Information, Network & Cyber Security

Transcription

1 School COMSC Information, Network & Cyber Security Information security officers are faced with strategic decisions on a daily basis, and are required to make informed decisions on the security options relevant to business and organisational objectives. In modern organisations, the growth of distributed systems and cloud computing has led to the increasing and dynamic convergence of users and computers through computer networks connected by the Internet. This has led to an increase in attacks on organisations information systems in the form of viruses, worms and denial of service attacks. Attacks such as these can cripple an organisation, bringing its business process to a halt, and has the potential to expose and corrupt sensitive data that is managed within computer networks. Module Code CMT104 External Subject Code I260 Number of Credits 20 Level M Module Leader Pete Burnap Module offered on a freestanding basis? No Maximum Number on Module 32 Language of module delivery English This module focuses on the concepts of information security and privacy within the context of strategic information systems and also computer networks. This includes: the need to deter, prevent, detect and react to attacks on computer networks; attacks on information while in transmission between distributed networks; the risk to data stored in the cloud; and the risks to privacy in social networks and big data. The human factor also has a part to play in the increase in attacks and this is also discussed.

2 The module introduces the need for risk assessments and information security policies, standards, legal and ethical aspects of information security, as well as the technical concepts of cryptography for providing transport-level security for protecting communications between networks, types of network intrusion, types of malicious software, and computer network protection mechanisms. On completion of the module a student will be able to: Describe the key concepts of confidentiality, integrity and availability, and the relationship between them. Explain what is meant by authentication and non-repudiation, in the context of electronic transactions, and options for securing them. Describe approaches to determining the value of business assets, including information, and assessing the risks to them. Explain how to assess countermeasures to identified risks, and determine the cost-effectiveness of candidate measures. Describe national and international schemes for the evaluation of security products, and their relevance to organisational or business needs. Describe the purpose of a security policy in an organisation, and explain how to develop and implement such a policy. Reflect on the issues faced by multi-national organisations and their approaches to information risk. Analyse the relationship between security theory and security practice. Explain the relationship between prevention, detection and reaction. Reflect on the systemic nature of information security within a purposeful organisation. Understand and describe the types of attack that occur on computer networks and distributed systems. Explain the anatomy of a virus and how it spreads between connected information systems Identify, evaluate and recommend a selection of configurations and countermeasures to reduce the likelihood and impact of potential security attacks. Identify and evaluate the risks to computer networks emerging from Cloud computing and wireless connectivity. Explain the need for cryptography and its various algorithms and methods of use. Understand and explain the complexities of managing and authenticating identity between distributed networks. Understand how to detect and react to network intrusions.

3 How the module will be delivered The module employs a combination of theoretical and practical interactive contact sessions, using a study guide, a selection of papers, and textbooks. Students are expected to attend contact sessions comprising of laboratory classes, discussions, and material presentation by the module leader. Guest lecturers may also participate by giving short talks on their area of expertise. The practical sessions include hands-on experience of network sniffing and cryptographic exercises to preserve the security of information being sent between computer networks. Skills that will be practised and developed Students will be able to demonstrate the ability to complete a security risk analysis, and produce a draft security policy, for a purposeful organisation. This will require the ability to work as a team. Students will also understand how computer networks are configured and where their vulnerabilities lie. They will be able to deploy tools and techniques that will protect and defend information from attack. They will also understand the issues related to the expansion of the traditional computer network as systems become more integrated and distributed between organisations. How the module will be assessed A written examination will test the student s knowledge and understanding of the theoretical aspects of the course. The coursework will be a practical laboratory based exercise that will test their ability to implement some of the taught course content. Type of assessment % Contributi on Title Duration (if applicable ) Approx. date of Assessment Coursework 30% Report Week 3 (out) Week 5 (in) coursework 70% Practical group exercise Week 6 (out) Week 11 (in)

4 The potential for reassessment in this module Reassessment will take the form of a re-sit examination. Syllabus content Introduction to Information Security. Security concepts, standards, and codes of practice. Identification of business critical processes and assets. Risk assessment and countermeasures. Organisation aspects of information security and security policies. Assurance/accreditation issues. Introduction to Computer Networks. Cryptography for Confidentiality and Authentication. User Authentication. Transport-Level Security. Wireless Network Security. IP Security. Intrusion Types and Methods. Malicious Software and Viruses. Firewalls. Indicative Reading and Resource List: Security Engineering, 2nd Edition, Anderson, R J, ISBN , John Wiley Secrets and Lies: Digital Security in a Networked World, Schneier, B, ISBN , Chichester, John Wiley. Schneier on Security, Schneier B., ISBN , Indianapolis, Indiana, Wiley Publishing Inc. W. Stallings. Network Security Essentials. Pearson. 2011

5 Security Howard, D and Prince, K. Wiley. 2011