Some parts of this content are currently available in German only.

Majors Set a focal point in your studies 

The Lucerne School of Computer Science and Information Technology offers four majors in the Information and Cyber Security Bachelor's program: Technology, Management, Digital Forensic and Incident Response, and Attack Specialist and Penetration Tester.

The choice of major allows students to create a focal point for their future careers, providing basic training in several areas to help them enter a wide range of professional fields.

Information and Cyber Security – Major Management

The Management major prepares students for a range of job descriptions and human-made cyber challenges of today and the near future. In addition to vulnerabilities and threats, the major focuses on conceptual and organizational protection according to ISO 2700X, COBIT (Control Objectives for Information and Related Technologies), the BSI's Basic Protection Manual, as well as specific regulations such as the Secret Protection Regulation, data protection law, and the EU's General Data Protection Regulation (GDPR).

more

You will acquire the skills and knowledge to match the following job descriptions, e.g.:

  • Information Security Officer
  • Data Privacy officer
  • Policy Specialist
  • Awareness Expert
  • Incident Manager
  • Business Continuity and Disaster Recovery Manager
  • Statistics und Evaluation Expert
  • Security Performance Manager
  • Chief Information Security Officer (CISO)
  • Information Security Manager
  • Security Sales or Pre-Sales Manager

The Management major encompasses the following related modules:

  • Applied Statistics for Data Science
  • Secure Business Processes & Organisation
  • Crisis Recovery Strategies
  • Privacy by Design
  • Secure Governance and Compliances
  • Two supplementary modules of the student's choosing

Human and Organizational Aspects in Information Security

The human factor is involved in over 80% of cyberattacks and therefore can make a very large contribution to cyber defense. With awareness, individuals are trained to behave consciously and responsibly. The resulting increased security culture builds a fundamentally new collective and sustainable security behavior.

CISO Office Issues

Theory, which cannot be implemented, does not result in security and security is never self-purpose, but security is a means for ensuring operations of a company. Security must therefore be applicable and pragmatic and related to costs, business requirements and company specific acceptable risk. The “Applied CISO Office Issues” module targets to experience pragmatism. Company responsible persons for information security coming from different industries present their organization, processes and methods and give lively insight into the everyday issues of a CISO.

Crisis Recovery Strategies

Strategies for prevention, preparation, detection and reaction against attacks from the internet are prerequisites to understand the practical implementation of the crises processes. Exercises and case studies (50% of this module) are necessary to apply the theory and; provide practical applications. Skills acquired in this module provide will allow you to be able to design of CRS concepts for small and medium-size enterprises.

Secure Governance and Compliances

Cyber and information security is approached with holistics frameworks at the highest management levels in corporations. This approach is successful for SME’s as well as large global companies. Organizational and societal competencies are taught in addition to subject related matters.

Identity Access Management

Part I will outline the technical components of IAM systems including standards and protocols.  Part II is dedicated to IAM applications and processes in a corporate context, covering cloud, operational technology and legacy systems.

Privacy in Organization

Safeguarding privacy in organizations means complying with the GDPR of the EU. Concentrated input and real-life case studies will enable students to perform duties in data privacy in SME's, or large enterprises either as a junior consultant or as an employee.

Secure Business Processes & Organisation

Applied Statistics for Data Science

 

 

Information and Cyber Security – Major Technologie

The Technology major prepares students for a range of career paths and for the human-made cyber challenges of today and the near future. In addition to vulnerabilities and threats, the major focuses on technical protection concepts, the detection of compromises, post‐attack responses for IT, operational technology (OT), and critical infrastructure.

more

You will acquire the skills and knowledge to match the following job descriptions, e.g.:

  • Security Architect
  • Network Security/FW/IDS Expert, Malware Prevention Specialist
  • Backup & Storage Security Expert
  • Security Analyst
  • OS, VM, System Security Specialist
  • IAM Expert
  • Cloud Security Expert
  • Security Requirement Engineer (System and Software)
  • IoT and SCADA, Security Engineer
  • Secure Programming (advisor/coach)

The Technology major includes the following minor modules:

  • Cyber Defence
  • Security Mechanism
  • Network Security (Layer 1 - 4)
  • Critical infrastructures 
  • Cyberphysical Systems
  • Statistic for Data Science
  • Two supplementary modules of the student's choosing

Critical infrastructures security

Critical infrastructures are essential for the well-being of a nation and subject to daily attacks. Starting with current attacks and the identification of differences to classical office IT, relevant cyber security standards for automation and energy technology are considered. New aspects of critical infrastructures such as energy trading will be dealt with in more detail in preparation for the lab.

Critical infrastructures Lab

Application of cyber security in the lab of the HSLU, which resembles a Swiss power substation. Based on a simulated cyber attack, the lab’s security level is determined, different security concepts are implemented and the effects are observed - all as practice modules.

Security Operation Center Issues

SOC module prepares for supporting SOC teams and generates an understanding of technologies, processes and roles within a SOC. The gathering of data streams and logs will be evaluated automatically with technologies like machine learning and artificial intelligence.

Mobile Security

System and Security

SysSec provides insights for system programming and system security. Students learn, how programs interact with the operating system, how to apply system calls, how operating systems create security and containments, and how and with which  effort  security concepts may be hacked.

Network Defense and Architecture

Advanced topics in ISP and enterprise network domains are explained in relation to characteristics / application fields with special consideration of security issues. Additionally, internet routing (BGP, BGPsec and SCION); protecting DNS with DNSsec, DoH, DoT; L2/L3 redundancies on campus (HSRP, VRRP, RSTP, MST); modern network segmentation concepts such as SDN (OpenFlow) and TrustSec (end point security); (Access-) protection concepts for enterprise networks like NAC (802.1x), zero trust-technologies as well as DDoS threats and mitigation will all be covered.

Reverse Engineering 1

A sound understanding of interconnections from high level languages all the way down to machine code on processors is a prerequisite for developing fast and secure code. This module covers in detail the vertical axis from high level languages down to processor interfaces in theory as well as labs.

Reverse Engineering 2

Reverse engineering in software is the process carried out to regain high level language from executable code and is used to identify vulnerabilities but also to analyse malware. Fundamentals and an introduction to reverse engineering tools including Ghidra are core topics. Lab work will complement the theory blocks.

Cyber Defence

IT security alone is no longer sufficient and must be complemented with cyber defence & deterrence measures. For this purpose, Cyber Defence Centers are being built all over the world. Ethical Hacking, according to the cyber kill chain and detection of “zero day exploits,” are the goal of this module, as well as the content of the cyber defence module.

Secure IOT

Students develop knowledge and practical skills in building IoT secure systems and applying security concepts learned to real-word IoT applications. Topics include: IoT security threads, risks & challenges, technologies & testing tools, attack vectors in IoT, secure solutions with major IoT cloud platforms, major security flaws and past incidents from industries. This course dives into the IoT end-to-end security aspects towards technologies that transform businesses and peoples’ lives.

Information and Cyber Security – Major Digital Forensic and Incident Response

The Digital Forensic and Incident Response major prepares students for the diverse range of career paths and human-made cyber challenges of today and the near future. In Digital Forensics, incidents are investigated and the perpetrators identified: the module teaches to understand digital forensic processes and ways to engage with partner organizations, to conduct and lead investigations using reverse engineering, forensictools, court‐acceptable evidence, and to develop, train, and implement plans in the field of incident response.

more

You will acquire the skills and knowledge to match the following job descriptions, e.g.:

  • Cybercrime Investigator 
  • Digital Forensic Generalist
  • System Observer / Monitoring
  • Case Manager
  • Reverse Engineer
  • Mobile Forensiker
  • System Analyst (Indicator of Compromise (IoC))
  • Vulnerability Analyst / Penetration Tester
  • SOC Analyst or Expert
  • Cyber Defence Centre-Team Member and Responder
  • Intrusion / Incident Manager

The Digital Forensic and Incident Response major encompasses the following related modules

System & Security

SysSec provides insights for system programming and system security. Students learn, how programs interact with the operating system, how to apply system calls, how operating systems create security and containments, and how and with which effort security concepts may be hacked.

Crisis Recovery Strategies

Strategies for prevention, preparation, detection and reaction against attacks from the internet are prerequisites to understand the practical implementation of the crises processes. Exercises and case studies (50% of this module) are necessary to apply the theory and; provide practical applications. Skills acquired in this module provide will allow you to be able to design of CRS concepts for small and medium-size enterprises.

Digital Forensic Legal Issues

Reverse Engineering 1

A sound understanding of interconnections from high level languages all the way down to machine code on processors is a prerequisite for developing fast and secure code. This module covers in detail the vertical axis from high level languages down to processor interfaces in theory as well as labs.

Reverse Engineering 2

Reverse engineering in software is the process carried out to regain high level language from executable code and is used to identify vulnerabilities but also to analyse malware. Fundamentals and an introduction to reverse engineering tools including Ghidra are core topics. Lab work will complement the theory blocks.

Forensic Readiness & Inicident Response

Incident Response und IT-Forensic

Hackers use sophisticated techniques to penetrate and compromise systems. The reaction, identification and securing of evidence is crucial. Exercises and case studies anchor the theory and enables the student to apply theory in practice.

Cyber Defence

IT security alone is no longer sufficient and must be complemented with cyber defence & deterrence measures. For this purpose, Cyber Defence Centers are being built all over the world. Ethical Hacking, according to the cyber kill chain and detection of “zero day exploits,” are the goal of this module, as well as the content of the cyber defence module.

Security Operation Center Issues

SOC module prepares for supporting SOC teams and generates an understanding of technologies, processes and roles within a SOC. The gathering of data streams and logs will be evaluated automatically with technologies like machine learning and artificial intelligence.

Malware Analyse Lab

Information and Cyber Security – Major Attack Specialist and Penetration Tester

The Attack Specialist and Penetration Tester major prepares students for a broad range of job descriptions and human-made cyber challenges of today and the near future by testing software and IT issues with simulated attacks in realistic settings. Students are trained in attack techniques over the course of four modules. In the remaining modules, in-depth foundational knowledge is acquired in malware analysis and reverse engineering. Proficient students can try their luck with Bug Bounty, or conduct active audits of IT assets as a penetration tester.

more

You will acquire the skills and knowledge to match the following job descriptions, e.g.:

  • Penetration Tester
  • Bug Bounty Hunter
  • Hack Back 
  • Security Tester (Generalist)
  • Exploit Developer
  • Offensive Security Specialist

The Attack Specialist and Penetration Tester major includes the following minor modules


Critical infrastructures security

Critical infrastructures are essential for the well-being of a nation and subject to daily attacks. Starting with current attacks and the identification of differences to classical office IT, relevant cyber security standards for automation and energy technology are considered. New aspects of critical infrastructures such as energy trading will be dealt with in more detail in preparation for the lab.

Critical infrastructures Lab

Application of cyber security in the lab of the HSLU, which resembles a Swiss power substation. Based on a simulated cyber attack, the lab’s security level is determined, different security concepts are implemented and the effects are observed - all as practice modules.

Security Operation Center Issues

SOC module prepares for supporting SOC teams and generates an understanding of technologies, processes and roles within a SOC. The gathering of data streams and logs will be evaluated automatically with technologies like machine learning and artificial intelligence.

Malware Analyse Labor

Cyber2

Advanced Penetration Testing

Our fast moving, and interconnected world leads to an increasing number of security critical programming errors. To detect these errors proactively, penetration tests are performed. In exercises and case studies the theory of complex attack methods is anchored and made applicable in practice.

Reverse Engineering 1

A sound understanding of interconnections from high level languages all the way down to machine code on processors is a prerequisite for developing fast and secure code. This module covers in detail the vertical axis from high level languages down to processor interfaces in theory as well as labs.

Reverse Engineering 2

Reverse engineering in software is the process carried out to regain high level language from executable code and is used to identify vulnerabilities but also to analyse malware. Fundamentals and an introduction to reverse engineering tools including Ghidra are core topics. Lab work will complement the theory blocks.

Cyber Defence

IT security alone is no longer sufficient and must be complemented with cyber defence & deterrence measures. For this purpose, Cyber Defence Centers are being built all over the world. Ethical Hacking, according to the cyber kill chain and detection of “zero day exploits,” are the goal of this module, as well as the content of the cyber defence module.

Machine Learning

Students will learn about the basic techniques, tools and architectures of machine learning with a focus on e-commerce, regression analysis, classification via support vectors and decision trees, clustering and recommender systems.

Big Data Management

This module provides a reference model for Business and IT Alignment in Big Data Management (BDM). The aim of the course is to learn how to operationalize BDM in organisations; whether as a vision, strategy, concrete project or an entire programme. The Canvas Reference Model will illustrate how BDM can be designed to include controlled parameters in anything from data collection to business usage and will include understanding their integration, analysis and interaction.

System & Security

SysSec provides insights for system programming and system security. Students learn, how programs interact with the operating system, how to apply system calls, how operating systems create security and containments, and how and with which effort security concepts may be hacked.

 

Information & Cyber Security – Major Security & Cloud Technologies

Der Major Security & Cloud Technologies ist im Studiengang Information & Cyber Security ein Kernmodul, und muss von allen Studierenden besucht werden. Ist so ein integrierter Teil im ICS Studium.

more

Cloud Technology
The functionality and interaction of virtualized servers, storage and networks as a basic platform for cloud services are just as much a focus of this module as the application of DevOps methods and IaaS (Infrastructure as a Service). It conveys the understanding and the necessary technical basics to understand the building blocks of a cloud infrastructure and focuses on the technology to be able to provide highly scalable services on demand.

Cloud Anwendung und Betrieb
Construction and automated provision of platform cloud services (PaaS) and application services (SaaS) on the basis of an existing cloud infrastructure. On the one hand, the module shows how cloud infrastructures can be orchestrated and platform services and application services can be defined and then also automatically provided; on the other hand, how services created inhouse can be linked with commercial and standardized services.

Cloud Infrastruktur
The module shows, from the perspective of the user, the evaluation criteria and processes for the utilization of standard software and cloud services, business aspects of “make or buy”, the impact of cloud-based infrastructures on IT operations and operational aspects of hybrid structures in a cloud environment. It explains current platform trends and their utilization. Current hybrid structures are explained with a practical introduction to cloud environments (e.g. Azure or Amazon AWS) and a case study.
 
Infrastructure Automation
The ever-increasing pressure for more efficiency and automation of IT infrastructures must be countered. This module shows ways and means how to manage a wide range of tasks and tools when setting up and operating IT infrastructures such as networks, servers and applications, both on-prem and in the cloud.

Cyber Security Architecture
An overall view of cyber security systems and architectures is covered. All types of cyber systems will be discussed: on premises, cloud, and all combined and hybrid scenarios. The focus is on system analysis, specific risks, common security models and processes including system design, fundamental design patterns and principles. Methodology and models will be taught which can be applied independently of specific technologies or environments.

Cyber Defence
IT security alone is no longer sufficient and must be complemented with cyber defence & deterrence measures. For this purpose, Cyber Defence Centers are being built all over the world. Ethical Hacking, according to the cyber kill chain and detection of “zero day exploits,” are the goal of this module, as well as the content of the cyber defence module.

Network Defense and Architecture
Advanced topics in ISP and enterprise network domains are explained in relation to characteristics / application fields with special consideration of security issues. Additionally, internet routing (BGP, BGPsec and SCION); protecting DNS with DNSsec, DoH, DoT; L2/L3 redundancies on campus (HSRP, VRRP, RSTP, MST); modern network segmentation concepts such as SDN (OpenFlow) and TrustSec (end point security); (Access-) protection concepts for enterprise networks like NAC (802.1x), zero trust-technologies as well as DDoS threats and mitigation will all be covered.
 
Security Operation Center Issues
SOC module prepares for supporting SOC teams and generates an understanding of technologies, processes and roles within a SOC. The gathering of data streams and logs will be evaluated automatically with technologies like machine learning and artificial intelligence.
 
Forensic Readiness and Inicident Response
The basics of digital forensics will be taught from various perspectives by practical lectures. This includes processes, governance, organizational and legal aspects as well as dealing with service providers and authorities. The teaching of the theory includes practical examples and the application of digital forensics tools.

Incident Response and IT-Forensic 
Hackers use sophisticated techniques to penetrate and compromise systems. The reaction, identification and securing of evidence is crucial. Exercises and case studies anchor the theory and enables the student to apply theory in practice.

System and Security
SysSec provides insights for system programming and system security. Students learn, how programs interact with the operating system, how to apply system calls, how operating systems create security and containments, and how and with which effort security concepts may be hacked.

 

Information & Cyber Security – Major Free Choice

Studierende, die ihr eigenes Programm zusammenstellen wollen, dürfen dies. Sie können aus sämtlichen Modulen auswählen und bis zu 43% ihres Studiums selber gestalten. Sie erhalten einen Abschluss als BSc Information & Cyber Security ohne Angabe eines spezifischen Majors im Diplom.

Information & Cyber Security – Major Cyber Security+

Studierende welche eine Spezialisierung zu ihrem Programm hinzufügen wollen, wie zum Beispiel Machine Learning, Software-Entwicklung, Robotik oder andere Fachgebiete welche die HSLU anbieten kann, können eine Abmachung mit dem Studiengangleiters des Bachelor Programms abschliessen um diese Spezialisierung als Major einzutragen. Diese Abmachung wird vor Besuch der Major-Module geschlossen, typischerweise nach Abschluss des Assessment Levels.