offered in Copenhagen.

4: Faculty affiliation

The Master’s programme falls under the The Technical Faculty of IT and Design, Aalborg University.

5: Study board affiliation

The Master’s programme falls under the Study Board of Electronics and IT.

6: Affiliation to corps of external examiners

The Master’s programme is associated with the Civil engineering corps of external examiners.

7: Admission requirements

Applicants with a legal right of admission (retskrav)

  • Bachelor of Science (BSc) in Engineering (Cyber and Computer Engineering) (AAU)

Applicants without legal right of admission

Bachelor’s programmes qualifying students for admission:

  • Bachelor of Science (BSc) in Engineering (IT, Communication and New Media) (AAU)
  • Bachelor of Science (BSc) in Engineering (Computer Engineering) (AAU)
  • Bachelor of Science (BSc) in Engineering (Electronic Engineering) (AAU)
  • Bachelor of Engineering in Electronics (AAU)
  • Bachelor of Science (BSc) in Computer Science (AAU)
  • Bachelor of Science (BSc) in Engineering (Software) (AAU)
  • Bachelor of Science (BSc) in Information Technology (AAU)
  • Bachelor in Electrical Engineering (DTU)
  • Bachelor of Engineering in Electrical Engineering (DTU)
  • Bachelor in Cyber Technology (former Network Technology and IT) (DTU)
  • Bachelor in Software Technology (DTU)
  • Bachelor of Engineering in Software Technology (DTU)
  • Bachelor in Computer Science (KU)
  • Bachelor in Software Development (ITU)
  • Bachelor in Computer Science (AU)
  • Bachelor in Computer Engineering (AU)
  • Bachelor of Engineering in Electronics (AU)
  • Bachelor in Electronics (SDU)
  • Bachelor in Software Engineering (SDU)
  • Bachelor in Computer Science (SDU)

Assessment of qualifications obtained from other technical or natural science bachelor educations will emphasize qualifications in computer engineering, software engineering, computer science, electronics and mathematics corresponding to a total of 60 ECTS credits. Equivalent qualifications can be accepted, although for the emphasized topics certain specific minimum requirements apply:

- Mathematical competences at BSc level equivalent to at least 10 ECTS, covering subjects such as linear algebra, discrete mathematics, algorithms and data structures, probability, and statistics, cryptography, calculus, vector calculus, dynamical systems, optimization, feedback control.

-  Computer science, computer engineering, or electrical engineering competences at BSc level equivalent to at least 20 ECTS, covering subjects such as computer architecture, object-oriented or functional programming and modelling, software engineering, system design, system development, distributed systems, analogue and digital electronics, signal processing, embedded programming, software architectures, requirements engineering, application development, web programming, user experience, and human-machine interaction.

- Competences at BSc level equivalent to at least 10 ECTS, covering one or more of the following areas: distributed systems, embedded systems, IoT, cloud computing, machine learning, data bases, communication technologies, computer networks, secure communications, cyber security.

As a prerequisite for admission to the master’s programme, students must have completed a bachelor programme in technical sciences, a bachelor of engineering programme or a bachelor in natural science.

All applicants must prove that their English language qualifications is equivalent to level B (Danish level) in English.

8: The programme title in Danish and English

The Master’s programme entitles the graduate to the Danish designation Civilingeniør, cand.polyt. i cybersikkerhed. The English designation is: Master of Science (MSc) in Engineering (Cyber Security)

9: Programme specifications in ECTS credits

The Master’s programme is a 2-year, research-based, full-time study programme. The programme is set to 120 ECTS credits.

10: Rules concerning credit transfer (merit), including the possibility for choice of modules that are part of another programme at a university in Denmark or abroad

The Study Board can approve that passed programme elements from other educational programmes at the same level replaces programme elements within this programme (credit transfer).

Furthermore, the Study Board can, upon application, approve that parts of this programme is completed at another university or a further education institution in Denmark or abroad (pre-approval of credit transfer).

The Study Board’s decisions regarding credit transfer are based on an academic assessment.

11: Exemptions

The Study Board’s possibilities to grant exemption, including exemption to further examination attempts and special examination conditions, are stated in the Examination Policies and Procedures published at this website: https://www.studyservice.aau.dk/rules

12: Rules for examinations

The rules for examinations are stated in the Examination Policies and Procedures published at this website: https://www.studyservice.aau.dk/rules

13: Rules concerning written work, including the Master’s Thesis

In the assessment of all written work, regardless of the language it is written in, weight is also given to the student's formulation and spelling ability, in addition to the academic content. Orthographic and grammatical correctness as well as stylistic proficiency are taken as a basis for the evaluation of language performance. Language performance must always be included as an independent dimension of the total evaluation. However, no examination can be assessed as ‘Pass’ on the basis of good language performance alone; similarly, an examination normally cannot be assessed as ‘Fail’ on the basis of poor language performance alone.

The Study Board can grant exemption from this in special cases (e.g., dyslexia or a native language other than Danish).

The Master’s Thesis must include an English summary. If the project is written in English, the summary can be in Danish. The summary is included in the evaluation of the project as a whole.

14: Requirements regarding the reading of texts in a foreign language

It is assumed that the student can read academic texts and use reference works, etc., in English.

15: Competence profile on the diploma

The following competence profile will appear on the diploma:

A Candidatus graduate has the following competency profile:

A Candidatus graduate has competencies that have been acquired via a course of study that has taken place in a research environment.

A Candidatus graduate is qualified for employment on the labour market based on his or her academic discipline as well as for further research (PhD programmes). A Candidatus graduate has, compared to a Bachelor, developed his or her academic knowledge and independence so as to be able to apply scientific theory and method on an independent basis within both an academic and a professional context.

16: Competence profile of the programme

The graduate of the Master’s programme

Knowledge

  • Must have knowledge about the analysis of complex security problems and the design of secure distributed solutions for such problems.
  • Must have knowledge about the relation between security risks and business processes, including identification and protection of business critical assets.
  • Must have knowledge about implementation of distributed systems, with a focus on the security aspects.
  • Must have knowledge that is based on the highest international research in a number of subject areas within cyber security, such as:
    • Network security
    • Design of secure systems and software
    • Security in IoT and cloud architectures
    • Risk assessment
  • Must have knowledge in one or more of the following areas:
    • Privacy engineering
    • Enterprise security
    • Models of software security
    • IT security regulation and governance

Skills

  • Must have skills in monitoring and analysing network activity and traffic, including techniques for detection of anomalies and malicious activities.
  • Must have skills in configuring and operating secure test environments for e.g. malware analysis and data generation.
  • Must be able to choose the most relevant theory/model and perform a security analysis and evaluation of a system/network.
  • Must be able to use various state-of-the-art frameworks for identifying adversaries as well as for developing/deploying attacks
  • Must be able to identify the research and development challenges for a cyber-security engineering project and propose/develop relevant solutions
  • Must have skills in communicating cyber security challenges and solutions to non-experts.
  • Must be able to 
    • select and apply relevant machine learning algorithms and techniques for detection of cyber-attacks or anomalous behaviour in cyber systems
      OR
    • select and apply relevant technologies and frameworks for identity and access management to implement strong authentication and access control

Competencies

  • Must have the competency to assess and select relevant scientific and technical literature within the various subject areas of cyber security
  • Must have the competency to connect research challenges and questions within cyber security to real world problems and products that will have an impact on society
  • Must have the competency to analyse cyber risks and identify cyber security needs of an organization
  • Must have the competency to compare and assess the potential of different technologies, methods and approaches to make proper security design choices
  • Must have the competency to combine a wide range of technologies and devices to realize advanced and non-trivial cyber-security applications and solutions
  • Must have the competency to assess, choose and apply methods for securing and/or security testing systems, and to evaluate and reflect on the results achieved

17: Structure and Contents of the programme

The programme is structured in modules and organised as a problem-based study. A module is a programme element or a group of programme elements, which aims to give students a set of professional skills within a fixed time frame specified in ECTS credits, and concluding with one or more examinations within specific exam periods. Examinations are defined in the curriculum.

The programme is based on a combination of academic, problem-oriented and interdisciplinary approaches and organized based on the following work and evaluation methods that combine skills and reflection:

  • lectures
  • classroom instruction
  • project work
  • workshops
  • exercises (individually and in groups)
  • self-study
  • teacher feedback
  • reflection
  • portfolio work

In total, 90 ECTS out of 120 ECTS are common for all students. The common part consists of:

  • All courses and projects on the 1st semester
  • 2 mandatory courses and a semester project on the 2nd semester
  • 1 mandatory course on “Advanced topics in cyber security” (5 ECTS) on the 3rd semester, and 
  • The thesis project on the 4th semester

Electives: The remaining 30 ECTS can be obtained by choosing elective courses and projects on the 2nd and 3rd semester as described below. Note that elective courses might not be offered if less than 10 students register for the course during the registration period. Students will be offered other options if a chosen course is not offered.

18: Overview of the programme

All modules are assessed through individual grading according to the 7-point scale or Pass/Fail. All modules are assessed by external examination (external grading) or internal examination (internal grading or by assessment by the supervisor only).

Electives:  The remaining 25 ECTS can be obtained by choosing elective courses and projects on the 3rd semester as described below. Note that elective courses might not be offered if less than 10 students register for the course during the registration period. Students will be offered other options if a chosen course is not offered.

The master’s thesis can be conducted as a long master’s thesis. If choosing to do a long master’s thesis, it has to include experimental work and has to be approved by the study board. The amount of experimental work must reflect the allotted ECTS-credits.

Offered as: 1-professional
Module name Course type ECTS Applied grading scale Evaluation method Assessment method Language
1 Semester
Distributed Systems Security
(ESNCYSK1P2)
Project 10 7-point grading scaleInternal examinationOral exam based on a project English
Fundamentals of Security and Cryptography
(ESNCYSK1K5)
Course 5 Passed/Not PassedInternal examinationWritten or oral exam English
Network Security
(ESNCYSK1K6)
Course 5 7-point grading scaleInternal examinationWritten or oral exam English
Dilemmas in Cyber Security
(ESNCYSK1K7)
Course 5 7-point grading scaleInternal examinationWritten or oral exam English
Security in IoT and Cloud Architectures
(ESNCYSK1K9)
Course 5 7-point grading scaleInternal examinationWritten or oral exam English
2 Semester
Secure Systems: Attack and Defence
(ESNCYSK2P3)
Project 15 7-point grading scaleExternal examinationOral exam based on a project English
Hacker Space
(ESNCYSK2K5)
Course 5 7-point grading scaleInternal examinationWritten or oral exam English
Software Security
(ESNCYSK2K6)
Course 5 7-point grading scaleInternal examinationWritten or oral exam English
Identity and Access Management
(ESNCYSK2K3)
Course 5 7-point grading scaleInternal examinationWritten or oral exam English
3 Semester
Option A
3RD SEMESTER PROJECT
CHOOSE 1 PROJECT MODULE
Project 15
Advanced Topics in Cyber Security
(ESNCYSK3K6)
Course 5 Passed/Not PassedInternal examinationWritten or oral exam English
3RD SEMESTER ELECTIVE COURSE
CHOOSE 2 COURSE MODULES
Course 10
3 Semester
Option B
Project-Oriented Study in an External Organisation
(ESNCYSK3P3)
Project 25 Passed/Not PassedInternal examinationOral exam based on a project English
Advanced Topics in Cyber Security
(ESNCYSK3K6)
Course 5 Passed/Not PassedInternal examinationWritten or oral exam English
3-4 Semester
Option C
Master's Thesis
(ESNCYSK4P9)
Project 45 7-point grading scaleExternal examinationMaster's thesis/final project English
Advanced Topics in Cyber Security
(ESNCYSK3K6)
Course 5 Passed/Not PassedInternal examinationWritten or oral exam English
3RD SEMESTER ELECTIVE COURSE
CHOOSE 2 COURSE MODULES
Course 10
3-4 Semester
Option D
Master's Thesis
(ESNCYSK4P8)
Project 50 7-point grading scaleExternal examinationMaster's thesis/final project English
Advanced Topics in Cyber Security
(ESNCYSK3K6)
Course 5 Passed/Not PassedInternal examinationWritten or oral exam English
3RD SEMESTER ELECTIVE COURSE
CHOOSE 1 COURSE MODULE
Course 5
4 Semester
Master's Thesis
(ESNCYSK4P7)
Project 30 7-point grading scaleExternal examinationMaster's thesis/final project English

 
3RD SEMESTER PROJECT
CHOOSE 1 PROJECT MODULE
Module name Course type ECTS Applied grading scale Evaluation Method Assessment method Language
Secure Systems Development
(ESNCYSK3P4)
Project 15 7-point grading scale Internal examination Oral exam based on a project English
IT Security Governance
(ESNCYSK3P2)
Project 15 7-point grading scale Internal examination Oral exam based on a project English
Cyber Security Training
(ESNCYSK3P6)
Project 15 7-point grading scale Internal examination Oral exam based on a project English

 
3RD SEMESTER ELECTIVE COURSE
CHOOSE 2 COURSE MODULES
Module name Course type ECTS Applied grading scale Evaluation Method Assessment method Language
Privacy Engineering
(ESNCYSK3K7)
Course 5 7-point grading scale Internal examination Written or oral exam English
Advanced Software Security
(ESNCYSK3K8)
Course 5 7-point grading scale Internal examination Written or oral exam English
Regulation of IT Security
(ESNCYSK3K4)
Course 5 7-point grading scale Internal examination Written or oral exam English
Enterprise Security and Compliance
(ESNCYSK3K9)
Course 5 7-point grading scale Internal examination Written or oral exam English

 
3RD SEMESTER ELECTIVE COURSE
CHOOSE 1 COURSE MODULE
Module name Course type ECTS Applied grading scale Evaluation Method Assessment method Language
Privacy Engineering
(ESNCYSK3K7)
Course 5 7-point grading scale Internal examination Written or oral exam English
Advanced Software Security
(ESNCYSK3K8)
Course 5 7-point grading scale Internal examination Written or oral exam English
Regulation of IT Security
(ESNCYSK3K4)
Course 5 7-point grading scale Internal examination Written or oral exam English
Enterprise Security and Compliance
(ESNCYSK3K9)
Course 5 7-point grading scale Internal examination Written or oral exam English

19: Additional information

All students who have not participated in Aalborg University’s PBL introductory course during their Bachelor’s degree must attend the introductory course “Problem-based Learning and Project Management”. The introductory course must be approved before the student can participate in the project exam. For further information, please see Department of Electronics Systems's webiste.

20: Commencement and transitional rules

The curriculum is approved by the dean and enters into force as of 1 September 2023.

The Study Board does not offer teaching after the previous curriculum from 2022 after the summer examination 2024.

The Study Board will offer examinations after the previous curriculum, if there are students who have used examination attempts in a module without passing. The number of examination attempts follows the rules in the Examination Order.

21: Amendments to the curriculum and regulations

The Vice-dean has on November 12th, 2023, approved a new version of the module "Security in Iot and Cloud Architectures". Valid from autum 2024.

The Vice-dean has on August 25th, 2024, approved that the module "Cyber Security Training" is replaced with the corret version of the module. Valid from autum 2024.