Module overview
The module complements the Foundations of Cyber Security module for Cyber Security MSc students by providing a practical grounding in cyber security practices in larger scale, networks, distributed systems and web applications. The module is also offered to select other MSc programmes.
The aims at a high level are to:
- Investigate security issues around web-based and networked systems
- Review a variety of security frameworks, standards and best practices, and understand how to apply these to exemplar scenarios
- Implications of passive monitoring for communication software systems
- Provide examples of posture assessment, network penetration testing and exploring system vulnerabilities
Aims and Objectives
Learning Outcomes
Knowledge and Understanding
Having successfully completed this module, you will be able to demonstrate knowledge and understanding of:
- The core technical elements of security systems
- The current trends in cyber security; threats, their importance, and why they are hard to face
- Cyber security frameworks, standards and best practices, and how to apply these within an organisation
Subject Specific Practical Skills
Having successfully completed this module you will be able to:
- Perform a security assessment for an organisation as part of a team
- Use examples of security penetration testing tools
Subject Specific Intellectual and Research Skills
Having successfully completed this module you will be able to:
- Recognise and discuss examples of cyber security vulnerabilities
Transferable and Generic Skills
Having successfully completed this module you will be able to:
- Communicate effectively on a broad range of issues with security professionals
Syllabus
Posture assessment
- Penetration testing
- Web-based systems; OWASP
- Vulnerabilities and exploitation
- Security of database applications
- Injection attacks, cross-site scripting
- Server configuration
Network security
- Network security monitoring (NSM) systems
- Case study: the Domain Name System
- Intrusion detection and prevention
- Denial of service attacks, detection and mitigation
- Implications of pervasive passive monitoring for communicating systems
Cloud-based security
- Virtualisaton - hypervisor security and data protection
- Cloud services – vulnerabilities and protection
- Secure designs for cloud architecture
- Standards, governance and compliance for cloud based infrastructures
Learning and Teaching
Teaching and learning methods
Lecture - 36 hours per semester
Seminar - 8 hours per semester
| Type | Hours |
|---|---|
| Lecture | 36 |
| Preparation for scheduled sessions | 9 |
| Completion of assessment task | 54 |
| Follow-up work | 9 |
| Wider reading or practice | 20 |
| Specialist Laboratory | 12 |
| Revision | 10 |
| Total study time | 150 |
Resources & Reading list
Textbooks
Pfleeger C.P. and Pfleeger S.L (2006). Security in Computing.
Kennedy, D. et al. (2011). Metasploit: The Penetration tester's Guide. no starch press.
Stoll, C (2005). The Cuckoo's Egg. Pocket Books.
Anderson, R (2008). Security Engineering. Wiley.
Assessment
Summative
This is how we’ll formally assess what you have learned in this module.
| Method | Percentage contribution |
|---|---|
| Continuous Assessment | 50% |
| Final Assessment | 50% |
Referral
This is how we’ll assess you if you don’t meet the criteria to pass this module.
| Method | Percentage contribution |
|---|---|
| Set Task | 100% |
Repeat
An internal repeat is where you take all of your modules again, including any you passed. An external repeat is where you only re-take the modules you failed.
| Method | Percentage contribution |
|---|---|
| Set Task | 100% |
Repeat Information
Repeat type: Internal & External