1 School COMSC Information, Network & Cyber Security Information security officers are faced with strategic decisions on a daily basis, and are required to make informed decisions on the security options relevant to business and organisational objectives. In modern organisations, the growth of distributed systems and cloud computing has led to the increasing and dynamic convergence of users and computers through computer networks connected by the Internet. This has led to an increase in attacks on organisations information systems in the form of viruses, worms and denial of service attacks. Attacks such as these can cripple an organisation, bringing its business process to a halt, and has the potential to expose and corrupt sensitive data that is managed within computer networks. Module Code CMT104 External Subject Code I260 Number of Credits 20 Level M Module Leader Pete Burnap Module offered on a freestanding basis? No Maximum Number on Module 32 Language of module delivery English This module focuses on the concepts of information security and privacy within the context of strategic information systems and also computer networks. This includes: the need to deter, prevent, detect and react to attacks on computer networks; attacks on information while in transmission between distributed networks; the risk to data stored in the cloud; and the risks to privacy in social networks and big data. The human factor also has a part to play in the increase in attacks and this is also discussed.
2 The module introduces the need for risk assessments and information security policies, standards, legal and ethical aspects of information security, as well as the technical concepts of cryptography for providing transport-level security for protecting communications between networks, types of network intrusion, types of malicious software, and computer network protection mechanisms. On completion of the module a student will be able to: Describe the key concepts of confidentiality, integrity and availability, and the relationship between them. Explain what is meant by authentication and non-repudiation, in the context of electronic transactions, and options for securing them. Describe approaches to determining the value of business assets, including information, and assessing the risks to them. Explain how to assess countermeasures to identified risks, and determine the cost-effectiveness of candidate measures. Describe national and international schemes for the evaluation of security products, and their relevance to organisational or business needs. Describe the purpose of a security policy in an organisation, and explain how to develop and implement such a policy. Reflect on the issues faced by multi-national organisations and their approaches to information risk. Analyse the relationship between security theory and security practice. Explain the relationship between prevention, detection and reaction. Reflect on the systemic nature of information security within a purposeful organisation. Understand and describe the types of attack that occur on computer networks and distributed systems. Explain the anatomy of a virus and how it spreads between connected information systems Identify, evaluate and recommend a selection of configurations and countermeasures to reduce the likelihood and impact of potential security attacks. Identify and evaluate the risks to computer networks emerging from Cloud computing and wireless connectivity. Explain the need for cryptography and its various algorithms and methods of use. Understand and explain the complexities of managing and authenticating identity between distributed networks. Understand how to detect and react to network intrusions.
3 How the module will be delivered The module employs a combination of theoretical and practical interactive contact sessions, using a study guide, a selection of papers, and textbooks. Students are expected to attend contact sessions comprising of laboratory classes, discussions, and material presentation by the module leader. Guest lecturers may also participate by giving short talks on their area of expertise. The practical sessions include hands-on experience of network sniffing and cryptographic exercises to preserve the security of information being sent between computer networks. Skills that will be practised and developed Students will be able to demonstrate the ability to complete a security risk analysis, and produce a draft security policy, for a purposeful organisation. This will require the ability to work as a team. Students will also understand how computer networks are configured and where their vulnerabilities lie. They will be able to deploy tools and techniques that will protect and defend information from attack. They will also understand the issues related to the expansion of the traditional computer network as systems become more integrated and distributed between organisations. How the module will be assessed A written examination will test the student s knowledge and understanding of the theoretical aspects of the course. The coursework will be a practical laboratory based exercise that will test their ability to implement some of the taught course content. Type of assessment % Contributi on Title Duration (if applicable ) Approx. date of Assessment Coursework 30% Report Week 3 (out) Week 5 (in) coursework 70% Practical group exercise Week 6 (out) Week 11 (in)
4 The potential for reassessment in this module Reassessment will take the form of a re-sit examination. Syllabus content Introduction to Information Security. Security concepts, standards, and codes of practice. Identification of business critical processes and assets. Risk assessment and countermeasures. Organisation aspects of information security and security policies. Assurance/accreditation issues. Introduction to Computer Networks. Cryptography for Confidentiality and Authentication. User Authentication. Transport-Level Security. Wireless Network Security. IP Security. Intrusion Types and Methods. Malicious Software and Viruses. Firewalls. Indicative Reading and Resource List: Security Engineering, 2nd Edition, Anderson, R J, ISBN , John Wiley Secrets and Lies: Digital Security in a Networked World, Schneier, B, ISBN , Chichester, John Wiley. Schneier on Security, Schneier B., ISBN , Indianapolis, Indiana, Wiley Publishing Inc. W. Stallings. Network Security Essentials. Pearson. 2011
Curriculum for Business Economics and Information Technology Copenhagen School of Design and Technology August 2012 1 General regulations for all institutions providing the programme Curriculum Applicable
Online MBA and Post Graduate programs in International Hospitality and Service Industries Management Specializations: General Management for Service Industries Asset and Revenue Management Marketing and
Reducing the Cyber Risk in 10 Critical Areas Information Risk Management Regime Establish a governance framework Enable and support risk management across the organisation. Determine your risk appetite
110101001101101101010011000 11011010100110110101001100 11011010011011010100110000 10100110110101001100010010 Protecting Information The Role of Community Colleges in Cybersecurity Education A Report from
BOARD OF REGENTS SUMMARY OF ITEM FOR ACTION, INFORMATION, OR DISCUSSION TOPIC: University of Maryland Eastern Shore: Master of Science in Cybersecurity Engineering Technology COMMITTEE: Education Policy
New York State Office of the State Comptroller Division of Local Government and School Accountability LOCAL GOVERNMENT MANAGEMENT GUIDE Information Technology Governance Thomas P. DiNapoli State Comptroller
ICAB5238B Build a highly secure firewall Release: 1 ICAB5238B Build a highly secure firewall Modification History Not Applicable Unit Descriptor Unit descriptor This unit defines the competency required
Inspiring leaders to improve children s lives Schools and academies Diploma of School Business Management Professional development Diploma of School Business Management Contents Introduction 1 1 Aims of
Research Topics in the National Cyber Security Research Agenda Trust and Security for our Digital Life About this document: This document summarizes the research topics as identified in the National Cyber
James Madison University Best Practices for Online Programs Updated December 2013 JMU Best Practices for Online Programs I. Introduction... 2 II. Institutional Context and Commitment... 2 III. Curriculum
2008 by Bundesamt für Sicherheit in der Informationstechnik (BSI) Godesberger Allee 185-189, 53175 Bonn Contents Contents 1 Introduction 1.1 Version History 1.2 Objective 1.3 Target group 1.4 Application
LSI YW00 Youth Work National Occupational Standards Introduction Youth Work National Occupational Standards Introduction Contents: Suite Overview...2 Glossary......8 Functional Map.11 List of Standards..15
100% online course developed exclusively for sports professionals and high performance athletes The University of Hertfordshire TRANSITION On Your Marks... SUCCESS Leading the field in higher education
Bachelor of Science in Marketing Management The Bachelor of Science in Marketing Management is a competencybased program that enables marketing and sales professionals to earn a Bachelor of Science degree.
and Mission Information technology is a dynamic discipline that addresses the use of computing and I n t r o d u c t i o n information technology in business, education, government, and other organizations.
Cyber Security Planning Guide The below entities collaborated in the creation of this guide. This does not constitute or imply an endorsement by the FCC of any commercial product, service or enterprise
Amarillo College AAS, Computer Networking/Cyber Security (Please find transferable credits on page 7.) Bachelor of Science in Information Technology, Networks Design and Management Emphasis The WGU Bachelor
EDUCATION FOR THE FUTURE www.itt-tech.edu THE MISSION OF THE ITT TECHNICAL INSTITUTE The THE ITT MISSION Technical of ITT Educational Institute is Services, an institution Inc., and ITT of Technical higher
Cloud Service Level Agreement Standardisation Guidelines Brussels 24/06/2014 1 Table of Contents Preamble... 4 1. Principles for the development of Service Level Agreement Standards for Cloud Computing...
Cyber Security: Designing and Maintaining Resilience White paper presented by: Georgia Tech Research Institute Cyber Technology and Information Security Laboratory Dr. George A. Wright Chief Engineer Terrye
Bachelor of Science in Business Management The Bachelor of Science in Business Management is a competencybased program that enables leaders and managers in organizations to earn a Bachelor of Science degree.
PROFESSIONAL QUALIFICATION SCHEME INTERMEDIATE QUALIFICATION SERVICE CAPABILITY OPERATIONAL SUPPORT AND ANALYSIS CERTIFICATE SYLLABUS Page 2 of 21 Document owner The Official ITIL Accreditor Contents OPERATIONAL
September 2014- August EXECUTIVE EDUCATION PROGRAM CALENDAR START HERE Executive Education Program Calendar Executive Education s 2014- professional development programs are listed within this guide. Select
[DRAFT] A Model Curriculum for Programs of Study A Model Curriculum for Programs of Study in Information Security and Assurance in Information Security and Assurance v. 6.0 February 2013 [DRAFT] http://infosec.kennesaw.edu/infoseccurriculummodel.pdf
Summit on Education in Secure Software Final Report Dr. Diana L. Burley The George Washington University Dr. Matt Bishop University of California, Davis GW: UCD: Report GW-CSPRI-2011-7 Technical Report
Inter-American Development Bank Institutional Capacity of the State Division (ICS), Institutions for Development (IFD) From Cybersecurity to Cybercrime: A Framework for Analysis and Implementation TECHNICAL
FOREWORD A key component in protecting a nation s critical infrastructure and key resources (CIKR) is the security of control systems. WHAT ARE CONTROL SYSTEMS? Supervisory Control and Data Acquisition