SCQF Level: 11
Module Code: CMP508
Credit Value: 20
Term: Term 1
School: School of Arts, Media and Games
Information is one of the most valuable assets in organisations. Security breaches are increasing in frequency and severity, can cost companies millions of pounds and reputational damage, and endanger national security. Information Security is therefore becoming more and more important, and reflected e.g. in the government's "keeping the UK safe in cyberspace" policy (see https://www.gov.uk/government/policies/keeping−the−uk−safe−in−cyberspace).
The aim of this module is twofold: (a) to consider the many forms of threats to information systems and appropriate countermeasures, and (b) to provide the student with an understanding of the architecture and management of modern computer networking and of the security implications of the many possible architectural structures.
By the end of this module the student should be able to:
1. Assess the range of vulnerabilities and threats to the data, intellectual property and operational capability of an organisation and recommend appropriate responses.
2. Critically evaluate a range of possible security architectures and network solutions.
3. Analyse the architecture and implementation of networked systems for weak points and recommend improvements or solutions.
1 Information Security, policy and strategy
The 3 pillars of information Security: Confidentiality, Integrity, Availability. Types of Control: Physical, technical, procedural/organisational, personal. Role and function of info sec policy. Examples of policies: e.g. acceptable use, password policy.
2 Threat modelling and risk
Threats, vulnerabilities, risks. The threat landscape. The risk management life cycle: assessing and handling risk. Security economics
3 Security audit and testing
Security audit and testing Understanding audit-ability, audit processes. The ISO 27000 series and related standards such as ISO 9000, ISO 14000
4 Data, storage and security
Modern data storage and backup technologies. Database Hardening, Access controls, discovering and assessing intrusions. Disaster planning and disaster recovery. The Data Protection Act and legal issues involved in backing up and storing data. Backup of cloud based systems and the associated security and privacy issues.
5 Cryptography and hashing
Symmetric / asymmetric, public and private keys. Algorithms. Purpose and function of hashing.
6 Header 6
Network components, hierarchical design, LAN, WAN, wireless and mobile, protocols, use of firewalls and intrusion detection systems. Public, private and hybrid clouds. VPN technologies and multi−site private networks.
7 Network Management and Security
Network management protocols, current practice and tools. User authentication systems and practice. Remote working and bring your own device policies. Management of multi−platform client devices. Legal reasons for implementing security measures, the effects of attacks and developing preventative strategies. Distributing updates and enforcing policies.
8 Distributed application structure
RPC, web services, remote databases, SaaS and PaaS, mashups, federated security, security implications, server hardening, cloud security and privacy.
9 Case studies of specialist areas
A typical example would be critical infrastructure and SCADA (supervisory control and data acquisition) networks. Another example is the architecture and security of remote authentication offered as a service.
e.g. Human factors in security, Deperimeterisation, BYOD, intelligence analysis, secure systems development, visualisation, data analysis, data mining for security
Statement on Teaching, Learning and Assessment
Content will be presented by a mixture of lectorials and student−led seminars. Assessment will be by means of coursework reports on laboratory work and case studies. Lectures constitute 12 of 50 hours class contact. The remainder, 76%, is lab or tutorial work of an experimental or investigative nature. Class contact time comprises lectures, tutorials/seminars and supervised laboratory work, amounting to 25% of the module time. The remainder, 75%, is independent study or assessment. The module will be delivered by a combination of lectures, lab based practical work and tutorial sessions for discussion, which will allow the students to put into practice many of the topics presented. Case studies will be used wherever possible. TIMETABLING: Timetabled as per MSc EHCS Programme specification, in one 4 hour or 2 two hour blocks in a Network lab (4510 or 2022). The block will be used flexibly, mixing lectorial, seminar and practical as appropriate.
Teaching and Learning Work Loads
|Supervised Practical Activity||26|
|Unsupervised Practical Activity||0|
Credit Value – The total value of SCQF credits for the module. 20 credits are the equivalent of 10 ECTS credits. A full-time student should normally register for 60 SCQF credits per semester.