Blekinge Institute of Technology

Blekinge Institute of Technology, BTH, has a distinctive focus on the digitalisation of society and sustainability.<br> BTH’s task is to contribute to a more sustainable societal development through higher education, research and innovation. BTH conducts education and research in fields in which society has major needs.<br> Through international excellence, we contribute to digital and sustainable transformation. As an institute of technology, we have a responsibility and a unique opportunity to make our contribution to both regional and national competitiveness and to global sustainability.<br> External engagement with wider society and the private sector contribute to making us more attractive and ensuring that our education and research maintain high quality and relevance.<br>


Advanced Digital Forensics

Companies and their IT systems are affected by advanced intrusions, various ransomware attacks and or thefts of both sensitive and secret information. In case of being compromised companies need to understand their weak points, ways of intrusion and attackers attributes. The course focuses on developing the student’s skills to investigate and analyze complex cyber attacks (Cyber Kill Chain) and to track the threat actor, discover exploited vulnerabilities so that companies can restore data and system integrity.Digital forensic is the process of detecting and investigating hacking attacks via properly extracted and analyzed evidence and artifacts to report the crime and prevent similar attacks in the future. The crime with computers and digital technologies in today’s cyber world is on the rise. Digital forensic techniques are being used by law enforcement agencies, police, government, and corporate entities around the world. The tools and techniques covered in the course will prepare the attendees to conduct digital forensic investigations using ground-breaking technologies.

Applied Case Course in Security (small)

In PROMIS, many courses use a case-based learning approach which allows you, at different levels, to bring your own case/ problem to the course. Case-based learning approach lessens the participation cost; you can utilize your domain-specific challenges while maximizing your end value. For this course, we have adopted an even larger case-based approach where you can work on cases and challenges that are directly reusable and relevant for your work/organization.The aim of the course is that you, either individually or in a group, identify a challenge related to security and preferably linked to your company. In the course, you will study the topic in detail, apply knowledge and receive the opportunity to deepen your problem-solving. You will be assigned one or several mentors within the relevant area during the course. They will supervise and help you plan, carry out, present, and guide you to find solutions for your real-world context challenge as part of the learning – in essence; they will be mentors.This course is suitable for professionals working in areas where software-intensive product/service development – with some connection to security/privacy/compliance as an aspect. Multiple roles are relevant, from managers, decision-makers, and leaders to engineers. The topic you select to work within the course can be almost anything security-related.

Data-Driven Security

In a daily routine every company produces a large amount of data security related and non-security related. Within this course you will learn how to utilize that data for cybersecurity purposes, which tools you should use to extract information out of raw data. It covers topics such as how to acquire (e.g., through SIEM) and prepare security data, from collection and storage to management and analysis as well as visualization and presentation.The course is divided into three modules and will start with an introduction to Data-Driven Security and building the Analytics Toolbox Hello, world. We will the continue with Data Collection and Processing, Network Data Sources and Machine Learning Basics. By the end of the course, you will learn more about security aspects such as Security Data Analysis, Designing Security Dashboards, Visualizing Security Data and Data Collection and Processing.

Introduction to Security in the Software Development Lifecycle

This course is a guide to the cybersecurity issues arising throughout the entire development process. We consider the development from the security perspective from the beginning stage until the final release and beyond. No matter whether you are a developer, engineer, or a top-level manager, this course will benefit you. You will learn some useful hands-on approaches for trade-off analysis, requirements prioritization methods, risk assessment approaches, and other security aspects at all stages of development.

Machine Learning Security

The course is divided into four modules. Firstly, you will learn the core principles of machine learning. The second module covers security problems in Machine Learning (ML) systems, e.g., showing various types of attacks on ML systems in an adversarial ML. In the third module, available methods, tools, and other safeguards that could be used against the different types of attacks are covered.By the end of this course, you will be able to understand:• Machine Learning basics by understanding the domain, prior knowledge and goals,• Data integration, selection, cleaning and pre-processing, learning models and learning types.• Threat modeling in Machine Learning• Security tools for Machine Learning• Practical tools - Applied Machine Learning. You will also have obtained basic knowledge about security-enhancing approaches, how to use ML to detect and counteract cyber-attacks, and how to use these approaches to protect against various risks in ML systems.

Malware Analysis

This course covers the malware analysis methodology that includes static and dynamic analysis, as well as disassembling, deobfuscation, decryption, and debugging techniques. You will learn to analyze various types of threats such as phishing, exploits, malicious implants in office documents, malware used in supply-chain attacks, cyberespionage and ransomware campaigns, as well as cyberweapons created by the nation-state groups. The course content and, specifically practical assignments, are created based on analysis of the real-world cyberattacks and continuously updated taking into account the modern attacking tactics and techniques. Malware created for Windows and Android platforms (IA 32/Intel® 64, ARM architectures are in the focus. In addition, modern malware analysis and detection approaches that use Machine Learning models are discussed in the course.The course will be interesting for security professionals who want to deepen their knowledge in reverse engineering and malware analysis and for students that just started studying cybersecurity. Throughout the course, you will be supplied with numerous recorded videos and live Q&A sessions to dive into the details.

PEN Testing & Ethical Hacking

This course covers areas of legal and ethical implications of ethical hacking. It also introduces detection and exploitation of vulnerabilities in IT infrastructure, including different reconnaissance techniques. The course provides in-depth understanding of the penetration testing phases, various attack vectors, and preventative countermeasures. The course encompasses that the student should learn to understand and discover weaknesses and vulnerabilities in information systems, perform the attacks, check the strength of existing security controls, etc.

Quality Assurance of Security Aware Applications

This course shows how fundamental testing practices are applied in the context of secure software development. You will learn to integrate automated software testing with different approaches to verify software security, leveraging theories from continuous quality assurance in software development, as well as security best practices. The course is adapted to give a solid introduction to non-testing experts with interest in software security, and addresses how professionals (developers, managers, decision-makers) can incorporate security into the quality assurance process of their products/services.

Security Metrics and Risk Management

This course aims to answer questions surrounding security measures or how to evaluate the current cybersecurity posture. The course will provide guidelines to assist organizations in the development, selection, and identification of the data to be captured and show how this information can be used to compute a cybersecurity indicator of risk. You will be able to generate a cybersecurity indicator of risk with respect to a specific organization. The purpose of the cybersecurity indicator is to allow for the evaluation of the level of cybersecurity competency at a particular point in time of an organization and, when this process is repeated at other points in time, it allows the status of an organization’s cybersecurity programs progress over time to be determined.This course is intended to help organizations that implement or operate a portion of the global infrastructure of information and communication technologies to evaluate their own cybersecurity capabilities and calculate their cybersecurity indicator of risk. After the course, you will be able to facilitate the decision-making process within organizations on improving cybersecurity and lowering cybersecurity risks. Furthermore, these guidelines provide an indication of where organizations could/should invest resources to improve their cybersecurity.

Security, Privacy and Compliance

There is an increasing concern from users regarding the use and spread of their personal data. Moreover, compliance with privacy regulations is often required and privacy should be incorporated and be “by design” when developing software-intensive products and services. Hence, privacy, as well as security and compliance have become top challenges in the development of software and software-intensive products and services. In addition, good privacy measures can improve data security and promote quality.This course introduces you to ethical, legal, and regulatory aspects of security and privacy for Software-Intensive Products and Services. You will learn about security concepts such as CIA (confidentiality, integrity, availability), privacy and non-repudiation.We will also cover various ethical issues (e.g., autonomy, confidentiality, consent, data protection, privacy). Furthermore, the course will also enable you to understand relevant data protection laws such as GDPR.