Module Descriptors
CYBER SECURITY
COCS50723
Key Facts
Digital, Technology, Innovation and Business
Level 5
30 credits
Contact
Leader: Asma Patel
Email: Asma.Patel@staffs.ac.uk
Hours of Study
Scheduled Learning and Teaching Activities: 52
Independent Study Hours: 248
Total Learning Hours: 300
Assessment
- PRESENTATION weighted at 40%
- GROUP ASSIGNMENT - REPORT (5000 WORDS) weighted at 60%
Module Details
INDICATIVE CONTENT
Fundamental Concepts
Cryptography
Operating Systems security
Access Control
Security and the Web
Security Models & Practice ISO 27001, ISO 27002, COBIT, BS25999
Applications Security
Data Base Security
Authentication in Distributed Systems
Threats and Threat Analysis
Physical / Environmental Security
Security Architecture and Design (system security, virtual environment’s security, memory,
security models and architecture, database security etc)
Access Control (Identification, authentication, ownership, authorization, accountability,
vulnerability assessment, pen testing and threat modelling, access control models, access
control threats etc.)
Software development security
Information Security Governance and Risk Management
Telecommunication and Network security
Operation Security (protecting assets, incident response, change management, system
hardening, trusted pats, auditing, monitoring and reporting)
Business Continuity and Disaster Recovery
Cryptography
Operating Systems security
Access Control
Security and the Web
Security Models & Practice ISO 27001, ISO 27002, COBIT, BS25999
Applications Security
Data Base Security
Authentication in Distributed Systems
Threats and Threat Analysis
Physical / Environmental Security
Security Architecture and Design (system security, virtual environment’s security, memory,
security models and architecture, database security etc)
Access Control (Identification, authentication, ownership, authorization, accountability,
vulnerability assessment, pen testing and threat modelling, access control models, access
control threats etc.)
Software development security
Information Security Governance and Risk Management
Telecommunication and Network security
Operation Security (protecting assets, incident response, change management, system
hardening, trusted pats, auditing, monitoring and reporting)
Business Continuity and Disaster Recovery
ADDITIONAL ASSESSMENT DETAILS
The assessment will consist of two parts:
1. Presentation at a student led seminar of an aspect of cybersecurity, based upon group research underpinned by access to Cyber-security Information Sharing Partnership (C.I.S.P). This will be used to assess learning outcomes 1 and 4. The duration of the presentation will be 10 minutes. (40% weighting).
2. Group assignment. A single 5000 word report, based upon a case study. This report will, in part, contain some form of risk prevention/mitigation plan, based upon the analysis and evaluation of a given case study. This will be used to assess learning outcomes 2 to 4. (60% weighting).
1. Presentation at a student led seminar of an aspect of cybersecurity, based upon group research underpinned by access to Cyber-security Information Sharing Partnership (C.I.S.P). This will be used to assess learning outcomes 1 and 4. The duration of the presentation will be 10 minutes. (40% weighting).
2. Group assignment. A single 5000 word report, based upon a case study. This report will, in part, contain some form of risk prevention/mitigation plan, based upon the analysis and evaluation of a given case study. This will be used to assess learning outcomes 2 to 4. (60% weighting).
REFERRING TO TEXTS
Gollman, D. Computer Security, 2011, 3rd edition, Wiley, ISBN: 978-0470741153
Goodrich, M.T.,& R. Tamassia ,Introduction to Computer Security, 2013, Pearson, ISBN: 978-1292025407
HM Government, The UK Cyber Security Strategy Protecting and promoting the UK in a digital world,
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/60961/uk-cyber-security-strategy-final.pdf
International Organization for Standardization, ISO/IEC 27001:2013 - Information technology -- Security techniques -- Information security management systems -- Requirements".
Johnson, T.A., Cybersecurity: Protecting Critical Infrastructures from Cyber Attack and Cyber Warfare, 2015, ISBN-13: 978-1-48223923-2
Kostopoulos, G.K., Cyberspace and Cybersecurity, 2013, ISBN-13: 978-1-4665-1758-5
Goodrich, M.T.,& R. Tamassia ,Introduction to Computer Security, 2013, Pearson, ISBN: 978-1292025407
HM Government, The UK Cyber Security Strategy Protecting and promoting the UK in a digital world,
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/60961/uk-cyber-security-strategy-final.pdf
International Organization for Standardization, ISO/IEC 27001:2013 - Information technology -- Security techniques -- Information security management systems -- Requirements".
Johnson, T.A., Cybersecurity: Protecting Critical Infrastructures from Cyber Attack and Cyber Warfare, 2015, ISBN-13: 978-1-48223923-2
Kostopoulos, G.K., Cyberspace and Cybersecurity, 2013, ISBN-13: 978-1-4665-1758-5
ACCESSING RESOURCES
Cyber-security Information Sharing Partnership (C.I.S.P.) https://www.cert.gov.uk/cisp
Isolated Forensic/Security Lab
Case Studies
Isolated Forensic/Security Lab
Case Studies
LEARNING OUTCOMES
1. Demonstrate a critical understanding and critically evaluate fundamental aspects of Cyber Security
(KNOWLEDGE & UNDERSTANDING, LEARNING, REFLECTION)
2. Identify risks to the security of Data, Systems and Networks
(ENQUIRY, LEARNING, ANALYSIS)
3. Critically analyse and critically evaluate threats to Data, Systems and Networks
(ENQUIRY, LEARNING, ANALYSIS)
4. Critically analyse the process by which disaster recovery and risk prevention plans are developed and be able to critically evaluate such plans
(LEARNING, ANALYSIS, RELFECTION, COMMUNICATION)
(KNOWLEDGE & UNDERSTANDING, LEARNING, REFLECTION)
2. Identify risks to the security of Data, Systems and Networks
(ENQUIRY, LEARNING, ANALYSIS)
3. Critically analyse and critically evaluate threats to Data, Systems and Networks
(ENQUIRY, LEARNING, ANALYSIS)
4. Critically analyse the process by which disaster recovery and risk prevention plans are developed and be able to critically evaluate such plans
(LEARNING, ANALYSIS, RELFECTION, COMMUNICATION)
Module Learning Strategies
26 hours of lectures and 26 hours of tutorials.
Practical tasks and workshops will be used to re-enforce and apply theory to encourage an analytical and problem based approach. Student developed seminars will be used to enhance understanding where appropriate. These seminars will be based in part around student access to the Cyber-security Information Sharing Partnership (C.I.S.P.) https://www.cert.gov.uk/cisp
Practical tasks and workshops will be used to re-enforce and apply theory to encourage an analytical and problem based approach. Student developed seminars will be used to enhance understanding where appropriate. These seminars will be based in part around student access to the Cyber-security Information Sharing Partnership (C.I.S.P.) https://www.cert.gov.uk/cisp