Module Descriptors
CYBER SECURITY FUNDAMENTALS
COMP40080
Key Facts
Digital, Technology, Innovation and Business
Level 4
20 credits
Contact
Leader: Pantaleon Lutta Odongo
Email: pantaleon.lutta@staffs.ac.uk
Hours of Study
Scheduled Learning and Teaching Activities: 28
Independent Study Hours: 30
Total Learning Hours:
Assessment
- RESEARCH REPORT - 2000 WORDS weighted at 60%
- GROUP PRESENTATION - 30 MINUTES weighted at 40%
Module Details
LEARNING OUTCOMES
1. Identify and describe cyber security concepts, threats, vulnerabilities and assurance techniques
Knowledge & Understanding
2. Demonstrate a fundamental understanding of how cyber security fits into the wider IT landscape including technical, human and legal dimensions.
Knowledge & Understanding
Application
3. Demonstrate an understanding of the tools and techniques used by cyber security professionals to protect a variety of computer systems and networks.
Knowledge & Understanding
4. Demonstrate an ability to work collaboratively and conduct risk assessment and analysis to identify and evaluate security threats and hazards in relation to both planned and install IT systems.
Problem Solving
Enquiry
Communication
Knowledge & Understanding
2. Demonstrate a fundamental understanding of how cyber security fits into the wider IT landscape including technical, human and legal dimensions.
Knowledge & Understanding
Application
3. Demonstrate an understanding of the tools and techniques used by cyber security professionals to protect a variety of computer systems and networks.
Knowledge & Understanding
4. Demonstrate an ability to work collaboratively and conduct risk assessment and analysis to identify and evaluate security threats and hazards in relation to both planned and install IT systems.
Problem Solving
Enquiry
Communication
ADDITIONAL ASSESSMENT DETAILS
Cyber Security Related Research Report 60%
You will conduct academic research into a contemporary cyber security case study and produce a research report of 2000 words demonstrating your understanding of core cyber security concepts, technologies and techniques. (Learning Outcomes 1,2 and 3)
Group Presentation with Q&A 40%
You will develop and deliver a 20-minute group presentation followed by up to 10 minutes Q&A into the risk assessment process and how this relates to cyber security, as well as what issues and actions that could be identified within such an assessment. (Learning Outcomes 2, 3 and 4)
Assessing aspects of the following KSBs from the CSTP Apprenticeship Standard:
K1: Foundations of cyber security, its significance, concepts, threats, vulnerabilities and assurance
K12: Threats, vulnerabilities, impacts and mitigations in ICT systems and the enterprise environment
S12: Discover, identify and analyse threats, attack techniques, vulnerabilities and mitigations
K13: Human dimensions of cyber security
S13: Assess culture & individual responsibilities
K15: Management of cyber security risk, tools and techniques
S15: Undertake risk modelling, analysis and trades
K16: Quantitative & qualitative risk management theory & practice, role of risk stakeholders
S16: Undertake risk assessment to an external standard
K26: Legal responsibilities of system owners, users, employers, employees
S26: Develop & apply information security policy to implement legal or regulatory requirements
B2: Makes concise, engaging and well-structured verbal presentations, arguments and explanations.
B4: Able to identify the preferences, motivations, strengths and limitations of other people and apply these insights to work more effectively with and to motivate others.
B5: Able to work effectively with others to achieve a common goal.
B6: Competent in active listening and in leading, influencing and persuading others.
B7: Able to give and receive feedback constructively and incorporate it into his/her own development and life-long learning.
B8: Analytical and critical thinking skills for Technology Solutions development and can systematically analyse and apply structured problem-solving techniques to complex systems and situations.
B10: Can conduct effective research, using literature and other media.
B11: Logical thinking and creative approach to problem solving.
B12: Able to demonstrate a ‘security mind-set’ (how to break as well as make).
B13: Demonstrates business disciplines, ethics and courtesies, demonstrating timeliness and focus when faced with distractions and the ability to complete tasks to a deadline with high quality.
B14: Flexible attitude and ability to perform under pressure.
You will conduct academic research into a contemporary cyber security case study and produce a research report of 2000 words demonstrating your understanding of core cyber security concepts, technologies and techniques. (Learning Outcomes 1,2 and 3)
Group Presentation with Q&A 40%
You will develop and deliver a 20-minute group presentation followed by up to 10 minutes Q&A into the risk assessment process and how this relates to cyber security, as well as what issues and actions that could be identified within such an assessment. (Learning Outcomes 2, 3 and 4)
Assessing aspects of the following KSBs from the CSTP Apprenticeship Standard:
K1: Foundations of cyber security, its significance, concepts, threats, vulnerabilities and assurance
K12: Threats, vulnerabilities, impacts and mitigations in ICT systems and the enterprise environment
S12: Discover, identify and analyse threats, attack techniques, vulnerabilities and mitigations
K13: Human dimensions of cyber security
S13: Assess culture & individual responsibilities
K15: Management of cyber security risk, tools and techniques
S15: Undertake risk modelling, analysis and trades
K16: Quantitative & qualitative risk management theory & practice, role of risk stakeholders
S16: Undertake risk assessment to an external standard
K26: Legal responsibilities of system owners, users, employers, employees
S26: Develop & apply information security policy to implement legal or regulatory requirements
B2: Makes concise, engaging and well-structured verbal presentations, arguments and explanations.
B4: Able to identify the preferences, motivations, strengths and limitations of other people and apply these insights to work more effectively with and to motivate others.
B5: Able to work effectively with others to achieve a common goal.
B6: Competent in active listening and in leading, influencing and persuading others.
B7: Able to give and receive feedback constructively and incorporate it into his/her own development and life-long learning.
B8: Analytical and critical thinking skills for Technology Solutions development and can systematically analyse and apply structured problem-solving techniques to complex systems and situations.
B10: Can conduct effective research, using literature and other media.
B11: Logical thinking and creative approach to problem solving.
B12: Able to demonstrate a ‘security mind-set’ (how to break as well as make).
B13: Demonstrates business disciplines, ethics and courtesies, demonstrating timeliness and focus when faced with distractions and the ability to complete tasks to a deadline with high quality.
B14: Flexible attitude and ability to perform under pressure.
INDICATIVE CONTENT
Key concepts of computer security (Confidentiality, Integrity, Availability)
Indicative topics include:
Security Models and Computer Security Frameworks
Security Policies and Standards
Information security policy and scope ISO27001 & ISO27002
Legal and ethical issues in cyber security
Human Factors
Access Control
Information Risk Management
Incident response management
Cryptography Fundamentals
Risk Assessment
Introduction to Ethical Hacking Concepts
Introduction to Operating System Security
Introduction to Malware
Network Security Considerations
DDoS and DoS attacks
Disaster Recovery
Cloud Technologies and Cloud Security
Firewall Concepts and Basic Configuration
Endpoint Protection Basics
Strong Authentication and Password Policies
Data Backup and Recovery Fundamentals
This module will support the development and assessment of the following Knowledge, Skills and Behaviours from the CSTP Apprenticeship Standard:
K1: Foundations of cyber security, its significance, concepts, threats, vulnerabilities and assurance
K12: Threats, vulnerabilities, impacts and mitigations in ICT systems and the enterprise environment
S12: Discover, identify and analyse threats, attack techniques, vulnerabilities and mitigations
K13: Human dimensions of cyber security
S13: Assess culture & individual responsibilities
K15: Management of cyber security risk, tools and techniques
S15: Undertake risk modelling, analysis and trades
K16: Quantitative & qualitative risk management theory & practice, role of risk stakeholders
S16: Undertake risk assessment to an external standard
K26: Legal responsibilities of system owners, users, employers, employees
S26: Develop & apply information security policy to implement legal or regulatory requirements
B1: Fluent in written communications and able to articulate complex issues.
B2: Makes concise, engaging and well-structured verbal presentations, arguments and explanations.
B4: Able to identify the preferences, motivations, strengths and limitations of other people and apply these insights to work more effectively with and to motivate others.
B5: Able to work effectively with others to achieve a common goal.
B6: Competent in active listening and in leading, influencing and persuading others.
B7: Able to give and receive feedback constructively and incorporate it into his/her own development and life-long learning.
B8: Analytical and critical thinking skills for Technology Solutions development and can systematically analyse and apply structured problem-solving techniques to complex systems and situations.
B10: Can conduct effective research, using literature and other media.
B11: Logical thinking and creative approach to problem solving.
B12: Able to demonstrate a ‘security mind-set’ (how to break as well as make).
B13: Demonstrates business disciplines, ethics and courtesies, demonstrating timeliness and focus when faced with distractions and the ability to complete tasks to a deadline with high quality.
B14: Flexible attitude and ability to perform under pressure.
Learning within this module maps to the following Fundamental British Values:¿¿
Democracy
Tolerance
Rule of law
Individual liberty
Mutual respect
Learning within this module maps to the following principles of Safeguarding & Prevent:¿
Protecting from harm
Preventing radicalisation
Duty of care
Reporting and accountability
Learning within this module maps to the following principles of Equality, Diversity & Inclusion:¿
Accessibility in cyber security
Challenging discrimination
Inclusive practices
Indicative topics include:
Security Models and Computer Security Frameworks
Security Policies and Standards
Information security policy and scope ISO27001 & ISO27002
Legal and ethical issues in cyber security
Human Factors
Access Control
Information Risk Management
Incident response management
Cryptography Fundamentals
Risk Assessment
Introduction to Ethical Hacking Concepts
Introduction to Operating System Security
Introduction to Malware
Network Security Considerations
DDoS and DoS attacks
Disaster Recovery
Cloud Technologies and Cloud Security
Firewall Concepts and Basic Configuration
Endpoint Protection Basics
Strong Authentication and Password Policies
Data Backup and Recovery Fundamentals
This module will support the development and assessment of the following Knowledge, Skills and Behaviours from the CSTP Apprenticeship Standard:
K1: Foundations of cyber security, its significance, concepts, threats, vulnerabilities and assurance
K12: Threats, vulnerabilities, impacts and mitigations in ICT systems and the enterprise environment
S12: Discover, identify and analyse threats, attack techniques, vulnerabilities and mitigations
K13: Human dimensions of cyber security
S13: Assess culture & individual responsibilities
K15: Management of cyber security risk, tools and techniques
S15: Undertake risk modelling, analysis and trades
K16: Quantitative & qualitative risk management theory & practice, role of risk stakeholders
S16: Undertake risk assessment to an external standard
K26: Legal responsibilities of system owners, users, employers, employees
S26: Develop & apply information security policy to implement legal or regulatory requirements
B1: Fluent in written communications and able to articulate complex issues.
B2: Makes concise, engaging and well-structured verbal presentations, arguments and explanations.
B4: Able to identify the preferences, motivations, strengths and limitations of other people and apply these insights to work more effectively with and to motivate others.
B5: Able to work effectively with others to achieve a common goal.
B6: Competent in active listening and in leading, influencing and persuading others.
B7: Able to give and receive feedback constructively and incorporate it into his/her own development and life-long learning.
B8: Analytical and critical thinking skills for Technology Solutions development and can systematically analyse and apply structured problem-solving techniques to complex systems and situations.
B10: Can conduct effective research, using literature and other media.
B11: Logical thinking and creative approach to problem solving.
B12: Able to demonstrate a ‘security mind-set’ (how to break as well as make).
B13: Demonstrates business disciplines, ethics and courtesies, demonstrating timeliness and focus when faced with distractions and the ability to complete tasks to a deadline with high quality.
B14: Flexible attitude and ability to perform under pressure.
Learning within this module maps to the following Fundamental British Values:¿¿
Democracy
Tolerance
Rule of law
Individual liberty
Mutual respect
Learning within this module maps to the following principles of Safeguarding & Prevent:¿
Protecting from harm
Preventing radicalisation
Duty of care
Reporting and accountability
Learning within this module maps to the following principles of Equality, Diversity & Inclusion:¿
Accessibility in cyber security
Challenging discrimination
Inclusive practices
WEB DESCRIPTOR
As the first module of the Cyber Security Technical Professional Degree Apprenticeship this module introduces the fundamental topics that make up a typical Cyber Security role including researching, analysing, modelling, assessing and planning the management of cyber security risks. As well as developing your academic research skills and producing an individual analysis of a security incident, you will also work with a team of CSTP apprentices to undertake research and develop and present your findings relating to the risk assessment and mitigations to a cyber-attack.
LEARNING STRATEGIES
This module will be delivered in a blended learning mode consisting of face to face, online and guided learning sessions.
Teaching sessions will blend theory and practical learning, and most importantly where possible will seek to be contextualised in your workplace as part of your apprenticeship. You will be introduced to curriculum concepts and ideas and will then be able to apply theory to practical examples. In addition, students will be provided with a range of resources for independent study such as case studies, academic papers and industry case studies. There will be a mixture of practical and theoretical formative (mock or practice) exercises which will help you build knowledge and confidence in preparation for summative (formal) assessment.
The delivery will be delivered as follows:
Module Launch week: 12 hours.
There will be a module launch week with up to 12 hours of face-to-face contact time devoted to developing your understanding of the core purpose and assessment of the module. You will be presented with details of how the learning will be structured and how to access to the learning materials for the remainder of the module.
Structured Learning Sessions: 15 hours
Following the module launch week you will have a further 15 hours of attendance-based contact time as a class with the module team. This will typically be as 10 x 1.5-hour online classes. Classes which will be a combination of activities including lectures, demonstrations, discussions, tutorials and seminars. Some sessions maybe in flipped classroom style, where you will be expected to watch online recordings, read materials or respond to practical activities in preparation for active engagement with problem solving in the online session.
1:1 Progress Checks: 1 hour
As a Blended Learner understanding your progress can be a challenge so you are allocated an hour of 1:1 time with your tutor (typically 3 x 20-minute meetings). Some of these may be in small groups if appropriate. These sessions may be used to discuss key topics, troubleshoot solutions, review working drafts etc.
Assignment Development: Time 30 hours
A typical assignment will take you a minimum 30 hours to complete.
This module includes 58 off-the-job (OTJ) training hours as standard, covering new learning funded by the apprenticeship levy. A total 200 nominal learning hours has been attributed to this module, incorporating OTJ training alongside broader academic development beyond levy-funded new learning.
Teaching sessions will blend theory and practical learning, and most importantly where possible will seek to be contextualised in your workplace as part of your apprenticeship. You will be introduced to curriculum concepts and ideas and will then be able to apply theory to practical examples. In addition, students will be provided with a range of resources for independent study such as case studies, academic papers and industry case studies. There will be a mixture of practical and theoretical formative (mock or practice) exercises which will help you build knowledge and confidence in preparation for summative (formal) assessment.
The delivery will be delivered as follows:
Module Launch week: 12 hours.
There will be a module launch week with up to 12 hours of face-to-face contact time devoted to developing your understanding of the core purpose and assessment of the module. You will be presented with details of how the learning will be structured and how to access to the learning materials for the remainder of the module.
Structured Learning Sessions: 15 hours
Following the module launch week you will have a further 15 hours of attendance-based contact time as a class with the module team. This will typically be as 10 x 1.5-hour online classes. Classes which will be a combination of activities including lectures, demonstrations, discussions, tutorials and seminars. Some sessions maybe in flipped classroom style, where you will be expected to watch online recordings, read materials or respond to practical activities in preparation for active engagement with problem solving in the online session.
1:1 Progress Checks: 1 hour
As a Blended Learner understanding your progress can be a challenge so you are allocated an hour of 1:1 time with your tutor (typically 3 x 20-minute meetings). Some of these may be in small groups if appropriate. These sessions may be used to discuss key topics, troubleshoot solutions, review working drafts etc.
Assignment Development: Time 30 hours
A typical assignment will take you a minimum 30 hours to complete.
This module includes 58 off-the-job (OTJ) training hours as standard, covering new learning funded by the apprenticeship levy. A total 200 nominal learning hours has been attributed to this module, incorporating OTJ training alongside broader academic development beyond levy-funded new learning.
TEXTS
Rai, P. K., Ahmad, T. & Pandey, B. K. (eds.) (2025) Embracing the Cloud as a Business Essential: CRC Press.
Baddi, Y., Almaiah, M. A., Almomani, O. & Maleh, Y. (eds.) (2024) The Art of Cyber Defense: From Risk Assessment to Threat Intelligence: Springer.
Reveron, D. S. (2024) Security in the Cyber Age. Cambridge: Polity Press.
Ruparelia, N.B. (2023). Cloud Computing, revised and updated edition. MIT Press.
Brumfield, C. (2022), Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework, Wiley; 1st edition
Gai, S. (2021), Building a Future-Proof Cloud Infrastructure: A Unified Architecture for Network, Security, and Storage Services, Addison-Wesley Professional; 1st edition
GM IT Academy, (2021), Fundamentals of Cyber Security and Network Security Master Guide and Interview Q&A Kindle Edition
Baddi, Y., Almaiah, M. A., Almomani, O. & Maleh, Y. (eds.) (2024) The Art of Cyber Defense: From Risk Assessment to Threat Intelligence: Springer.
Reveron, D. S. (2024) Security in the Cyber Age. Cambridge: Polity Press.
Ruparelia, N.B. (2023). Cloud Computing, revised and updated edition. MIT Press.
Brumfield, C. (2022), Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework, Wiley; 1st edition
Gai, S. (2021), Building a Future-Proof Cloud Infrastructure: A Unified Architecture for Network, Security, and Storage Services, Addison-Wesley Professional; 1st edition
GM IT Academy, (2021), Fundamentals of Cyber Security and Network Security Master Guide and Interview Q&A Kindle Edition
RESOURCES
Access to the internet
Access to Staffordshire University online academic material
VMWare environment to generate virtual environments to experiment with software
Access to several Open-source sites where software can be downloaded from
Library Facilities
Access to Staffordshire University online academic material
VMWare environment to generate virtual environments to experiment with software
Access to several Open-source sites where software can be downloaded from
Library Facilities