SCQF Level: 11
Module Code: CMP506
Credit Value: 20
Term: Term 1
School: School of Arts, Media and Games
This module introduces issues relating to computer security and ethical hacking, including vulnerabilities and techniques for improving defences.
The aim of this module is to analyse how malicious hackers can gain unauthorised access and explore how organisations and individuals can improve their security
By the end of this module the student should be able to:
1. Appraise and assess the relevance of the laws relating to computer crime.
2. Critically evaluate a broad range of techniques used to identify vulnerabilities in a system
3. Critically evaluate intrusion incidents and recommend appropriate countermeasures
1 Background to computer security
Discussion of various different security models, for example the CIA triad and Parkerian Hexad. Understanding of the different ‘nodes’ in an organisation which can impact on security. Requirements for secure systems. Threat landscape. Industry challenges. Human factors affecting security
2 Computer Misuse Act
Detection, prevention and prosecution in the UK/EU. History of legal cases.
3 Privacy and Data Protection
Privacy, Data Protection Act, Surveillance, protecting personal data (UK and EU). Intellectual Property. Relevant cases
4 Techniques for improving computer security defences
The role of firewalls, IDS/IPS and honeynets in security. Antivirus limitations. Acceptable use policies and password policies. The role of education in security. Physical security measures
5 Techniques for evading computer security defences
Various difference attack strategies for example phishing, spearphishing, social engineering will be explored.
Footprinting, scanning, operating system scanning, enumeration, vulnerability detection
Types of viruses and worms. Writing simple viruses using virus creation kits. Anti-virus and anti-malware methodologies for malware removal
8 Pattern matching rules for intrusion detection
Pattern matching rules for intrusion detection
9 Analysing the events triggered by IDS
Analysing the events triggered by IDS
10 Mitigate threates and intrusions identified by IDS
Mitigate threates and intrusions identified by IDS
Statement on Teaching, Learning and Assessment
Content will be presented by a mixture of lectures and practicals. Assessment will be by means of a law assessment and an independent practical exercise where the student will have the opportunity to further develop the skills covered in the class.. A purpose-built and regularly-updated module website is used to provide links to lecture notes, laboratory tasks, assessment briefs, operational matters, and external information. Student project or lab work and student-suggested links are incorporated as and when appropriate.
Teaching and Learning Work Loads
|Supervised Practical Activity||39|
|Unsupervised Practical Activity||0|
Credit Value – The total value of SCQF credits for the module. 20 credits are the equivalent of 10 ECTS credits. A full-time student should normally register for 60 SCQF credits per semester.