Skip to main content

Study information

Cyber Security 1 - 2024 entry

MODULE TITLECyber Security 1 CREDIT VALUE30
MODULE CODEECM3437DA MODULE CONVENERUnknown
DURATION: TERM 1 2 3
DURATION: WEEKS 0 11 0
Number of Students Taking Module (anticipated) 20
DESCRIPTION - summary of the module content

***DEGREE APPRENTICESHIP STUDENTS ONLY***

A cyber security analyst is responsible for the implementation, maintenance and support of the security controls that protect an organisation’s systems and data assets from threats and hazards. They ensure that security technologies and practices are operating in accordance with the organisation’s policies and standards to provide continued protection. They require a broad understanding of network infrastructure, software and data to identify where threat and hazard can occur. They are responsible for performing periodic vulnerability assessments to evaluate the organisation’s ongoing security posture and will provide visibility to management of the main risks and control status on an ongoing basis. They respond to security incidents and implement resolution activities across the organisation.

AIMS - intentions of the module

The aim of this module is to build on your skills and knowledge in cyber security principles and techniques and their application in the business context. The module focusses in particular on developing offensive or red team skills, otherwise known as ethical hacking or penetration testing knowledge and skills.  These are crucial elements of risk management and assurance lifecycles.

INTENDED LEARNING OUTCOMES (ILOs) (see assessment section below for how ILOs will be assessed)

On successful completion of this module, you should be able to:

Module Specific Skills and Knowledge:

1. Analyse and evaluate security threats and vulnerabilities to planned and installed information systems or services;

2. Perform security risk assessments for a range of information systems and propose solutions;

3. Perform a business impact analysis proactively or reactively in response to a security incident;

4. Research and investigate common and emerging attack techniques;

5. Identify and analyse potential evidence artefacts for intrusion detection and incident response purposes;

6. Select and use appropriate security testing tools and techniques to provide cyber security audit or assurance of security controls.
 

Discipline Specific Skills and Knowledge:

7. Principles of cyber security tools and techniques;

8. Principles of quantitative and qualitative risk management theory including the role of risk stakeholders;

9. Concepts and approaches to cyber security assurance;

10. Key legislative frameworks and the regulatory landscape for cyber security including Data Protection Act 2018, Network Information System Directive 2018, Regulation of Investigatory Powers Act 2000, ISO 27001;

11. Ethical principles and codes of good practice of at least one significant cyber security professional body and the ethical responsibilities of a cyber security professional;

12. Principles of common security architectures and methodologies;

13. Approaches to deployment of cyber security technology components in digital systems to provide security functionality. For example hardware and software to implement security controls;

14. Discover, identify and analyse security threats, attack techniques and vulnerabilities and recommend mitigation and security controls;

15. Undertake security risk assessments for complex systems without direct supervision and propose a remediation strategy relevant to the context of the organisation;

16. Recommend improvements to the cyber security approaches of an organisation based on research into future potential cyber threats and considering threat trends;

17. Manage cyber security risk;

18. Use appropriate cyber security technology, tools and techniques in relation to the risks identified.

Personal and Key Transferable/ Employment Skills and Knowledge:

19. Has a strong work ethic and commitment in order to meet the standards required;

20. Reliable, objective and capable of both independent and team working;

21. Acts with integrity with respect to ethical, legal and regulatory requirements ensuring the protection of personal data, safety and security;

22. Commits to continuous professional development; maintaining their knowledge and skills in relation to developments in digital and technology solutions that influence their work;

23. Interacts professionally with people from technical and non-technical backgrounds. Presents data and conclusions in an evidently truthful, concise and appropriate manner;

24. Participates in and shares best practice in their organisation, and the wider community for aspects relevant to digital and technology solutions;

25. Maintains awareness of trends and innovations in the subject area, utilising a range of academic literature, online sources, community interaction, conference attendance and other methods which can deliver business value;

26. Champions diversity and inclusion in their work ensuring that digital technology solutions are accessible.

SYLLABUS PLAN - summary of the structure and academic content of the module

• Typical security hazards that may concern an organisation

   o Security context: network security; host OS security; physical security
 
   o Common attack techniques: phishing, social engineering, malware, network interception, blended techniques, denial of service, theft
 
• Types of security:
   o Confidentiality
   o Authentication
   o Non-repudiation
   o Integrity
 
• Risk assessment frameworks
 
• Analysing functional and non-functional security requirements
 
• Analysing environment, assets and system architecture
 
• Researching common and emerging attack techniques
 
• Identifying threats (present, past and future)
 
• Use of tools for penetration testing and packed analysis
 
• Prioritising assets and vulnerabilities
 
• Implementing network security controls in line with policies and standards
 
• Identifying and following organisational security policies and standards
 
• Intelligence analysis
 
• Intrusion detection/prevention and incident response
 
• Identity and access management
LEARNING AND TEACHING
LEARNING ACTIVITIES AND TEACHING METHODS (given in hours of study time)
Scheduled Learning & Teaching Activities 22 Guided Independent Study 128 Placement / Study Abroad 0
DETAILS OF LEARNING ACTIVITIES AND TEACHING METHODS
Category Hours of study time Description
Scheduled learning and teaching activities 18 Online learning activity, including virtual workshops, synchronous and asynchronous virtual lectures and other e-learning.
Scheduled learning and teaching activities 2 Lectures
Scheduled learning and teaching activities 2 Group workshops
Guided independent study 128 Coursework, exam preparation and self-study

 

ASSESSMENT
FORMATIVE ASSESSMENT - for feedback and development purposes; does not count towards module grade
Form of Assessment Size of Assessment (e.g. duration/length) ILOs Assessed Feedback Method
Contribution to class discussion N/A 1-26 Verbal
       

 

SUMMATIVE ASSESSMENT (% of credit)
Coursework 60 Written Exams 40 Practical Exams 0
DETAILS OF SUMMATIVE ASSESSMENT
Form of Assessment % of Credit Size of Assessment (e.g. duration/length) ILOs Assessed Feedback Method
Security controls implementation 60 3,000 words 1-26 Written
Written exam 40 2 hours 1-26 Written

 

DETAILS OF RE-ASSESSMENT (where required by referral or deferral)
Original Form of Assessment Form of Re-assessment ILOs Re-assessed Time Scale for Re-assessment
Security controls implementation (60%) Security controls implementation 1-15 Completed over summer with a deadline in August
Written exam (40%) Written exam (2 hours) 1-15 Referral/deferral period

 

RE-ASSESSMENT NOTES

Deferral – if you miss an assessment for certificated reasons judged acceptable by the Mitigation Committee, you will normally be deferred in the assessment. The mark given for a re-assessment taken as a result of deferral will not be capped and will be treated as it would be if it were your first attempt at the assessment.

Referral – if you have failed the module overall (i.e. a final overall module mark of less than 40%) you may be required to sit a referral. The mark given for a re-assessment taken as a result of referral will be capped at 40%.

RESOURCES
INDICATIVE LEARNING RESOURCES - The following list is offered as an indication of the type & level of
information that you are expected to consult. Further guidance will be provided by the Module Convener

ELE: https://ele.exeter.ac.uk

 

Reading list for this module:

Type Author Title Edition Publisher Year ISBN
Set Stewart, J. M., Chapple, M., Gibson, D. CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide 7th Sybes 2015 978-1119042716
Set Graham, J.. Howard, R., Olson, R. Cyber Security Essentials 1st CRC Press 2011 9781439851234
Set Pfleeger, C. P., Pfleeger, S. L., Margulies, J Security in Computing 5th Prentice Hall 2015 978-0-13-408504-3
CREDIT VALUE 30 ECTS VALUE 15
PRE-REQUISITE MODULES None
CO-REQUISITE MODULES None
NQF LEVEL (FHEQ) 6 AVAILABLE AS DISTANCE LEARNING No
ORIGIN DATE Thursday 14th March 2024 LAST REVISION DATE Thursday 14th March 2024
KEY WORDS SEARCH Cyber, Security

Please note that all modules are subject to change, please get in touch if you have any questions about this module.