PROGRAMME SYLLABUS

Cybersecurity (one year master), 60 credits

Programmestart: Autumn 2025

School of Engineering, Box 1026, SE-551 11 Jönköping • VISIT Gjuterigatan 5, Campus

PHONE +46 (0)36-10 10 00 • E-MAIL [email protected] • www.ju.se/eng
 1(5)

PROGRAMME SYLLABUS
Cybersecurity (one year master), 60 credits
Cybersäkerhet (magister), 60 högskolepoäng

Programme TACS4 Programmestart: Autumn 2025

code:
Education Cycle: Second-cycle level
Confirmed by: Dean 2024-10-15
Revised by: 2024-10-15
Version: 3

Title of qualification
Degree of Master (60 credits) with a major in Computer Science, specialisation in Cybersecurity.

Programme overview
Background
Cybersecurity breaches are heavily affecting our society, and the protection of assets has become
big business. We see cybersecurity-related issues daily in the news, such as ransomware attacks,
identity theft and data breaches. In recent years, we have seen more financially-motivated
adversaries and state-sponsored attacks, making it an uneven playing field, especially for smaller
organisations with limited resources. Cybersecurity is considered a horizontal market which
implies it cuts through vertical sectors, such as manufacturing, automotive, banking, education,
healthcare, retail, and more. This means there is a need to protect assets virtually anywhere in
society. One prime example is the manufacturing sector which has its aim set at Industry 5.0,
where the common theme is digitalisation, connectivity, and automation. With such
transformation comes increased dependency on hardware and software that controls and
monitors industrial equipment, Operational Technology (OT). Such OT is at the core of
production, and their functioning is critical to operation. To fully leverage OT, such systems are
often connected to networks and have humans in the loop. With the introduction of OT comes a
new range of challenges connected to cybersecurity.

The increased focus and need for cybersecurity solutions have created significant demand for
skilled professionals.

This master's programme in cybersecurity helps students acquire the skills required to take on
the challenge of protecting our society.

Objectives
The programme is intended for students with a bachelor's degree in computer science, computer
engineering, informatics, information systems or similar. By introducing students to core
technologies and concepts in the field, the programme will help them understand, use and
implement solutions that address cybersecurity-related issues.

The programme aims to provide knowledge that enhances the skills and abilities of students
with different IT-related backgrounds by providing broad cybersecurity skills and the possibility
to select a focus in several courses that align with personal interests or backgrounds.
Cybersecurity (one year master), 60 credits 2(5)

Post-graduation employment areas

This master's programme in cybersecurity prepares students for third-cycle courses and research
projects or work in the industry. With the experience provided by the programme, students will
be able to undertake a variety of roles, such as cybersecurity specialist, cybersecurity engineer,
cybersecurity manager, or cybersecurity consultant.

Post-graduation studies
A Master's degree qualifies to apply for further third-cycle education leading to a licentiate or
doctoral degree.

Objectives
On completion of the programme, the student must fulfil the learning outcomes for the degree
of master (60 credits) as laid down in the Higher Education Ordinance:
General learning outcomes
Knowledge and understanding
1. demonstrate knowledge and understanding in the main field of study, including both an
overview of the field and specialised knowledge in certain areas of the field as well as insight into
current research and development work, and
2. demonstrate specialised methodological knowledge in the main field of study.
Competence and skills
3. demonstrate the ability to integrate knowledge and analyse, assess and deal with complex
phenomena, issues and situations even with limited information,
4. demonstrate the ability to identify and formulate issues autonomously as well as to plan and,
using appropriate methods, undertake advanced tasks within predetermined time frames,
5. demonstrate the ability in speech and writing to report clearly and discuss his or her
conclusions and the knowledge and arguments on which they are based in dialogue with
different audiences, and
6. demonstrate the skills required for participation in research and development work or
employment in some other qualified capacity.
Judgement and approach
7. demonstrate the ability to make assessments in the main field of study informed by relevant
disciplinary, social and ethical issues and also to demonstrate awareness of ethical aspects of
research and development work,
8. demonstrate insight into the possibilities and limitations of research, its role in society and the
responsibility of the individual for how it is used, and
9. demonstrate the ability to identify the personal need for further knowledge and take
responsibility for his or her ongoing learning.

Programme-specific learning outcomes

On completion of the programme, the student must also fulfil the following programme-specific
learning outcomes:
Knowledge and understanding
10. display knowledge of the area of cybersecurity and its related subject areas, and
11. display knowledge of the definitions, terminology, and concepts of cybersecurity.
Competence and skills
12. demonstrate skills in using tools for penetration testing and cybersecurity operations, and
13. demonstrate the ability to create risk and privacy impact assessments.
Judgement and approach
14. demonstrate an insight into the societal, legal and ethical aspects of cybersecurity operations,
and
15. demonstrate the ability to suggest risk-based security controls to counter threats and
vulnerabilities.
Cybersecurity (one year master), 60 credits 3(5)

Contents
Programme principles
Instruction is in the form of lectures, seminars, exercises, laboratory sessions and project work.
All courses are held in English. All final course examinations are in English.

The teaching approach in the programme is based, to a large extent, on learning from real-life
scenarios and group learning. Lectures and labs often include examples from real projects, which
put the theoretical material into a practical context. In course assignments, students work in
groups to plan and implement a solution to a problem based on a real-life case. The resulting
solution is reported in both written and oral form. This lays the ground for learning
communication and leadership within a group.

The programme includes an independent degree project worth 15 higher education credits.
Students, individually or in groups of two, prepare and present an assignment in cybersecurity,
applying the knowledge accumulated during the programme and demonstrating the acquired
skills. The degree project is carried out during the last term of the programme and can be done
in close collaboration with a company or an organisation.

Research basis
Within the Department of Computer Science & Informatics, there is a strong focus on research
related to cybersecurity. Cybersecurity is a topic that affects all sectors of society. Here, the focus
is especially on cybersecurity and privacy in the industrial and public sectors, where most of the
cybersecurity research in the department is conducted. Furthermore, there is a particular focus
on human aspects among the staff where contributions on, for example, awareness,
management, usable security and social engineering have been made.

Cybersecurity is a multi- and interdisciplinary field of study that draws on principles from
different subjects, such as computing (e.g., artificial intelligence, privacy, software development),
social sciences (e.g., psychology, ethics, economy), and many more.

The programme is also closely connected to the thematic areas of Jönköping University's SPARK
Research Environment, especially to the sub-environments 1 (Integrated Product and Production
Development for Sustainability and Resilience) and 3 (Human-Centered Industrial AI). In these
sub-environments are the core areas of digitalisation and digital transformation of products and
services, all utterly dependent on cybersecurity. This also makes cybersecurity a foundation to
facilitate research between schools and departments, the industry and the public sector.

Programme progression
The course Cybersecurity Overview gives a holistic view of cybersecurity and its relation to other
subject areas, such as information security and privacy. Also, an overview of general and
industry-specific standards and frameworks within the area is given as a frame of reference.
Cybersecurity denotes a specific focus on risks and vulnerabilities associated with critical
infrastructures and related systems used for connecting them. Hence, a parallel course on
Critical Infrastructure introduces the fundamentals in that area. More specifically, threats,
vulnerabilities and security controls related to industrial control systems (e.g. SCADA and
operational technology) and networks (e.g. Industrial Internet of Things).

Following are two courses with two distinct aims, State-of-the-art and Research Methods in
Cybersecurity and Ethical Hacking and Penetration Testing. The concept of red team/blue team
is central in Ethical Hacking and Penetration Testing, where the focus is on the red team, i.e.,
focus on offensive aspects of cybersecurity. Such aspects include hacking and penetration testing
and the tools and methodologies associated. State-of-the-art and Research Methods in
Cybersecurity (one year master), 60 credits 4(5)

Cybersecurity have two main parts. One aims to provide knowledge in state-of-the-art and
emerging knowledge areas in cybersecurity. The other aims to introduce quantitative scientific
methods in cybersecurity, focusing on descriptive statistics, sampling and survey design and
regression analysis. The spring term starts with a course in Digital Ethics and Privacy and the
Final Project Work in Computer Science. Digital Ethics and Privacy focuses on legal and societal
aspects of cybersecurity with topics including, but not limited to, human values, vulnerabilities,
or intersectionality, engaging students in critique-based thinking and analysis. Moreover, the
course considers privacy, including legal and professional frameworks (e.g., privacy by design, or
privacy impact assessment).

The spring term ends with a Cybersecurity Operations and Incident Response course. In this
course, there is a focus on the blue team, i.e. the defensive aspects of cybersecurity. Such
concepts include network security (including intrusion detection/prevention, firewalls, network
admission control, and virtual private networks), standards and frameworks for incident
response, digital forensics and digital evidence and monitoring.

During their Final Project Work, the students are expected to enhance and deepen their
knowledge of modern trends and discoveries in cybersecurity and contribute their own results to
this area. The Final Project Work requires students to exercise their ability to understand a
problem, identify different solutions to the problem, and choose an appropriate solution.

The programme overview shows the programme structure for both semesters and may be
changed during the programme. For updated programme overview visit http://www.ju.se

Courses
Mandatory courses
Course Name Credits Main field of study Specialised Course Code
in
Cybersecurity Operations and 7.5 Computer Science A1F TCOS25
Incident Response
Digital Ethics and Privacy 7.5 Informatics A1N TEKR23
Ethical Hacking and Penetration 7.5 Computer Science A1F TEHS24
Testing
Final Project Work in Computer 15 Computer Science A1E TEXT25
Science
Critical Infrastructure 7.5 Computer Science A1N TKIR24
State-of-the-art and Research 7.5 Computer Science A1F TFCS24
Methods in Cybersecurity
Cybersecurity Overview 7.5 Computer Science A1N TCSR24

Programme overview
Year 1
Semester 1 Semester 2
Period 1 Period 2 Period 3 Period 4
Critical Infrastructure, 7.5 Ethical Hacking and Digital Ethics and Privacy, Cybersecurity Operations
credits Penetration Testing, 7.5 7.5 credits and Incident Response, 7.5
credits credits
Cybersecurity Overview, 7.5 State-of-the-art and Final Project Work in Computer Science, 15 credits
credits Research Methods in
Cybersecurity, 7.5 credits

Teaching and examination

Throughout the academic year, typically, two courses are taken in parallel. Examination forms
and grades are given by each course module, respectively.
Cybersecurity (one year master), 60 credits 5(5)

Prerequisites
The applicant must hold a minimum of a bachelor's degree (i.e., the equivalent of 180 ECTS
credits at an accredited university) with at least 90 credits in Computer Science, Informatics,
Information Systems, Computer Engineering, or the equivalent. Proof of English proficiency is
required.

Qualification Requirements
To obtain a Degree of Master (60 credits) with a major in Computer Science, specialisation in
Cybersecurity, students must complete a minimum of 60 credits in accordance with the current
programme syllabus.
In addition, a Degree of Bachelor of Science in Engineering/Degree of Bachelor of Science or an
equivalent Swedish or foreign qualification is required.

Quality Development
To come...

Other Information
Admission is under ‘Admission regulations for first- and second cycle courses and study
programmes at Jönköping University (Admission regulations)’.

This syllabus is based on ‘Regulations and guidelines for first-, second- and third-cycle education
at Jönköping University’.