Budapest University of Technology and Economics, Faculty of Electrical Engineering and Informatics

    címtáras azonosítással

    vissza a tantárgylistához   nyomtatható verzió    

    Cybersecurity Operations Fundamentals

    A tantárgy neve magyarul / Name of the subject in Hungarian: Számítógépes rendszerek biztonságos üzemeltetése

    Last updated: 2021. április 19.

    Budapest University of Technology and Economics
    Faculty of Electrical Engineering and Informatics
    Course ID Semester Assessment Credit Tantárgyfélév
    VIHIAV43   0/0/4/f 4  
    3. Course coordinator and department Dr. Holczer Tamás,
    4. Instructors



    Tanszék, Int.:

     Dr. Holczer Tamás

     assisstant professor

     Department of Networked Systems and Services

     Ládi Gergő

     PhD student

     Department of Networked Systems and Services

    5. Required knowledge computer networks, operating systems, basics of IT security
    6. Pre-requisites

    Communication Networks I. (VIHIAB01) or equivalent and Administering Computer Networks in Practice I (VIHIAV39) are recommended but not required. Intermediate knowledge of English is required.

    7. Objectives, learning outcomes and obtained knowledge

    The aim of the course is to provide students an insight into the security problems related to the operation of computer systems. The course also discusses the basics of attacks against computer systems and defense against them. By discussing the possibilities of implementing defense, the students get an insight into the basics of operating a security operations center. The course examines the security of both networks and endpoints, from the perspective of both the attacker and the defender.

    A secondary objective of this course is to help students prepare for the Cisco Certified CyberOps Associate exam which can be taken at independent certification centers.

    8. Synopsis

    After introducing the basic threats the course material is the following:

    • Cyber-attacks, roles: Introduction, basics of SIEMs (Security Incident and Event Monitoring), basics of SOCs (Security Operations Center)
    • Widely used operating systems I.: Secure operations of Windows OS, CLI Shell
    • Widely used operating systems II.: Secure operations of Linux OS, CLI, Shell
    • Basic network protocols, vulnerabilities, countermeasures: Ethernet, IP, ARP, wireless networks, ICMP, NAT, TCP, UDP, DHCP, DNS
    • Application level protocols, vulnerabilities, countermeasures: file sharing, email, web
    • Basics of cryptography, secure routing, secure name resolution
    • Network attacks and vulnerabilities: Penetration testing tools
    • Network monitoring in attack detection
    • Log collection and analysis
    • Public intelligence collection
    • End-point protection
    • Forensics and event handling
    • Midterm test
    • Practical task
    9. Method of instruction

    The course is realized through 4 hours of laboratory work per week, where the acquired theory is applied in practice. Therefore, students have to prepare week-by-week for the laboratory work at home, using mostly the online available material.

    10. Assessment

    The rules of assessments are the following (in accordance with the current rules of BME (TVSz)):

    During the semester:

    • Participation: The participation at the laboratory classes is obligatory. They can be missed up to two times (counting 14 teaching weeks and 4x45 minute long laboratory classes a week, a minimum of 85% participation is required). The absences need to be replaced.
    • Entry tests: Preliminary preparation will be checked at the beginning of each laboratory class. The participation requires a sufficient level of knowledge. If a student fails this test, the laboratory work cannot be started, and it is administrated as a missed class participation, thus it has to be replaced. The preliminary preparation is checked on the 70% of the weeks (max. 10 times) in form of entry tests.
    • Midterm test: During the semester the writing of a written examination is required at a sufficient level. This is done in the place and time of the class. The midterm test can be recapped as described in the "Recaps".
    • Practical task: At the end of the semester, a complex practical exercise has to be solved in the place and time of the class. It is required to solve this task at a sufficient level. The practical task can be recapped as described in the "Recaps".
    • The midterm test and the practical task are evaluated in percentage results. When the above conditions are satisfied, the grade is determined according to the mean value of the midterm test and the practical task results. The grade is calculated using the following ranges:

    0-49 %          fail (1)
    50-59 %        satisfactory (2)
    60-69 %        medium (3)
    70-84 %        good (4)
    85-100 %      excellent (5)

    During the exam period: -

    Other remarks

    The synopsis of this course is based on the Cisco Cyberops Associate course with modification to fit to the university requirements.

    11. Recaps
    • Participation and entry tests: maximum two missed lessons (due to absences or insufficient preparation) can be replaced at a dedicated date (during the semester, or in the replacement week). (3 or more absences cannot be replaced, thus in this case the subject cannot be accomplished.)
    • Practical task: The practical task can be replaced in the designated replacement time (during the semester or the replacement week).
    • Midterm test: The midterm test can be replaced in the designated replacement time (during the semester or the replacement week).
    12. Consultations

    If required, we provide a consultation opportunity at an agreed time.

    13. References, textbooks and resources Ross J. Anderson, "Security Engineering: A guide to building dependable distributed systems", Wiley, 2010
    J. Harris, "Cisco Security Little Black Book", Dreamtech Press, 2002
    O. Santos, J. Muniz, S. D. Crescenzo, „CCNA Cyber Ops", Cisco Press, 2017
    O. Santos, „Cisco CyberOps Associate", Cisco Press, 2020

    14. Required learning hours and assignment



    Preparation for classes


    Preparation for midterm test


    Preparation for the practical task


    Learning of prescribed materials


    Preparation for the exam




    IMSc program



    Tanszék, Int.:

    Dr. Holczer Tamás

    assistant professor

    Department of Networked Systems and Services

    Ládi Gergő

    PhD student

    Department of Networked Systems and Services

    Dr. Farkas Károly

    associate professor

    Department of Networked Systems and Services