Information Security - 2024 entry
MODULE TITLE | Information Security | CREDIT VALUE | 15 |
---|---|---|---|
MODULE CODE | ECM1424DA | MODULE CONVENER | Dr James Penman (Coordinator) |
DURATION: TERM | 1 | 2 | 3 |
---|---|---|---|
DURATION: WEEKS | 0 | 7 | 5 |
Number of Students Taking Module (anticipated) | 100 |
---|
***DEGREE APPRENTICESHIP STUDENTS ONLY***
This module provides you with an introduction to the fundamental principles of Information Technology Security and Risk Management at the organisational level. You will learn critical information and cyber security principles and management. You will also address the role of hardware, software, processes, communications, applications, people and policies and procedures with respect to organisational information security.
The aim of this module is to ensure that you have a good understanding of IT security. In particular, you will be able to demonstrate the following competences:
- Can undertake a security risk assessment for a simple IT system and propose resolution advice.
- Can identify, analyse and evaluate security threats and hazards to planned and installed information systems or services (e.g. Cloud services).
On successful completion of this module you should be able to:
Module Specific Skills and Knowledge
1. Undertake a security risk assessment for a simple system without direct supervision and propose basic remediation advice.
2. Analyse and evaluate security threats and hazards to planned and installed information systems or services (e.g. Cloud services).
3. Explain how the concepts of threat, hazard and vulnerability relate to each other and lead to risk.
4. Describe in simple terms what risk is and how risks are usually characterised (likelihood and impact) and illustrate by use of at least one commonly used tool (e.g. a risk register).
5. Understand the inherent asymmetric nature of cyber security threats.
6. Describe and characterise (in terms of capability, opportunity & motive) examples of threats and also describe some typical hazards that may concern an organisation. Relate these descriptions to example security objectives.
7. Describe some common vulnerabilities in computer networks and systems (for example un-secure coding and unprotected networks).
Discipline Specific Skills and Knowledge
8. Assurance concepts: Explain the difference between ‘trusted’ and ‘trustworthy’ and explain what assurance is for in security.
9. Describe the main approaches to assurance (intrinsic, extrinsic, design & implementation, operational policy & process) and give examples of how these might be applied at different stages in the lifecycle of a system.
10. Explain what penetration testing is and how it contributes to information assurance.
11. Understand both technical and administrative mitigation approaches.
12. Understand the need for a comprehensive security model and its implications for the security manager or Chief Security Officer (CSO).
Personal and Key Transferable / Employment Skills and Knowledge
13. Communicate orally and in writing
14. Think analytically and critically
15. Organise your own work
16. Work to a deadline
17. Make decisions
Introduction (2 weeks)
• The need for security
• Terminology of information security
• Security and the components of a computer system, e.g. software, hardware, people and policies
• Human factors in security
• Information systems security case studies
Threats, hazards and vulnerabilities (3 weeks)
• Definitions
• Examples
• Asymmetric nature
• Capability, opportunity & motive
• Analysing and evaluating security threats and hazards
Risk (2 weeks)
• Likelihood and impact
• Risk register
• Security risk assessment and remediation
Assurance (3 weeks)
• Definitions; ‘trusted’ vs ‘trustworthy’
• Main approaches (intrinsic, extrinsic, design & implementation, operational policy & process)
• Examples at different stages in the lifecycle of a system.
• Encryption
• Penetration testing techniques and tools; ethical hacking
• Technical and administrative mitigation approaches
Management implications (2 weeks)
• Security objectives
• Need for comprehensive security model
• Implications for security manager or Chief Security Officer (CSO)
Scheduled Learning & Teaching Activities | 22 | Guided Independent Study | 128 | Placement / Study Abroad | 0 |
---|
Category | Hours of study time | Description |
Scheduled learning and teaching activities | 18 | Online learning activity, including virtual workshops, synchronous and asynchronous virtual lectures and other e-learning. |
Scheduled learning and teaching activities | 2 | Lectures |
Scheduled learning and teaching activities | 2 | Group workshops |
Guided independent study | 128 | Coursework, exam preparation and self-study |
Form of Assessment | Size of Assessment (e.g. duration/length) | ILOs Assessed | Feedback Method |
---|---|---|---|
Contribution to class discussion | N/A | 1-17 | Verbal |
Coursework | 50 | Written Exams | 50 | Practical Exams | 0 |
---|
Form of Assessment | % of Credit | Size of Assessment (e.g. duration/length) | ILOs Assessed | Feedback Method |
---|---|---|---|---|
Threat and risk analysis exercise | 50 | 2000 words | 1-4, 8, 9, 11, 13-17 | Written |
Written Examination | 50 | 1.5 hours | 1-17 | Written |
Original Form of Assessment | Form of Re-assessment | ILOs Re-assessed | Time Scale for Re-assessment |
---|---|---|---|
Threat and risk analysis exercise (50%) | Threat and risk analysis exercise | 1-4, 8, 9, 11, 13-17 | Completed over the summer with a deadline in August |
Written Examination (50%) | Written Examination | 1-17 | Referral/deferral period |
Deferral – if you miss an assessment for certificated reasons judged acceptable by the Mitigation Committee, you will normally be deferred in the assessment. The mark given for a re-assessment taken as a result of deferral will not be capped and will be treated as it would be if it were your first attempt at the assessment.
Referral – if you have failed the module overall (i.e. a final overall module mark of less than 40%) you may be required to sit a referral. The mark given for a re-assessment taken as a result of referral will be capped at 40%.
information that you are expected to consult. Further guidance will be provided by the Module Convener
Author | Title | Edition | Publisher | Year | ISBN |
Pfleeger, C. P., Pfleeger, S. L., Margulies, J |
Security in Computing |
5th |
Prentice Hall |
2015 |
978-0-13-408504-3 |
BCS-CREST Penetration Testing Working Group |
Penetration Testing – A guide for business and IT managers |
1st |
BCS |
2019 |
978-1-78017-498-2 |
David Sutton |
Information risk Management - A Practitioner’s Guide |
|
BCS |
2014 |
978-1-78017-265-1 |
ELE: https://ele.exeter.ac.uk
Reading list for this module:
CREDIT VALUE | 15 | ECTS VALUE | 7.5 |
---|---|---|---|
PRE-REQUISITE MODULES | None |
---|---|
CO-REQUISITE MODULES | None |
NQF LEVEL (FHEQ) | 5 | AVAILABLE AS DISTANCE LEARNING | No |
---|---|---|---|
ORIGIN DATE | Tuesday 10th July 2018 | LAST REVISION DATE | Tuesday 12th September 2023 |
KEY WORDS SEARCH | Information security |
---|
Please note that all modules are subject to change, please get in touch if you have any questions about this module.