MSc Information Security

What will I cover in this module?

Using a blend of practical and theoretical approaches this module will empower you with the analytical tools to perform pragmatic and ethical system penetration testing. Using popular open source tools you will be given a framework to research and develop innovative methods which can be used to uncover security vulnerabilities in modern networked environments. Research will be performed in how to circumvent real world attacks using novel detection and prevention techniques. Through investigation, analysis and creative design, you will become adept in how to protect systems against internal and external threats.

Learning outcomes

On completion of this module you will be able to:

• Analyse and research the efficacy of computer systems through the use of penetration testing techniques
• Research and design custom protection techniques for identified attack types and justify their use

Areas of study

• Investigating  social engineering and host reconnaissance
• Researching effective ways of utilising and deploying Intrusion Detection Systems (IDS)
• Explore techniques for circumventing IPS/firewalls and how to guard against these
• Analysis and synthesis of research into new techniques for indentifying Windows and Linux server vulnerabilities
• Analysing popular exploits such as buffer overflows and investigating methods of mitigating them
• Critical analysis and evaluation of models of system test plans
• Investigate the most effective ways of creating pragmatic testing plans

How will I be assessed?

100% coursework

• Coursework 1 - 50% - Produce a well researched report which is based on proven and theoretical principles on identifying testing strategies for detecting common and obscure system security issues within a given case study scenario.
• Coursework 2 - 50% - Production of a case study focused report which identifies through experimental research the necessary actions which must be taken to harden a network system and protect it against previously identified attacks

How many credits is it worth?
20

What will I cover in this module?

This module aims to equip students with the advanced knowledge and understanding required to analyse complex security protocols. The module focuses on protocols required to ensure security over remote networks.

LEARNING OUTCOMES 

1. Be able to critically analyse and evaluate the functionality of security protocols under given case study problems and be able to apply and evaluate them under various constraints
2. Critically evaluate and analyse current research into Computer Security and be able to formulate critical academic and professional responses to given research exercises

INDICATIVE CONTENT / AREAS OF STUDY

Advanced Authentication techniques

• Kerberos 4 and Kerberos 5

Cryptographic algorithms

• First generation and second generation algorithms
• Analysis and evaluation of cryptographic algorithms (DES, AES, IDEA, MD5), Elliptic Curve Cryptography.
• Mathematical functions and concepts of encryption algorithms.

Analysis of key exchange algorithms

• Diffie Hellman
• Just Fast Keying
• Oakley
• IKE

Remote Security Protocols

• Analysis of session security protocols such as SSL/TLS
• Advanced understanding and analysis of IPSec and other Internet security protocols
  

Heuristic algorithms and Bayesian Filtering in popular filtering protocols

Current research topics in Network security protocols

How will I be assessed?

100% Coursework

Presentation of a 4,000 word professional report which responds to a specific research question. The assignment rubric may be structured towards meeting the requirements of each programme.

Students will be given opportunities, through both formative and summative assessments, to reflect on their learning to support professional and personal development.

How many credits is it worth?
20

What will I cover in this module?

The management of the security process is a crucial part of the successful implementation of any security process or technique. This module looks at the fundamental and core network and security management issues that affect businesses including the often conflicting organisational goals that can lead to difficult trade-offs between affordability and effective protection.

On successful completion of this module you'll be able to:

1. Analyse and discuss core business security policy issues that ensure the delivery of good and workable security policies
2. Critically evaluate and analyse the security requirements of an organisation.

You'll cover:

• The role of a CISO
• Security, techniques for infrastructure protection
• Security policy formulation
• Business continuity and disaster recovery planning. Backups, cold sites, 
• Access Control and Privilege Management. Biometrics
• Formal Risk Management strategies
• Personnel management, change Management, security training/awareness, administrative responsibilities
• Balancing internal and external threats and protection
• Physical security
• National critical infrastructure protection
• Network monitoring systems. User monitoring.
• Intrusion detection systems, Anomaly based detection systems, host vs network based IDS, honeypots
• Firewalls
• Malware, anti virus, spam filtering.

How will I be assessed?

100% Coursework

A detailed research task and an application of the research to a given case study. The report will be approximately 5,000 words long.

You will be given opportunities, through both formative and summative assessments, to reflect on your learning to support professional and personal development.

How many credits is it worth?
20

What will I cover in this module?

Surveillance technology is ubiquitous in modern British life and being a computer expert, whether in forensic computing, games or any other specialist area of computing, does not free the practitioner from considering questions of its use and abuse. A second and equally important aspect of work as a professional in these areas relates to mental health and psychological robustness of practitioners some of whom who may be faced with accessing and cataloguing extreme materials or dealing with difficult ethical choices under pressure. The professional standards that computer specialists are expected to maintain must rest on an understanding and acceptance of societal definitions of ethical and moral standards.

Learning outcomes

On successful completion of this module, you'll be able to:

1. Analyse and evaluate the ethical challenges which may be present in their day to day work.
2. Apply evaluative analysis to a major case study example.

Areas of study

• Professional bodies, their expectations and regulations.
• Hacking, "ethical hacking".
• The surveillance society. RIPA law. Terrorism and public responses.
• Identity card schemes, Identity theft, social engineering.
• The internet and ethics - legal and boundary issues, regulation and role of government agencies.
• Free speech in cyberspace, pornography, protection of minors.
• On-line gaming. Is it OK to kill in cyberspace? Acceptable behaviour in Second Life.
• Democratic values and the internet.
• Should society have a role in regulating the internet?
• Business and commercial ethics in cyberspace.
• Psychological wellbeing of forensic practitioners. NLP and coaching approaches to dealing with stress.

How will I be assessed?

100% coursework

A 4000 word report which will analyse a specific area of computing with respect to the ethical and moral issues it raises and an appraisal of appropriate responses to the issue. Suitable methodological approaches should be demonstrated in this report.

In addition to the written component students will be required to give a presentation and lead a debate on the topic in class.

How many credits is it worth?
20

What will I cover in this module?

This module provides the opportunity for you to consolidate upon and extend your understanding, skills and knowledge of computing as developed through the programme. Through this module you will demonstrate your knowledge, understanding and skills at masters level. The aim is to ensure that you are able to formulate and tackle real world, commercial problems competently, efficiently, independently, and with relevance to a particular problem and/or application which should draw upon knowledge and experience from the your first degree or equivalent experience.

A dissertation of between 12,000 and 18,000 words will provide the main means of assessment, together with a deliverable quality 'product'. A product may be a piece of software, a detailed design for a system or a feasibility study. Other deliverables, as agreed with the supervisor, will be considered. You must demonstrate their ability to apply what they have learnt on the course in an independent and rigorous fashion.

On successful completion of this module you'll be able to:

1. Critically assess contributions in the literature of a range of academic concepts/paradigms and analyse their relevance to the field of Computing and Informatics in a range of academic and business contexts, leading to the creation and justification of a methodologically sound research programme.
2. Undertake methodologically sound research into a significant computing issue, demonstrating their ability to devise, recommend and/ or implement innovative solutions to the area under investigation, and to be able to present these solutions coherently
3. Adopt a self critical approach and reflect on the processes of planning and undertaking a significant piece of independent research.

You'll cover:

• Choosing a topic and narrowing it down to a concise set of research objectives
• Continual reading for research: about the chosen topic and about research methods
• Thinking about and selecting an appropriate research design/methodology
• Writing a critical literature review
• Collecting both secondary and primary data
• Creating an appropriate artefact
• Analysing data
• Drawing conclusions and assessing their significance in relation to existing work
• Writing up the final dissertation.

How will I be assessed?

100% Coursework

The assessment of the Independent Scholarship module is by a final report in the form of a dissertation and is intended to address all learning outcomes.

How many credits is it worth?
60

What will I cover in this module?

The content of this module is concerned with protecting a network from external and internal threats.  Different methods of system breach will be discussed, as will the mechanisms necessary for detecting and protecting against them, e.g., Firewalls, Anti-malware and Intrusion Detection and Prevention Systems (IDPS).  Students will be assessed on their ability to demonstrate an understanding of how attacks can be perpetrated and detected.

LEARNING OUTCOMES

1. Demonstrate comprehension of the mechanisms of system breach, perimeter defence and intrusion detection.
2. Develop creative thinking to apply or amend the techniques taught, to address issues within the research domain, and offer innovative solutions.

INDICATIVE CONTENT / AREAS OF STUDY

• Anti-malware techniques
• Firewalls and ACLs
• Server log analysis 
• IDS rule creation
• IDS log interpretation
• Inline traffic altering
• Comparison of different IDS techniques
• Ethical Hacking
• System penetration testing
  

How will I be assessed?

You will be assessed by 60% coursework and 40% exam.

• Coursework: a report evidencing learning outcome 2
• Exam: an exam evidencing leanring outcome 1

How many credits is it worth?
20

What will I cover in this module?

The module aims to develop your ability to study at masters level and to develop, plan, execute a research project.

On successful completion of this module you'll be able to:

1. Research, review and critically evaluate current academic literature within a specific context in order to identify the key issues and gaps within current knowledge
2. Demonstrate a critical understanding of research design and methodological enquiry and to propose an appropriate research plan. Reflective evaluation of the impact of ethical values on academic research will be demonstrated
3. Systematically analyse and synthesise researched data and theories.

You'll cover:

• Studying at Masters Level (Literature Review, Critical evaluation concepts and practices, Sources, Search Strategies, Communication of ideas and results)
• Research Project Development (Principles of planning projects and project lifecycles, Identifying tasks and estimating timescales, Risk analysis. Ethical, social and professional issues)
• Analysis and Synthesis of Data and Information (Experiment design, Methodologies for quantitative and qualitative investigations, System modelling concepts and constraints)

How will I be assessed?

100% Coursework

Assessment will be by means of a portfolio of written work demonstrating the achievement of all learning outcomes totalling between 4000 and 5000 words. There will be a strong component of rapid, formative assessment during the delivery of that part of the module relating to learning outcome 1 which will be linked to summative assessment.

How many credits is it worth?
20