Module Descriptors
COMPUTER SECURITY ANALYSIS
COMP50044
Key Facts
Digital, Technology, Innovation and Business
Level 5
20 credits
Contact
Leader: Alistair Mcloughlin-Goldstraw
Hours of Study
Scheduled Learning and Teaching Activities: 28
Independent Study Hours: 172
Total Learning Hours: 200
Pattern of Delivery
- Occurrence A, Stoke Campus, UG Semester 2
- Occurrence B, The Development Manager, UG Semester 2
Sites
- Stoke Campus
- The Development Manager
Assessment
- WRITTEN TEST - 2 HOURS & 100 QUESTIONS weighted at 100%
Module Details
Indiciative Content
The indicative content for the module will be:
Introduction to practical Linux-based systems
Computer Security Analysis concepts
Risk assessment
Ethical and legal issues in computer security
Introduction to Penetration Testing
Penetration Testing Concepts
Recon
Scanning
Gaining Access
Maintaining Access
Covering Tracks
Social Engineering
Vulnerability Assessment
Detecting Compromise
This module will support the development and assessment of the following Core KSBs from the DTSP Apprenticeship Standard:
Knowledge
K1 How organisations adapt and exploit digital technology solutions to gain a competitive advantage.
K3 Principles of estimating the risks and opportunities of digital and technology solutions.
K8 How teams work effectively to produce digital and technology solutions.
K11 The nature and scope of common vulnerabilities in digital and technology solutions. For example, the risks of unsecure coding and unprotected networks
K17 Reporting techniques, including how to synthesise information and present concisely, as appropriate to the target audience.
Skills
S2 Identify risks, determine mitigation strategies and opportunities for improvement in a digital and technology solutions project.
S3 Analyse a business problem to specify an appropriate digital and technology solution.
S5 Apply relevant standard processes, methods, techniques and tools. For example, ISO Standards, Waterfall, Agile in a digital and technology solution project S9
S15 Apply relevant legal, ethical, social and professional standards to a digital and technology solution.
Behaviours
B3 Acts with integrity with respect to ethical, legal and regulatory requirements ensuring the protection.
B4 Commits to continuous professional development; maintaining their knowledge and skills in relation to developments in digital and technology solutions that influence their work.
B5 Interacts professionally with people from technical and non-technical backgrounds. Presents data and conclusions in an evidently truthful, concise and appropriate manner.
This module will support the development and assessment of the following Specialist Route Knowledge, Skills and Behaviours from the DTSP Apprenticeship Standard:
Cyber Security Analyst
Knowledge
K45 Principles of cyber security tools and techniques.
K46 Principles of quantitative and qualitative risk management theory including the role of risk stakeholders.
K47 Concepts and approaches to cyber security assurance
K48 Key legislative frameworks and the regulatory landscape for cyber security including Data Protection Act 2018, Network Information System Directive 2018, Regulation of Investigatory Powers Act 2000, ISO 27001.
K50 Ethical principles and codes of good practice of at least one significant cyber security professional body and the ethical responsibilities of a cyber security professional.
K51 Principles of common security architectures and methodologies.
K52 Approaches to deployment of cyber security technology components in digital systems to provide security functionality. For example, hardware and software to implement security controls.
Skills
S40 Discover, identify and analyse security threats, attack techniques and vulnerabilities and recommend mitigation and security controls.
S41 Undertake security risk assessments for complex systems without direct supervision and propose a remediation strategy relevant to the context of the organisation.
S42 Recommend improvements to the cyber security approaches of an organisation based on research into future potential cyber threats and considering threat trends.
S43 Manage cyber security risk.
S44 Use appropriate cyber security technology, tools and techniques in relation to the risks identified.
S46 Analyse cyber security requirements against other design requirements for systems or products, identify conflicting requirements and recommend appropriate solutions with clear explanation of costs and benefits.
Introduction to practical Linux-based systems
Computer Security Analysis concepts
Risk assessment
Ethical and legal issues in computer security
Introduction to Penetration Testing
Penetration Testing Concepts
Recon
Scanning
Gaining Access
Maintaining Access
Covering Tracks
Social Engineering
Vulnerability Assessment
Detecting Compromise
This module will support the development and assessment of the following Core KSBs from the DTSP Apprenticeship Standard:
Knowledge
K1 How organisations adapt and exploit digital technology solutions to gain a competitive advantage.
K3 Principles of estimating the risks and opportunities of digital and technology solutions.
K8 How teams work effectively to produce digital and technology solutions.
K11 The nature and scope of common vulnerabilities in digital and technology solutions. For example, the risks of unsecure coding and unprotected networks
K17 Reporting techniques, including how to synthesise information and present concisely, as appropriate to the target audience.
Skills
S2 Identify risks, determine mitigation strategies and opportunities for improvement in a digital and technology solutions project.
S3 Analyse a business problem to specify an appropriate digital and technology solution.
S5 Apply relevant standard processes, methods, techniques and tools. For example, ISO Standards, Waterfall, Agile in a digital and technology solution project S9
S15 Apply relevant legal, ethical, social and professional standards to a digital and technology solution.
Behaviours
B3 Acts with integrity with respect to ethical, legal and regulatory requirements ensuring the protection.
B4 Commits to continuous professional development; maintaining their knowledge and skills in relation to developments in digital and technology solutions that influence their work.
B5 Interacts professionally with people from technical and non-technical backgrounds. Presents data and conclusions in an evidently truthful, concise and appropriate manner.
This module will support the development and assessment of the following Specialist Route Knowledge, Skills and Behaviours from the DTSP Apprenticeship Standard:
Cyber Security Analyst
Knowledge
K45 Principles of cyber security tools and techniques.
K46 Principles of quantitative and qualitative risk management theory including the role of risk stakeholders.
K47 Concepts and approaches to cyber security assurance
K48 Key legislative frameworks and the regulatory landscape for cyber security including Data Protection Act 2018, Network Information System Directive 2018, Regulation of Investigatory Powers Act 2000, ISO 27001.
K50 Ethical principles and codes of good practice of at least one significant cyber security professional body and the ethical responsibilities of a cyber security professional.
K51 Principles of common security architectures and methodologies.
K52 Approaches to deployment of cyber security technology components in digital systems to provide security functionality. For example, hardware and software to implement security controls.
Skills
S40 Discover, identify and analyse security threats, attack techniques and vulnerabilities and recommend mitigation and security controls.
S41 Undertake security risk assessments for complex systems without direct supervision and propose a remediation strategy relevant to the context of the organisation.
S42 Recommend improvements to the cyber security approaches of an organisation based on research into future potential cyber threats and considering threat trends.
S43 Manage cyber security risk.
S44 Use appropriate cyber security technology, tools and techniques in relation to the risks identified.
S46 Analyse cyber security requirements against other design requirements for systems or products, identify conflicting requirements and recommend appropriate solutions with clear explanation of costs and benefits.
Assessment Details
A 100-question written test, online, covering all of the conceptual issues that are explored during the course,
The format of the assessment being test-based means that this is in line with industry standard for certifications in the field.
Learning Outcomes 1,2,3,4
Assessing the following KSBs:
Cyber Security Analyst
Knowledge
K45 Principles of cyber security tools and techniques.
K46 Principles of quantitative and qualitative risk management theory including the role of risk stakeholders.
K47 Concepts and approaches to cyber security assurance
K48 Key legislative frameworks and the regulatory landscape for cyber security including Data Protection Act 2018, Network Information System Directive 2018, Regulation of Investigatory Powers Act 2000, ISO 27001.
K50 Ethical principles and codes of good practice of at least one significant cyber security professional body and the ethical responsibilities of a cyber security professional.
K51 Principles of common security architectures and methodologies.
The format of the assessment being test-based means that this is in line with industry standard for certifications in the field.
Learning Outcomes 1,2,3,4
Assessing the following KSBs:
Cyber Security Analyst
Knowledge
K45 Principles of cyber security tools and techniques.
K46 Principles of quantitative and qualitative risk management theory including the role of risk stakeholders.
K47 Concepts and approaches to cyber security assurance
K48 Key legislative frameworks and the regulatory landscape for cyber security including Data Protection Act 2018, Network Information System Directive 2018, Regulation of Investigatory Powers Act 2000, ISO 27001.
K50 Ethical principles and codes of good practice of at least one significant cyber security professional body and the ethical responsibilities of a cyber security professional.
K51 Principles of common security architectures and methodologies.
Learning Strategies
The module will be delivered in a Blended Learning Mode consisting of face to face, online and guided learning sessions.¿
¿
Teaching sessions will blend theory and practical learning and most importantly where possible contextualised in your workplace as part of your apprenticeship. Learners will be introduced to curriculum concepts and ideas and will then be able to apply theory to practical examples. In addition, students will be provided with a range of resources for independent study such as case studies, academic papers, and industry case studies.¿ There will be a mixture of practical and theoretical formative (mock or practice) exercises which will help students build knowledge and confidence in preparation for summative (formal) assessment.¿
¿
The delivery will be delivered as follows:¿
¿
Module Launch week: 12 hours.¿
There will be a module launch session consisting of up to 12 hours face to face contact time devoted to developing your understanding of the core purpose and assessment of the module.¿ Learners will be presented with details of how the learning will be structure and how to access to the learning materials for the remainder of the module.¿
¿
Structured Learning Sessions: 15 hours¿
Following the module launch week you will have a further 15 hours of contact time as a class with the module team.¿ This will typically be as 10 x 1.5-hour online classes which will be a combination of activities including lectures, demonstrations, discussions, tutorials and seminars.¿ Some sessions are likely to be in flipped classroom style, where you will be expected to watch online recordings, read materials, or respond to practical activities in preparation for active engagement with problem solving in the online session.¿
¿
1:1 Progress Checks: 1 hour¿
As a Blended Learner understanding your progress can be a challenge so you are allocated an hour of 1:1 time with your tutor (typically 3 x 20 minute).¿ Some of these may be in small groups if appropriate.¿ These sessions may be used to discuss key topics, troubleshoot solutions, review working drafts etc.¿
¿
Guided Independent Learning: 172 hours.¿
The module leader will provide resources through the virtual learning environment which will include videos and presentations as well as links to useful websites and other resources.¿ Additional academic learning will be achieved through reading around the subject area, module tutors will suggest useful texts, though many others will be suitable and can be found in our e-library. You should also draw on the expertise in your workplace via your workplace mentor and other colleagues.¿ If you require help understanding any of the concepts, you should contact your module tutor for assistance.¿
As an apprentice you are constantly developing your Digital Skills as part of your substantial role, and this applies to the development of the knowledge for your modules too.¿ In some cases, there will be a significant cross over between the module content and your workplace experience to data and in others less so depending on the nature of your workplace duties, this will have a direct impact on to the number of Independent Learning required.¿
¿
Within the Independent learning time you will be expected to complete your assignments, as a guide a typical module assignment should take around 60 hours to complete.¿
¿
Teaching sessions will blend theory and practical learning and most importantly where possible contextualised in your workplace as part of your apprenticeship. Learners will be introduced to curriculum concepts and ideas and will then be able to apply theory to practical examples. In addition, students will be provided with a range of resources for independent study such as case studies, academic papers, and industry case studies.¿ There will be a mixture of practical and theoretical formative (mock or practice) exercises which will help students build knowledge and confidence in preparation for summative (formal) assessment.¿
¿
The delivery will be delivered as follows:¿
¿
Module Launch week: 12 hours.¿
There will be a module launch session consisting of up to 12 hours face to face contact time devoted to developing your understanding of the core purpose and assessment of the module.¿ Learners will be presented with details of how the learning will be structure and how to access to the learning materials for the remainder of the module.¿
¿
Structured Learning Sessions: 15 hours¿
Following the module launch week you will have a further 15 hours of contact time as a class with the module team.¿ This will typically be as 10 x 1.5-hour online classes which will be a combination of activities including lectures, demonstrations, discussions, tutorials and seminars.¿ Some sessions are likely to be in flipped classroom style, where you will be expected to watch online recordings, read materials, or respond to practical activities in preparation for active engagement with problem solving in the online session.¿
¿
1:1 Progress Checks: 1 hour¿
As a Blended Learner understanding your progress can be a challenge so you are allocated an hour of 1:1 time with your tutor (typically 3 x 20 minute).¿ Some of these may be in small groups if appropriate.¿ These sessions may be used to discuss key topics, troubleshoot solutions, review working drafts etc.¿
¿
Guided Independent Learning: 172 hours.¿
The module leader will provide resources through the virtual learning environment which will include videos and presentations as well as links to useful websites and other resources.¿ Additional academic learning will be achieved through reading around the subject area, module tutors will suggest useful texts, though many others will be suitable and can be found in our e-library. You should also draw on the expertise in your workplace via your workplace mentor and other colleagues.¿ If you require help understanding any of the concepts, you should contact your module tutor for assistance.¿
As an apprentice you are constantly developing your Digital Skills as part of your substantial role, and this applies to the development of the knowledge for your modules too.¿ In some cases, there will be a significant cross over between the module content and your workplace experience to data and in others less so depending on the nature of your workplace duties, this will have a direct impact on to the number of Independent Learning required.¿
¿
Within the Independent learning time you will be expected to complete your assignments, as a guide a typical module assignment should take around 60 hours to complete.¿
Learning Outcomes
Demonstrate an understanding of core computer security principles
Perform security risk assessments for a range of information systems and propose solutions
Communicate effectively the results of a penetration test
Explain and justify the social and ethical issues relating to computer security, risk assessment and security testing.
Perform security risk assessments for a range of information systems and propose solutions
Communicate effectively the results of a penetration test
Explain and justify the social and ethical issues relating to computer security, risk assessment and security testing.
Texts
All texts and electronic resources will be updated and refreshed on an annual basis and available for students via the online Study Links resource platform. All reference materials will be collated and curated and aligned to Equality, Diversity & Inclusion indicators.
Peter Trim and Yang-Im Lee, Cyber Security Management: A Governance, Risk and Compliance Framework, Routledge; 1 edition, 2014
James S. Tiller, The Ethical Hack “A Framework for Business Value Penetration Testing”, AUERBACH PUBLICATIONS, 2005
Abhinav Singh, Metasploit Penetration Testing Cookbook, Packt Publishing Limited, 2012
Steve Manzuik, Network Security Assessment: from vulnerability to patch, 2007, Syngress William
Harris, S., Harper, A., Eagle, C. Ness, J., Gray Hat Hacking: The Ethical Hacker's handbook, 4th edition, McGraw-Hill, 2015
Rafay Baloch, Ethical Hacking and Penetration Testing Guide, CRC Press, 2015
Resources
Please detail the specific technical (hardware, software etc.) resources that students will engage with. Please be descriptive and transparent.
VMWare Workstation Pro
Linux-based Virtual Machine image
Machine with minimum i5 processor (or equivalent) | 16 GB RAM | 250GB SSD Storage
Wireshark
VMWare Workstation Pro
Linux-based Virtual Machine image
Machine with minimum i5 processor (or equivalent) | 16 GB RAM | 250GB SSD Storage
Wireshark
Web Descriptors
The module will prepare you for the cyber security industry, looking at a range of issues from Red Teaming through Blue Teaming.
Conceptual information will be given on both sides of the security coin – along with practical-based work on defensive and forensic issues.
Conceptual information will be given on both sides of the security coin – along with practical-based work on defensive and forensic issues.
Special Admission Requirements
There shouldn’t be any specific admission requirements but if there is then please liaise with Russell Campion in the first instance.