ICS0018 Course Guide: Difference between revisions

From ICO wiki
Jump to navigationJump to search
No edit summary
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
* THE COURSE IS NOT ACTIVE AT THE MOMENT. THE NEXT RUN WILL LIKELY TAKE PLACE IN SPRING 2025. THE INFORMATION HERE IS FROM THE LAST RUN IN SPRING 2024.
== Aims of the Course ==
== Aims of the Course ==


The course is primarily meant to the students of [https://taltech.ee/en/cyber-bsc Cyber Security Engineering] Bachelor's programme at [https://taltech.ee/en Tallinn University of Technology] to cover the more human-oriented aspects of cybersecurity. It is also offered to the students of partner universities under the aegis of [https://taltech.ee/en/euroteq EuroTEQ]. In the 2023 Spring term it is on its maiden flight (it has been run once earlier, within the programme of the earlier independent IT College).
The course is primarily meant to the students of [https://taltech.ee/en/cyber-bsc Cyber Security Engineering] Bachelor's programme at [https://taltech.ee/en Tallinn University of Technology] to cover the more human-oriented aspects of cybersecurity. It is also offered to the students of partner universities under the aegis of [https://taltech.ee/en/euroteq EuroTEQ]. In the 2024 Spring term it is on its second iteration (it has also been run once earlier, within the programme of the earlier independent IT College).


The main goal is to introduce social engineering (in the cybersecurity sense - the term has different meanings in other disciplines) or non-technical attacks targeting [https://en.wikipedia.org/wiki/User_error#Acronyms_and_other_names PIBKAC], or the "problem between the keyboard and the chair". The course uses the books by [https://en.wikipedia.org/wiki/Christopher_J._Hadnagy Christopher Hadnagy] as its foundation, complementing them with writings of several other authors (see the [[ICS0018 Library | course library]]) as well as the lecturers' own notes and experiences. As a mixture of technology, training/education, policy-making and some applied psychology (the list of main topics can be found at the [[Social Engineering |front page]], the course is relatively non-technical and can be handled without specific IT background (various experiences from the online world do help though).
The main goal is to introduce social engineering (in the cybersecurity sense - the term has different meanings in other disciplines) or non-technical attacks targeting [https://en.wikipedia.org/wiki/User_error#Acronyms_and_other_names PIBKAC], or the "problem between the keyboard and the chair". The course uses the books by [https://en.wikipedia.org/wiki/Christopher_J._Hadnagy Christopher Hadnagy] as its foundation, complementing them with writings of several other authors (see the [[ICS0018 Library | course library]]) as well as the lecturers' own notes and experiences. As a mixture of technology, training/education, policy-making and some applied psychology (the list of main topics can be found at the [[Social Engineering |front page]], the course is relatively non-technical and can be handled without specific IT background (various experiences from the online world do help though).
Line 15: Line 18:
== Tools / environments ==
== Tools / environments ==


In the Spring 2023 term, we will run the course in the e-learning mode (due to a significant number of distance participants from EuroTEQ). This time, we will use the IT College wiki (where you are now) for documentation, and the University's MS Teams for contact sessions (lectures/discussions and seminars). At the beginning of the course, all participants should be added to the Social Engineering group at Teams (visiting students should be provided with the [https://confluence.ttu.ee/it-info/uus-toeoetaja-opilane-new-employee-student/koondjuhend-ueliopilasele-general-guide-for-students#Koondjuhend%C3%BCli%C3%B5pilasele/Generalguideforstudents-eng Uni-ID] as well!). Note: future runs of the course may switch to something else, [https://meet.jit.si Jitsi Meet] being a likely candidate.
In the Spring 2024 term, we will run the course in the e-learning mode (due to a number of distance participants from EuroTEQ). We will use the IT College wiki (where you are now) for documentation, and the University's MS Teams for contact sessions (lectures/discussions and seminars). At the beginning of the course, all participants should be added to the Social Engineering group at Teams (visiting students should be provided with the [https://taltech.atlassian.net/wiki/spaces/ITI/pages/39000640/Info+uuele+uli+pilasele+Information+for+new+student Uni-ID] as well!).  


There are some recommendations to help keep the online communication smooth - please see the [https://taltech.ee/en/study-regulations-and-documents university regulations page] (section "Online learning good practice") as well as [[ICS0018 Netiquette | some of our own points here]]. The contact sessions will run according to the official schedule (see the timetable below).
There are some recommendations to help keep the online communication smooth - please see the [https://taltech.ee/en/study-regulations-and-documents university regulations page] (section "Online learning good practice") as well as [[ICS0018 Netiquette | some of our own points here]]. The contact sessions will run according to the official schedule (see the timetable below).
Line 25: Line 28:
=== Lectures/discussions ===
=== Lectures/discussions ===


The course will experiment with blending traditional lectures with text chat discussions. Each lecture will consist of 3-4 mini-lectures (15-20 minutes each; mostly on a single umbrella topic) alternating with 5-10 minute discussion breaks in the MS Teams text chat. We will use the latter rather than voice chat - it will accommodate more people within the limited timeframe (Note: we might switch to voice chat if the actual number of participants will be remarkably lower than initially registered - it remains to be seen). The text chat will be open throughout the lecture (everyone can add comments and questions), but the lecturer will only be able to respond during the discussion breaks.  
The course will blend traditional lectures with text chat discussions. Each lecture will consist of 3-4 mini-lectures (15-20 minutes each; mostly on a single umbrella topic) alternating with 5-10 minute discussion breaks in the MS Teams text chat. We will use the latter rather than voice chat - it will accommodate more people within the limited timeframe. The text chat will be open throughout the lecture (everyone can add comments and questions), but the lecturer will only be able to respond during the discussion breaks.  


As attendance also counts towards passing the course (6 out of 8 need to be attended; see the Grading section below), the best way to ensure that you get registered is to take active part in the discussion. :)
As attendance also counts towards passing the course ('''5 out of 8''' need to be attended; see the Grading section below), the best way to ensure that you get registered is to take active part in the discussion. :)


Lectures/discussions will run throughout the course (weekly, see the timetable).
Lectures/discussions will run throughout the course (weekly, see the timetable).


=== Hands-on seminars ===
=== Hands-on seminars ===
Line 35: Line 39:
These sessions is where Kristjan will teach some nasty tricks to you... Well, perhaps not quite, but you will receive some practical tasks in social engineering and discuss the results at these seminars. Doing the tasks successfully will result in passing the course (if your attendance level is sufficient). Yet there is another way to pass as well (read on).
These sessions is where Kristjan will teach some nasty tricks to you... Well, perhaps not quite, but you will receive some practical tasks in social engineering and discuss the results at these seminars. Doing the tasks successfully will result in passing the course (if your attendance level is sufficient). Yet there is another way to pass as well (read on).


The hands-on seminars will be held in the second half of the course (4 in total, see timetable below).
The hands-on seminars will be held in the second half of the course (4 in total, see the timetable below).




=== CotW seminars ===
=== CotW seminars ===


The acronym stands for "Crook of the Week" - these seminars are meant for learning about some good historical examples of social engineering. At each of the four seminars, two students will present the rest of the crowd [[ICS0018 CotW seminars | some infamous historical figures]] (so there will actually be TWO CotW-s!). Each presentation (~20 minutes) will be followed by discussion of the person, his or her feats, methods etc. A successful presentation will result in passing the course (if your attendance level is sufficient), so this is an alternate way. NB! As there are only 8 slots for presentations, the faster applicants will get them - so '''if you want to do a CotW presentation, let Kaido know ASAP!'''
The acronym stands for "Crook of the Week" - these seminars are meant for learning about some good historical examples of social engineering. At each of the four seminars, up to three students will present the rest of the crowd [[ICS0018 CotW seminars | some infamous historical figures]] (so there will actually be even '''three''' CotW-s!). Each presentation (~20 minutes) will be followed by discussion of the person, his or her feats, methods etc. A successful presentation will result in passing the course (if your attendance level is sufficient), so this is an alternate way. NB! As there are only 12 slots for presentations, the faster applicants will get them - so '''if you want to do a CotW presentation, let Kaido know ASAP!'''


Note: you need to attend 6 seminars out of 8 - whether it is 3+3, 5+1 etc (hands-on vs CotW) is up to you. Of course, you could attend ''all of them'' too... :)
Note: you need to attend 5 seminars out of 8 - whether it is 2+3, 4+1 etc (hands-on vs CotW) is up to you. Of course, you could in fact attend ''all of them'' too... :)




Line 48: Line 52:


The course uses the pass/fail grading, so if you  
The course uses the pass/fail grading, so if you  
* do the practical tasks at the hands-on seminars or
* do the practical tasks at the hands-on seminars '''or'''
* do a CotW presentation, and
* do a CotW presentation, '''and'''
* attend at least 6 lectures/discussions and 6 seminars (regardless of type),
* attend at least 5 lectures/discussions and 5 seminars (regardless of type),


the 3 credit points will be yours.
the 3 credit points will be yours.
Line 57: Line 61:
== Timetable ==
== Timetable ==


* Lectures/discussions: on Wednesdays 14.00-15.30 Tallinn time, from February 1 to March 22 (8 weeks)
* Lectures/discussions: on Thursdays 10:00-11:30 Tallinn time, from February 1 to March 21 (8 weeks)
* Hands-on seminars: on Wednesdays 08.15-09.45 Tallinn time, from March 1 to March 22 (4 weeks)
* Hands-on seminars: on Wednesdays 08:15-09:45 Tallinn time, from February 28 to March 20 (4 weeks)
* CotW seminars: on Thursdays 08.15-09.45 Tallinn time, from March 2 to March 23 (4 weeks)
* CotW seminars: on Thursdays 12:00-13:30 Tallinn time, from February 29 to March 21 (4 weeks)


All these will take place online in MS Teams.
All these will take place online in MS Teams.

Latest revision as of 09:56, 17 June 2024

  • THE COURSE IS NOT ACTIVE AT THE MOMENT. THE NEXT RUN WILL LIKELY TAKE PLACE IN SPRING 2025. THE INFORMATION HERE IS FROM THE LAST RUN IN SPRING 2024.


Aims of the Course

The course is primarily meant to the students of Cyber Security Engineering Bachelor's programme at Tallinn University of Technology to cover the more human-oriented aspects of cybersecurity. It is also offered to the students of partner universities under the aegis of EuroTEQ. In the 2024 Spring term it is on its second iteration (it has also been run once earlier, within the programme of the earlier independent IT College).

The main goal is to introduce social engineering (in the cybersecurity sense - the term has different meanings in other disciplines) or non-technical attacks targeting PIBKAC, or the "problem between the keyboard and the chair". The course uses the books by Christopher Hadnagy as its foundation, complementing them with writings of several other authors (see the course library) as well as the lecturers' own notes and experiences. As a mixture of technology, training/education, policy-making and some applied psychology (the list of main topics can be found at the front page, the course is relatively non-technical and can be handled without specific IT background (various experiences from the online world do help though).

According to the official learning outcomes of the course, the students will - know the essence of social engineering and its main forms and techniques; - recognize main social engineering attacks and react appropriately; - know main measures of prevention and mitigation (in technology, training and policy).


Tools / environments

In the Spring 2024 term, we will run the course in the e-learning mode (due to a number of distance participants from EuroTEQ). We will use the IT College wiki (where you are now) for documentation, and the University's MS Teams for contact sessions (lectures/discussions and seminars). At the beginning of the course, all participants should be added to the Social Engineering group at Teams (visiting students should be provided with the Uni-ID as well!).

There are some recommendations to help keep the online communication smooth - please see the university regulations page (section "Online learning good practice") as well as some of our own points here. The contact sessions will run according to the official schedule (see the timetable below).

Note: the university's Uni-ID works for both Teams and this wiki (although you are not required to edit the wiki in order to pass the course - but e.g. suggestions to the course library are definitely appreciated!).

How do we work

Lectures/discussions

The course will blend traditional lectures with text chat discussions. Each lecture will consist of 3-4 mini-lectures (15-20 minutes each; mostly on a single umbrella topic) alternating with 5-10 minute discussion breaks in the MS Teams text chat. We will use the latter rather than voice chat - it will accommodate more people within the limited timeframe. The text chat will be open throughout the lecture (everyone can add comments and questions), but the lecturer will only be able to respond during the discussion breaks.

As attendance also counts towards passing the course (5 out of 8 need to be attended; see the Grading section below), the best way to ensure that you get registered is to take active part in the discussion. :)

Lectures/discussions will run throughout the course (weekly, see the timetable).


Hands-on seminars

These sessions is where Kristjan will teach some nasty tricks to you... Well, perhaps not quite, but you will receive some practical tasks in social engineering and discuss the results at these seminars. Doing the tasks successfully will result in passing the course (if your attendance level is sufficient). Yet there is another way to pass as well (read on).

The hands-on seminars will be held in the second half of the course (4 in total, see the timetable below).


CotW seminars

The acronym stands for "Crook of the Week" - these seminars are meant for learning about some good historical examples of social engineering. At each of the four seminars, up to three students will present the rest of the crowd some infamous historical figures (so there will actually be even three CotW-s!). Each presentation (~20 minutes) will be followed by discussion of the person, his or her feats, methods etc. A successful presentation will result in passing the course (if your attendance level is sufficient), so this is an alternate way. NB! As there are only 12 slots for presentations, the faster applicants will get them - so if you want to do a CotW presentation, let Kaido know ASAP!

Note: you need to attend 5 seminars out of 8 - whether it is 2+3, 4+1 etc (hands-on vs CotW) is up to you. Of course, you could in fact attend all of them too... :)


Grading

The course uses the pass/fail grading, so if you

  • do the practical tasks at the hands-on seminars or
  • do a CotW presentation, and
  • attend at least 5 lectures/discussions and 5 seminars (regardless of type),

the 3 credit points will be yours.


Timetable

  • Lectures/discussions: on Thursdays 10:00-11:30 Tallinn time, from February 1 to March 21 (8 weeks)
  • Hands-on seminars: on Wednesdays 08:15-09:45 Tallinn time, from February 28 to March 20 (4 weeks)
  • CotW seminars: on Thursdays 12:00-13:30 Tallinn time, from February 29 to March 21 (4 weeks)

All these will take place online in MS Teams.


Final notes

A major point in the course is to try to learn together. The lecturers will learn with you. And should you have any questions, do not hesitate to ask.


Back to the course page