The national threat assessments for 2026 are clear: Cyberattacks are no longer just an IT issue —they are a matter of organisational resilience and, increasingly, national security. At Noroff University College, experts are being educated to stand on the front lines where technical incidents intersect with strategic decision-making.
NSM’s Risk 2026 report and The Norwegian Intelligence Service’s Focus 2026 describe a security landscape where cyber operations are persistent, strategic, and closely tied to geopolitics. State actors are using digital tools for espionage, influence operations, and strategic positioning against critical infrastructure.
In this environment, incident response is about more than restoring systems and resuming operations. It is about understanding what actually happened — and what it means for the organisation, the sector, and ultimately national security.
– Digital forensics is no longer a niche discipline. It is a strategic capability that every modern organisation must develop, says Veronica Schmitt, Head of the DFIR programme at Noroff University College.
To meet this growing need, Noroff University College offers a Bachelor’s degree in Digital Forensics and Incident Response (DFIR). The programme combines in-depth technical training in logging, networks, and evidence collection with knowledge of legal frameworks, governance, and organisational processes. The goal is to educate professionals who can work methodically with digital evidence — and translate findings into informed decisions.
When evidence is the only currency that matters
Across sectors, organisations continue to be compromised through known vulnerabilities, weak access controls, and insufficient logging. The issue is often not that attacks go undetected, but that organisations lack the evidentiary foundation needed to properly understand them.
When a serious incident occurs, urgent questions arise:
- Who gained access - and how?
- What systems and data were affected?
- Is the attacker still present?
- Can we distinguish accidental failure from hostile activity?
Without structured logging, synchronised timestamps, and secure procedures for preserving digital evidence, answers become uncertain. Decisions risk being based on assumptions rather than analysis - at precisely the moment when leadership, regulators, and external stakeholders expect clarity.
– Digital evidence is the only reliable currency in today’s hybrid threat landscape. It enables us to distinguish between accidental events and hostile activity, says Emlyn Butterfield, Rector at Noroff University College.
He emphasises that such findings are not merely technical in nature. They form the basis for executive decision-making, regulatory reporting, and strategic learning in the aftermath of incidents.
From technical discipline to strategic resilience
Risk 2026 highlights growing vulnerabilities within energy, water supply, transport, and other critical infrastructure sectors. In these environments, digital incidents can have direct physical consequences. At the same time, many operational technology systems were never designed with forensic investigation in mind, limiting visibility and making evidence collection particularly challenging.
Cyber operations are increasingly part of broader hybrid strategies, where digital intrusions may support intelligence gathering, influence campaigns, or preparations for sabotage. In this context, prevention and response cannot be treated as separate functions. The ability to collect, preserve, and analyse digital evidence must be embedded into governance structures and preparedness strategies before an incident occurs.
Norway’s new Digital Security Act further reinforces this need, introducing stricter requirements for rapid and accurate reporting of serious incidents. Without a solid evidentiary basis, such reporting becomes uncertain — and potentially legally risky.
Cyber incidents are inevitable. The real question is whether organisations are prepared:
- Do we have the logs we need?
- Can we reconstruct an accurate incident timeline?
- Are we preserving evidence — or unintentionally overwriting it?
Addressing today’s threat landscape requires more than tools. It requires professionals who can methodically analyse digital traces and translate findings into decisions that truly matter.
– Our goal is to educate graduates who do more than fix systems. We aim to develop professionals who strengthen resilience and preparedness before a crisis occurs, says Schmitt.
Related programmes
Bachelor
Digital Forensics and Incident Response
The rise in cyber attacks, ransomware and hacking has created a critical need for skilled digital investigators with the ability to respond to cyber security incidents.
Online
Kristiansand
Online+ Oslo/Bergen
Read more
Bachelor
Cyber Security
The programme provides comprehensive training in securing digital systems against online attacks, cybercrime and digital warfare. It equips students for careers focused on strengthening digital defences and protecting data and information.
Online
Kristiansand
Online+ Oslo/Bergen
Read more
Bachelor
Applied Data Science
The programme equips you for a dynamic career, fostering collaboration with businesses to understand and harness the vast amounts of data at their disposal. It also cultivates skills in the field of intelligent AI systems.
Online
Kristiansand
Online+ Oslo/Bergen
Read more