Certification of Masters Degrees Providing a General, Broad Foundation in Cyber Security

Size: px
Start display at page:

Download "Certification of Masters Degrees Providing a General, Broad Foundation in Cyber Security"

Transcription

1 Certified Masters in Cyber Security Certification of Masters Degrees Providing a General, Broad Foundation in Cyber Security Call for Applications Closing Date: 20 June 2014, 16:00 Briefing Meeting: 14 April 2014, 13:00 Portions of this work are copyright The Institute of Information Security Professionals. All rights reserved. The copyright of this document is reserved and vested in the Crown. Document History Issue Date Comment March 2014 First issue May 2014 Minimum percentage of cyber security in taught element of Masters changed from 80% to 70%; number of Skills Groups covered reduced from 10 to 9. Page 1 of 39

2 1 Introduction Reflecting the aims of the National Cyber Security Programme, UK Government and its delivery partners are working to increase the UK s academic capability in all fields of Cyber Security. Together BIS, EPSRC, GCHQ, CPNI and OCSIA have developed a joint approach and strategy for reaching this goal. As part of that strategy, GCHQ intends to certify Masters degrees in cyber security subjects taught at UK Higher Education Institutions (HEIs). This Call for Applications is for the certification of Masters degrees that provide a general, broad foundation in cyber security and which have cyber security as a sole or main focus please see section 3 for more details. Masters degrees in cyber security subjects can provide a number of benefits, providing for example: a deeper understanding of cyber security concepts, principles, technologies and practices a bridge between undergraduate degrees and careers in cyber security a platform for further research at Doctoral level an effective way for people in mid-career to enhance their knowledge of the subject or to move into cyber security as a change of career path There are now a significant number of Masters degrees run by UK HEIs with cyber security content. However, it can be difficult for students and employers alike to navigate the variety of Masters that is available in order to: understand the extent to which such degrees really have cyber security as their main or sole focus assess the quality of the degrees on offer identify which degrees best suit someone s career path. This Call (and any subsequent calls) will enable HEIs, should they wish, to apply to have their cyber security Masters degrees considered for certification. There will be two types of certification (please see section 3 for further details): Full Certification and Provisional Certification. Certifications of individual Masters degrees by GCHQ will be subject to a set of terms and conditions (T&Cs) see Appendix E. Although applications for certification in response to this Call will be made directly to GCHQ, it is envisaged that future Calls may require applications to be made to a third party appointed by GCHQ to certify individual degrees against the GCHQ criteria for Masters certification. HEIs should note that Masters certification (Full or Provisional) is anticipated to be one of the requirements for future recognition as an Academic Centre of Excellence in Cyber Security Education please see section 2.3. Page 2 of 39

3 1.1 Organisation of this document The remainder of this document is organised as follows: Section 2: General background information Section 3: Guidance on the scope of the call Section 4: Eligibility of applicants Section 5: How to apply Section 6: Assessment process Section 7: Key dates Appendix A: Cyber terminology the National Technical Authority view Appendix B: Topics to be covered in a Masters degree providing a general, broad foundation in cyber security Appendix C: Required structure of application for Full certification Appendix D: Required structure of application for Provisional certification Appendix E: Terms and conditions associated with certification 2 Background 2.1 UK Cyber Security Strategy Objective 4 The vision of the UK Cyber Security Strategy is 1 : for the UK in 2015 to derive huge economic and social value from a vibrant, resilient and secure cyberspace, where our actions, guided by our core values of liberty, fairness and transparency and the rule of law, enhance prosperity, national security and a strong society Objective 4 of the UK Cyber Security Strategy requires: the UK to have the cross-cutting knowledge, skills and capability it needs to underpin all our cyber security objectives Working in partnership over the past few years, BIS, EPSRC, GCHQ, CPNI and OCSIA have initiated a number of programmes across academia designed to address the knowledge, skills and capability requirements for cyber security research in Objective 4, including: Academic Centres of Excellence in Cyber Security Research Academic Research Institutes in Cyber Security Centres for Doctoral Training in Cyber Security Research In the next two steps of the academic programme under Objective 4, GCHQ intends to establish: Certified Masters in Cyber Security 1 https://www.gov.uk/government/publications/cyber-security-strategy Page 3 of 39

4 Academic Centres of Excellence in Cyber Security Education 2.2 Aims, benefits and vision of Certified Masters in Cyber Security The overall aim is to identify and recognise Masters degrees run by UK HEIs that provide well defined and appropriate content and that are delivered to an appropriate standard. The anticipated key benefits include: providing guidance to prospective students and employers on the content and quality of such degrees providing Masters students who have completed their certified degree with an additional form of recognition i.e., that they have successfully completed a GCHQ certified degree helping to further enhance the quality, focus and relevance of Masters degrees helping universities with certified Masters degrees to attract additional numbers / higher quality students both from the UK and abroad helping employers (in industry, government and academia) during the recruitment process to better understand, and distinguish between, the Masters qualifications of job applicants 2.3 Academic Centres of Excellence in Cyber Security Education (ACE-CSEs) GCHQ and its government partners intend to set up a separate application process to recognise ACE- CSEs. It is anticipated that invitations for ACE-CSE applications will be issued to the academic community in autumn It is likely that one of the assessment criteria that will have to be met for an HEI to become a recognised ACE-CSE is that it has, and continues to have, at least one GCHQ certified (Full or Provisional) Masters degree in cyber security. Further details will be issued in due course. 3 Scope of this Call for applications This Call is for the certification of Masters degrees that provide a general, broad foundation in cyber security and which have cyber security as a sole or main focus see Appendices A, B, C and D. This Call is for post-graduate cyber security Masters degrees (including distance learning degrees) delivered, examined and awarded in the UK by UK HEIs and which typically take one year of fulltime study (or equivalent for part-time students). 3.1 In scope For a Masters degree to be in scope for this Call, each of the requirements i, ii and iii below must be met: i. at least one of options a and b must be met: a. at least 70% of the taught modules in the Masters must be able to be mapped to Security Disciplines A to H shown in Appendix B Page 4 of 39

5 ii. iii. b. for Masters degrees that comprise a broad set of optional modules from which students can choose, it must be the case that students can select a set of taught modules in which at least 70% of the modules in the set can be mapped to Security Disciplines A to H shown in Appendix B 2 for a Masters providing a general, broad foundation in cyber security, the taught modules must cover at least 9 of the Skills Groups i to xiii shown in Appendix B there must be a substantial original research component and associated dissertation (corresponding to Security Discipline I and Skill Group xiv) expected to account for 25% to 45% of the available credits. If the percentage of credits associated with the original research dissertation is higher than 45%, then an HEI will need to clarify how the taught modules of the degree adequately cover the required number of Skills Groups. If the percentage is less than 25% then an HEI will need to clarify how students are able to gain sufficient understanding and experience of undertaking original research Full certification To be in scope, applications for Full certification require: a cohort of students to have successfully completed the Masters degree in academic year the external examiner s report to be available for academic year the Masters degree to be running in academic year Provisional certification To be in scope, applications for Provisional certification require one of the following to be met: the Masters degree to be running in academic year , though a cohort of students did not complete the degree in academic year the new/revised Masters degree has not yet started but will start by (up to and including) October Out of scope The following Masters degrees are out of scope for this Call: Integrated Masters which typically take 4 years of study starting at undergraduate level Masters degrees which are predominantly carried out by research leading to MRes degrees Masters degrees focusing on, for example, computer science or software engineering where cyber security is covered in only a small percentage of modules Masters degrees with a narrow focus on a particular area of cyber security such as, by way of example only, digital forensics 2 If option b is chosen, then the T&Cs associated with certification will require that the set of modules for which certification applies is identified. It will be the responsibility of the HEI to inform students that this is the set of modules for which the Masters degree is certified and that other combinations of modules are not certified. Page 5 of 39

6 Masters degrees that are planned to start later than October Scope of future calls It is anticipated that future calls may address Masters degrees focusing on narrower, well defined areas of cyber security such as digital forensics, ethical hacking and risk management. 4 Eligibility This Call is open to all UK Higher Education Institutions. Applicants should note that there will be no funding associated with successful certification of Masters degrees. 5 How to apply 5.1 Submitting applications Applications should be ed to by 16:00 on 20 June Applicants are solely responsible for ensuring that any application that they submit reaches GCHQ and for all costs of preparation of their applications. To help with the administration of submissions, please put Masters certification application - <Name of your HEI> on the subject line. 5.2 Guidance on writing applications Applicants will be solely responsible for the content and accuracy of their applications Applications for Full certification Applicants should note that their applications should be structured to follow the guidance in Appendix C. Applicants should also refer to Appendices A and B. If successful, Full applications will be awarded Certified status for a period of five years, subject to the HEI agreeing the T&Cs which will document the ongoing requirements for the HEI and GCHQ Applications for Provisional certification Applicants should note that their applications should be structured to follow the guidance in Appendix D. Applicants should also refer to Appendices A and B. If successful, Provisional applications will be awarded a Certification Pending status. This will be conditional on the applicant agreeing the T&Cs associated with Provisional applications, which will include a limit on the length of time a Certification Pending status can be held without obtaining Full Certification. 5.3 Briefing meeting and points of clarification A briefing meeting is planned for potential applicants on the afternoon of 14 April 2014 at BCS headquarters in London. Please by 16:00 on 09 April 2014 Page 6 of 39

7 to register attendance. To help with administration, please put Masters certification briefing day - <Name of your HEI> on the subject line. Please include the following information in the the details of the primary contact in your HEI for cyber security education the names and contact details of those wishing to attend the briefing meeting maximum of 3 per HEI the interest your HEI has in Masters Certification and the title(s) of any cyber security degrees that your HEI runs GCHQ will acknowledge s within two working days. Please contact Graeme Dykes on xtn if an acknowledgement has not been received. A list of points of clarification regarding the application process will be maintained at: Applicants are advised to check this Web page regularly for any updates to the application process. 6 Assessment Applications within scope will be assessed by an Assessment Panel that will include representatives from GCHQ, wider government, industry, professional bodies and academia. Each application will be read and scored independently by a minimum of three members of the Assessment Panel. At the Assessment Panel meeting, Panel members will present their scores and the rationale for their scores. The Assessment Panel will agree a consensus score for each application. The Panel s decision is final. There is no maximum number of successful applications for certification. 6.1 Full certification Each application will be assessed within the six areas shown below, and further described in Appendix C, against the set of assessment criteria also shown in Appendix C. i. HEI s letter of support for the application ii. Description of the applicant iii. Description of the Masters degree in cyber security iv. Assessment materials and external examiner s report v. Original research dissertations vi. Student numbers and grades achieved 6.2 Provisional certification Each application will be assessed within the five areas shown below, and further described in Appendix D, against the set of assessment criteria also shown in Appendix D. i. HEI s letter of support for the application ii. Description of the applicant Page 7 of 39

8 iii. Description of the Masters degree in cyber security iv. Assessment materials v. Original research dissertations 7 Moving forwards 7.1 Key dates Activity Proposed Date Call issued 26 March 2014 Briefing meeting 14 April 2014 Draft of T&Cs to be made available April 2014 Proposals due to be submitted 20 June 2014 Assessment of proposals June July 2014 Announcement of results anticipated: July After the assessment process All applicants will be notified individually whether their applications have been successful. 7.3 Successful applications The certification (whether Full or Provisional) of each individual Masters degree is conditional upon the HEI agreeing to thet&cs of certification to be provided by GCHQ. The T&Cs will describe the terms of use of the branding associated with certification such as in advertising/promotional material and the award documents given to students who have successfully completed the degree. The T&Cs will also describe the ongoing requirements that the HEI must satisfy in order for the certification to remain valid. 7.4 Unsuccessful applications Applications that are not successful in this Call will be given feedback and, where appropriate, such applicants will be encouraged to submit in future calls. 8 Contact details Graeme Dykes GCHQ Hubble Road Cheltenham GL51 0AX Tel: xtn Page 8 of 39

9 Appendix A: Cyber terminology the National Technical Authority view 1 Introduction Today the term Cyber is used by everyone, and everyone has a different understanding as to what it means. This is causing confusion, inefficiency and misunderstanding. Whilst you can never control how others use this term, in this Appendix GCHQ as the National Technical Authority (NTA) for Information Assurance 3 clarifies the use of cyber terminology and the scope of cyber security both for the UK and this Call. In particular, the terms Information Assurance, Cyber Space, Cyber Security are described and a working definition of Cyber Security is presented that sets the scene for the Indicative Topic Coverage of Masters degrees described in Appendix B. 2 Information Assurance Information Assurance (IA) is a discipline that seeks to manage (e.g. reduce as necessary) the risks and impacts to information and information-based systems. It is also known as Information Security. IA is carried out by the owner of the information or information system supported by organisations such as GCHQ and CPNI that provide many of the tools they need. The term Information Assurance was coined to emphasise the need for confidence (or assurance) that risks are being effectively managed. IA considers the full set of risks to information and information-based systems and includes the following activities: Protect reduces information risk through the reduction of vulnerabilities (whether physical, personnel, process or technical) Prepare enables the harm to be reduced when a risk is realised, i.e. contingency planning Detect identifies when a risk changes (new vulnerability discovered, change in threat level, etc.) or is realised, i.e. situation awareness Respond reduces the impact when a risk is realised, e.g. incident management GCHQ provides the overall framework for managing risks to information and information systems, as well as guidance on how technical risks can be mitigated. CPNI is responsible for providing guidance on mitigating physical and personnel vulnerabilities. All three aspects have to be addressed if an organisation is to effectively manage its information risks, even in cyber space. 3 Cyber Space The Cyber Security Strategy of the United Kingdom 4, dated June 2009, describes cyber space as encompassing all forms of networked, digital activities; this includes the content of and actions conducted through digital networks. It also states that the physical building blocks of cyber space 3 Technical areas within the scope of the NTA include: cryptography, key management and security protocols; information risk management; IA Science; hardware engineering and security analysis; information assurance methodologies; operational assurance techniques; strategic technologies and products; control systems; electromagnetic physics and security. 4 https://www.gov.uk/government/publications/cyber-security-strategy-of-the-united-kingdom Page 9 of 39

10 are individual computers and communication systems [which] fundamentally support much of our national infrastructure and information. Cyber space is a key enabler for the UK and therefore a critical asset. In The UK Cyber Security Strategy 5, dated November 2011, this is picked up as a Tier 1 risk: namely, hostile attacks upon UK cyberspace by other states and large scale crime. These strategies effectively say that we need to put in place measures to reduce the risk and impact of such attacks, i.e. we need to defend ourselves in cyber space. 4 Cyber Security 4.1 General description The Cyber Security Strategy of the United Kingdom 6, dated June 2009, states that Cyber security embraces both the protection of UK interests in Cyber Space and also the pursuit of wider UK security policy through exploitation of the many opportunities that cyber space offers. Cyber security should be considered as an activity covering all aspects of UK well-being as they relate to cyber space. The complexity of cyber space and its relationship to the well-being of the UK means that cyber security includes a number of inter-related activities. At a general level, for the purposes of this Call, cyber security refers to those activities that relate to the defence of UK cyber space and are largely carried out by information and system owners in order to defend (reduce risk and impact) UK cyber space. Organisations operating in cyber space are responsible for managing their risks and impacts by undertaking Protect, Prepare, Detect and Respond through applying the discipline of Information Assurance. Part of GCHQ s role as the National Technical Authority for Information Assurance is to provide definitive, authoritative and expert-based guidance on all aspects of IA. However, it is absolutely clear that raising cyber security levels in the UK has to be a joint effort between government, industry and academia. Establishing Certified Masters degrees in cyber security is an example of this joint effort aimed at supporting the goals of the UK s Cyber Security Strategy. It should be noted that the Cyber Security Strategy considers national level risks that largely stem from malicious action or environmental hazard. Information risks also stem from accidental actions such as the loss of a laptop, inappropriate or loss of storage devices (as in recent well publicised security breaches). This is the broader scope of Information Assurance. 5 https://www.gov.uk/government/publications/cyber-security-strategy 6 https://www.gov.uk/government/publications/cyber-security-strategy-of-the-united-kingdom Page 10 of 39

11 4.2 Specific working definition of cyber security to be used for this Call The International Telecommunication Union has produced a definition of cyber security 7 which is consistent with the general descriptions above and which provides specific and itemised detail that links into the Security Disciplines, Skills Groups and Indicative Topic Coverage in Appendix B. Thus more specifically, for the purposes of this Call document, cyber security should be taken to mean: The collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and the assets of organisations and users. The assets of organisations and users include connected computing devices, personnel, infrastructure, applications, services, telecommunications systems, and the totality of transmitted and/or stored information in the cyber environment. Cyber security strives to ensure the attainment and maintenance of the security properties of the assets of organisations and users against relevant security risks in the cyber environment. 7 Page 11 of 39

12 Appendix B: Topics to be covered in Masters degrees providing a general, broad foundation in cyber security The Security Discipline Principles and Skills Groups that form part of the tables in this Appendix A are derived from the IISP Information Security Skills Framework and are copyright The Institute of Information Security Professionals. All rights reserved. The information within the tables in this Appendix is intended to provide an indicative mapping of potential Masters topic coverage to the IISP Skills Framework 8. The tables are structured on the basis of Security Disciplines that lead to a series of Indicative Topics: a. The set of Security Disciplines and Principles has been taken from the IISP Skills Framework, along with summary versions of the associated Knowledge Requirements expressed in CESG s June 2013 document on Certification for IA Professionals b. The Skills Groups are based upon those expressed in the IISP framework, but with some of the groups having been merged together where appropriate (e.g., where Masters programmes would be unlikely to be focusing their coverage or where the treatment of the Skills Groups would essentially encompass the same topics). A new Skills Group on Control Systems has been added to reflect the growing importance of this subject area. c. To help with later referral, the Skills Groups have been numbered i to xiv. The IISP Skills Groups to which they refer are also shown (e.g., A2, A5, etc.). d. The Indicative Topic Coverage highlights examples of the specific topics that one would expect to see represented within the syllabi of Masters modules in order for broad coverage of the related Skills Group to be achieved. Given that they are indicative topics, programmes would not be required to cover all of them explicitly (and indeed other topics may additionally be relevant), but there would be expected to be sufficient weight of coverage within each area if the Skills Group was to be satisfactorily addressed. 8 IISP Skills Framework: https://www.iisp.org/imis15/iisp/accreditation/our_skills_framework/iisp/about_us/our_skills_framework.aspx?hkey=e 77a6f e-aa7b ec4 9 CESG is the Information Security arm of GCHQ: 10 CESG Certification for IA Professionals: Page 12 of 39

13 Security Discipline Skills Group Indicative Topic Coverage A. Information Security Management Principle: Capable of determining, establishing and maintaining appropriate governance of (including processes, roles, awareness strategies, legal environment and responsibilities), delivery of (including polices, standards and guidelines), and cost-effective solutions (including impact of third parties) for information security within a given organisation). CESG Knowledge Requirements include: i. Policy, Strategy, Awareness and Audit (A1, A2, A3, A5, G1) The role and function of security policy Types of security policy Security standards (e.g. ISO/IEC 27000) Security concepts and fundamentals Security roles and responsibilities Security professionalism Governance and compliance requirements in law Third party management Security culture Awareness raising methods Acceptable use policies Security certifications Understanding auditability The internal audit process Management frameworks such as ISO series Legislation such as Data Protection Act Common management Frameworks such as ISO 9000 ii. Legal & Regulatory Environment (A6) Computer Misuse legislation Data Protection law Intellectual property and copyright Employment issues Regulation of security technologies under other UK information legislation. Refer disclosure requests to GCHQ on x30306, Page 13 of 39

14 Security Discipline Skills Group Indicative Topic Coverage B. Information Risk Management Principle: Capable of articulating the different forms of threat to, and vulnerabilities of, information systems and assets. Comprehending and managing the risks relating to information systems and assets. CESG Knowledge Requirements include: Information risk management methodologies such as ISO Information Security Risk Management Generic risk management methodologies such as ISO Risk Management; Principles & Guidelines Key concepts such as threats, vulnerabilities, business impacts, and risk tolerance iii. Risk Assessment and Management (B1, B2) Threat, vulnerability and risk concepts Threat landscape, adversarial thinking Asset valuation and management Risk analysis methodologies Handling risk and selecting countermeasures/controls to mitigate risk Understanding impacts and consequences Security economics under other UK information legislation. Refer disclosure requests to GCHQ on x30306, Page 14 of 39

15 Security Discipline Skills Group Indicative Topic Coverage C. Implementing Secure Systems Principle: Comprehends the common technical security controls available to prevent, detect and recover from security incidents and to mitigate risk. Capable of articulating security architectures relating to business needs and commercial product development that can be realised using available tools, products, standards and protocols, delivering systems assured to have met their security profile using accepted methods CESG Knowledge Requirements include: Security Architectures and Patterns Secure Development processes Business requirements Skills frameworks (e.g. SFIA) Architectural frameworks (e.g. The Open Group Architecture Framework TOGAF) Range of core security technologies (e.g. Access control models, encryption, Authentication techniques) and how to apply them iv. Security Architecture (C1) v. Secure Development (C2) vi. Control Systems Design and development considerations: trusted computing base, security architecture and patterns, security models and design principles (e.g., principle of least privilege, fail-safe defaults), software (program) security, emission security Selecting and applying core technologies: authentication, access control, privacy controls, security protocols Recognising security needs across platforms: operating system security, Web security, embedded security, cloud and virtualisation security, security as a service Cryptography: cipher and algorithm types, applications to confidentiality, integrity and authentication, PKI Network security: Internet security protocols, tunnelling, VPNs, network attack and defence, TLS Human factors: usable security, psychology of security, insider threat Security systems development: managing secure systems development, principles of secure programming, formal approaches, understanding implementation errors and exploits. SCADA and SMART Systems, cyber system of systems (from abstract to physical effect), non-ip protocols and standards (e.g., WiFi, Bluetooth, GSM, CAN, MODBUS), cyber-physical systems analysis, embedded systems, assurance of control systems hardware and software, design/implementation methodologies to minimise the risk of vulnerabilities, risk modelling and risk-based decision making under other UK information legislation. Refer disclosure requests to GCHQ on x30306, Page 15 of 39

16 Security Discipline Skills Group Indicative Topic Coverage D. Information Assurance Methodologies and Testing Principle: Develops and applies standards and strategies for verifying that measures taken mitigate identified risks. CESG Knowledge Requirements include: Assessment Methodologies (e.g. Common Criteria) Information Risk Management Frameworks Assessment services or standards (e.g. CHECK) Governance aspects and Management responsibilities Testing strategies and methodologies (e.g., TEMPEST testing) vii. Information Assurance Methodologies (D1) viii. Security Testing (D2) Assessment methodologies (e.g series and Common Criteria) Understanding security vulnerabilities and related mitigation measures System and software testing Penetration testing Security metrics Static and dynamic analysis of products and systems under other UK information legislation. Refer disclosure requests to GCHQ on x30306, Page 16 of 39

17 Security Discipline Skills Group Indicative Topic Coverage E. Operational Security Management Principle: Capable of managing all aspects of a security programme, including reacting to new threats and vulnerabilities, secure operational and service delivery consistent with security polices, standards and procedures, and handling security incidents of all types according to common principles and practices, consistent with legal constraints and obligations. CESG Knowledge Requirements include: Governance and Management responsibilities IT Service Management processes (e.g. ITIL) Existing and Emerging Vulnerabilities Use of penetration testing and vulnerability testing Risk Assessment and Monitoring Operating Procedures and accountability Continuous improvement ix. Secure Operations Management and Service Delivery (E1, E2) x. Vulnerability Assessment (E3) Internet threats: common attacks (human and technical), malicious code, situational awareness, threat trends, threat landscape, CERTs, adversarial thinking Cryptography: AES and RSA, key management, digital signatures Network security: networking fundamentals, firewalls and traffic filtering, intrusion detection and prevention systems, intrusion analysis, network monitoring, mobile and wireless network security System security: authentication (secrets, tokens, biometrics), access control (MAC, DAC, RBAC) and privilege management, mobile device security and BYOD, anti-virus technologies Application security: , Web, social networks, DRM, database security, big data security, identity management Physical security: physical and environmental controls, physical protection of IT assets Malware analysis: static and dynamic analysis, detection techniques, host-based intrusion detection, kernel rootkits System and network-level vulnerabilities and their exploitation Vulnerability analysis and management Penetration testing Social Engineering Dependable/resilient/survivable systems under other UK information legislation. Refer disclosure requests to GCHQ on x30306, Page 17 of 39

18 Security Discipline Skills Group Indicative Topic Coverage F. Incident Management Principle: Capable of managing or investigating an information security incident at all levels. CESG Knowledge Requirements include: xi. Incident Management (F1) Intrusion detection methods Intrusion response Intrusion management Incident handling Intrusion analysis, monitoring and logging Secure Information Management (stakeholder management within organisational context) Incident detection techniques Incident response management (internal and external) Audit log management Forensics (e.g. Evidential standards, Tools, Impact assessment) xii. Forensics (F3) Collecting, processing and preserving digital evidence Device forensics Memory forensics Network forensics Anti-forensic techniques Forensic report writing and expert testimony under other UK information legislation. Refer disclosure requests to GCHQ on x30306, Page 18 of 39

19 Security Discipline Skills Group Indicative Topic Coverage G. Audit, Assurance & Review Principle: Capable of defining and implementing the processes and techniques used in verifying compliance against security policies, standards, legal and regulatory requirements. CESG Knowledge Requirements include: Audit methodologies (e.g., Certified Information Systems Auditor - CISA) Vertical/horizontal auditing techniques Audit processes and techniques (e.g. HMG IA Maturity Model) The Audit and Review Skills Group (G1) has been incorporated into Skills Group i above The indicative topic coverage has been included in Skills Group i above under other UK information legislation. Refer disclosure requests to GCHQ on x30306, Page 19 of 39

20 Security Discipline Skills Group Indicative Topic Coverage H. Business Continuity Management Principle: Capable of defining the need for, and of implementing processes for, establishing business continuity. CESG Knowledge Requirements include: Business continuity management lifecycle Business Impact Analysis process Related standards (e.g. ISO 22301, ISO 27001, BS 25999, BS 27031) xiii. Business Continuity Planning and Management (H1, H2) Continuity planning Backup Disaster recovery under other UK information legislation. Refer disclosure requests to GCHQ on x30306, Page 20 of 39

CESG Certification of Cyber Security Training Courses

CESG Certification of Cyber Security Training Courses CESG Certification of Cyber Security Training Courses Supporting Assessment Criteria for the CESG Certified Training (CCT) Scheme Portions of this work are copyright The Institute of Information Security

More information

Certification of Master s Degrees Providing a General, Broad Foundation in Cyber Security

Certification of Master s Degrees Providing a General, Broad Foundation in Cyber Security Certified Master s in Cyber Security Certification of Master s Degrees Providing a General, Broad Foundation in Cyber Security Call for Applications Closing Date: 27 February 2015, 16:00 Briefing Meeting:

More information

Certification of Master s Degrees in Digital Forensics

Certification of Master s Degrees in Digital Forensics Certified Master s in Cyber Security Certification of Master s Degrees in Digital Forensics Call for Applications Closing Date: 27 February 2015, 16:00 Briefing Meeting: 14 January 2015, 13:00 Portions

More information

Certification of Master s Degrees in Computer Science for Cyber Security

Certification of Master s Degrees in Computer Science for Cyber Security Certified Master s in Cyber Security Certification of Master s Degrees in Computer Science for Cyber Security Call for Applications Closing Date: 15 January 2016, 16:00 Briefing Meeting: 05 November 2015,

More information

Certification of Integrated Master s Degrees in Computer Science and Cyber Security

Certification of Integrated Master s Degrees in Computer Science and Cyber Security Certified Master s in Cyber Security Certification of Integrated Master s Degrees in Computer Science and Cyber Security Call for Applications Closing Date: 15 January 2016, 16:00 Briefing Meeting: 05

More information

Certification of Integrated Master s Degrees in Computer Science and Cyber Security

Certification of Integrated Master s Degrees in Computer Science and Cyber Security Certified Master s in Cyber Security Certification of Integrated Master s Degrees in Computer Science and Cyber Security Call for Applications Closing Date: 15 January 2016, 16:00 Briefing Meeting: 05

More information

Certification of Master s Degrees in Digital Forensics

Certification of Master s Degrees in Digital Forensics Certified Master s in Cyber Security Certification of Master s Degrees in Digital Forensics Call for Applications Closing Date: 15 January 2016, 16:00 Briefing Meeting: 05 November 2015, 13:00 The information

More information

Certification of Master s Degrees in Digital Forensics

Certification of Master s Degrees in Digital Forensics Certified Master s in Cyber Security Certification of Master s Degrees in Digital Forensics Call for Applications Closing Date: 15 January 2016, 16:00 Briefing Meeting: 05 November 2015, 13:00 The information

More information

Certification of Master s Degrees Providing a General Broad Foundation in Cyber Security

Certification of Master s Degrees Providing a General Broad Foundation in Cyber Security OFFICIAL Certified Master s Briefing Meeting 14 April 2014 Certification of Master s Degrees Providing a General Broad Foundation in Cyber Security Chris Ensor Michael Kirton Ellie England Graeme Dykes

More information

Scheme to Recognise Academic Centres of Excellence in Cyber Security Research

Scheme to Recognise Academic Centres of Excellence in Cyber Security Research Scheme to Recognise Academic Centres of Excellence in Cyber Security Research Call type: Invitation for Applications Closing date: 16 December 2011, 16:00 Briefing meeting date 1 : 15 November 2011 Summary

More information

Certified Master s in Cyber Security. Certification of Master s Degrees Providing a General, Broad Foundation in Cyber Security

Certified Master s in Cyber Security. Certification of Master s Degrees Providing a General, Broad Foundation in Cyber Security Certified Master s in Cyber Security Certification of Master s Degrees Providing a General, Broad Foundation in Cyber Security Certification of Master s Degrees in Digital Forensics Questions and Answers

More information

Certified Master s in Cyber Security. Certification of Master s Degrees Providing a General, Broad Foundation in Cyber Security

Certified Master s in Cyber Security. Certification of Master s Degrees Providing a General, Broad Foundation in Cyber Security Certified Master s in Cyber Certification of Master s Degrees Providing a General, Broad Foundation in Cyber Questions and Answers from Briefing Day held on 14 th April 2014 1. To what extent is an undergraduate

More information

MSc Cyber Security UKPASS P052286. Course 1 Year Full-Time, 2-3 Years Part-Time

MSc Cyber Security UKPASS P052286. Course 1 Year Full-Time, 2-3 Years Part-Time MSc Cyber Security International Students Can Apply UKPASS P052286 Code: Course 1 Year Full-Time, 2-3 Years Part-Time Length: Start Dates: September 2015, January 2016, September 2016, January 2017 Department:Department

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must

More information

Application Guidance CCP Penetration Tester Role, Practitioner Level

Application Guidance CCP Penetration Tester Role, Practitioner Level August 2014 Issue No: 1.0 Application Guidance CCP Penetration Tester Role, Practitioner Level Application Guidance CCP Penetration Tester Role, Practitioner Level Issue No: 1.0 August 2014 This document

More information

Nettitude Ltd. (FHEQ) level 7] MSc Postgraduate Diploma Postgraduate Certificate. British Computer Society (BCS) Master s Degree in Computing

Nettitude Ltd. (FHEQ) level 7] MSc Postgraduate Diploma Postgraduate Certificate. British Computer Society (BCS) Master s Degree in Computing Faculty of Engineering and Informatics Programme Specification Programme title: MSc Cyber Security Academic Year: 2015/16 Degree Awarding Body: Partner(s), delivery organisation or support provider (if

More information

(Instructor-led; 3 Days)

(Instructor-led; 3 Days) Information Security Manager: Architecture, Planning, and Governance (Instructor-led; 3 Days) Module I. Information Security Governance A. Introduction to Information Security Governance B. Overview of

More information

Cyber Security Organisational Standards. Guidance

Cyber Security Organisational Standards. Guidance Cyber Security Organisational Standards Guidance April 2013 Contents Contents...2 Overview...3 Background...4 Definitions...5 Presentation and Layout...6 Submissions Guidance...7 Acceptance Criteria...8

More information

Practitioner Certificate in Information Assurance Architecture (PCiIAA)

Practitioner Certificate in Information Assurance Architecture (PCiIAA) Practitioner Certificate in Information Assurance Architecture (PCiIAA) 15 th August, 2015 v2.1 Course Introduction 1.1. Overview A Security Architect (SA) is a senior-level enterprise architect role,

More information

Unit 3 Cyber security

Unit 3 Cyber security 2016 Suite Cambridge TECHNICALS LEVEL 3 IT Unit 3 Cyber security Y/507/5001 Guided learning hours: 60 Version 1 September 2015 ocr.org.uk/it LEVEL 3 UNIT 3: Cyber security Y/507/5001 Guided learning hours:

More information

developing your potential Cyber Security Training

developing your potential Cyber Security Training developing your potential Cyber Security Training The benefits of cyber security awareness The cost of a single cyber security incident can easily reach six-figure sums and any damage or loss to a company

More information

Committees Date: Subject: Public Report of: For Information Summary

Committees Date: Subject: Public Report of: For Information Summary Committees Audit & Risk Management Committee Finance Committee Subject: Cyber Security Risks Report of: Chamberlain Date: 17 September 2015 22 September 2015 Public For Information Summary Cyber security

More information

MSc Cyber Security. identity. hacker. virus. network. information

MSc Cyber Security. identity. hacker. virus. network. information identity MSc Cyber Security hacker virus QA is the foremost provider of education in the UK. We work with individuals at all stages of their careers, from our award-winning apprenticeship programmes, through

More information

MS Information Security (MSIS)

MS Information Security (MSIS) MS Information Security (MSIS) Riphah Institute of Systems Engineering (RISE) Riphah International University, Islamabad, Pakistan 1. Program Overview: The program aims to develop core competencies in

More information

PROGRAMME SPECIFICATION POSTGRADUATE PROGRAMME

PROGRAMME SPECIFICATION POSTGRADUATE PROGRAMME PROGRAMME SPECIFICATION POSTGRADUATE PROGRAMME KEY FACTS Programme name Advanced Computer Science Award MSc School Mathematics, Computer Science and Engineering Department or equivalent Department of Computing

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control Requirements Cyber Security For Suppliers Categorised as High Cyber Risk Cyber Security Requirement Description Why this is important 1. Asset Protection and System Configuration

More information

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available

More information

Programme Specification for MSc Applied Sports Performance Analysis

Programme Specification for MSc Applied Sports Performance Analysis PROGRAMME SPECIFICATION Postgraduate Courses Programme Specification for MSc Applied 1. Awarding institution/body University of Worcester 2. Teaching institution University of Worcester 3. Programme accredited

More information

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security

More information

Advance with CIMA. Applying for CIMA Accreditation of Higher Education Programmes

Advance with CIMA. Applying for CIMA Accreditation of Higher Education Programmes Advance with CIMA Applying for CIMA Accreditation of Higher Education Programmes Education Directorate February 2014 Contents Contents... 2 Introduction... 3 1.0 Core Principles of Accreditation... 3 1.1

More information

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13 Cyber Security Consultancy Standard Version 0.2 Crown Copyright 2015 All Rights Reserved Page 1 of 13 Contents 1. Overview... 3 2. Assessment approach... 4 3. Requirements... 5 3.1 Service description...

More information

ACADEMIC AWARD REGULATIONS Framework and Regulations for Professional Doctorates. Approval for this regulation given by :

ACADEMIC AWARD REGULATIONS Framework and Regulations for Professional Doctorates. Approval for this regulation given by : ACADEMIC AWARD REGULATIONS Framework and Regulations for Professional Doctorates Name of regulation : Purpose of regulation : Approval for this regulation given by : Responsibility for its update : Regulation

More information

A Guide to the Cyber Essentials Scheme

A Guide to the Cyber Essentials Scheme A Guide to the Cyber Essentials Scheme Published by: CREST Tel: 0845 686-5542 Email: admin@crest-approved.org Web: http://www.crest-approved.org/ Principal Author Jane Frankland, Managing Director, Jane

More information

Bellevue University Cybersecurity Programs & Courses

Bellevue University Cybersecurity Programs & Courses Undergraduate Course List Core Courses: CYBR 250 Introduction to Cyber Threats, Technologies and Security CIS 311 Network Security CIS 312 Securing Access Control CIS 411 Assessments and Audits CYBR 320

More information

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed

More information

Security Controls What Works. Southside Virginia Community College: Security Awareness

Security Controls What Works. Southside Virginia Community College: Security Awareness Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction

More information

REQUIREMENTS. for OMAN S SYSTEM OF QUALITY ASSURANCE IN HIGHER EDUCATION

REQUIREMENTS. for OMAN S SYSTEM OF QUALITY ASSURANCE IN HIGHER EDUCATION APPROVED VERSION Page 1 REQUIREMENTS for OMAN S SYSTEM OF QUALITY ASSURANCE IN HIGHER EDUCATION APPROVED VERSION Page 2 TABLE OF CONTENTS INTRODUCTION Part One: Standards I. Standards for Quality Assurance

More information

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to

More information

MASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY

MASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY MASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY HTTP://SCIENCE.HAMPTONU.EDU/COMPSCI/ The Master of Science in Information Assurance focuses on providing

More information

April 2015 Issue No:1.0. Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level

April 2015 Issue No:1.0. Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level April 2015 Issue No:1.0 Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level Application Guidance CCP Security and Information Risk Advisor Role, Practitioner Level

More information

CYBER SECURITY TRAINING SAFE AND SECURE

CYBER SECURITY TRAINING SAFE AND SECURE CYBER SECURITY TRAINING KEEPING YOU SAFE AND SECURE Experts in Cyber Security training. Hardly a day goes by without a cyber attack being reported. With this ever-increasing threat there is a growing need

More information

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies IT Professional Standards Information Security Discipline Sub-discipline 605 Information Security Testing and Information Assurance Methodologies December 2012 Draft Version 0.6 DOCUMENT REVIEW Document

More information

Cyber Essentials Scheme

Cyber Essentials Scheme Cyber Essentials Scheme Requirements for basic technical protection from cyber attacks June 2014 December 2013 Contents Contents... 2 Introduction... 3 Who should use this document?... 3 What can these

More information

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber

More information

Mode of Study The MPH course will be delivered full-time and part-time on campus at the Kedleston Road site

Mode of Study The MPH course will be delivered full-time and part-time on campus at the Kedleston Road site PROGRAMME SPECIFICATION DOCUMENT SECTION ONE: GENERAL INFORMATION Programme Title/ Subject Title: Master of Public Health Award title and Interim awards: Postgraduate Certificate in Public Health Postgraduate

More information

Information security controls. Briefing for clients on Experian information security controls

Information security controls. Briefing for clients on Experian information security controls Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face

More information

University of Bradford. 1 year full time, 2 years part-time

University of Bradford. 1 year full time, 2 years part-time UNIVERSITY OF BRADFORD Faculty of Engineering and Informatics School of Electrical Engineering and Computer Science (EECS) Programme/course title: MSc Cyber Security Awarding and teaching institution:

More information

Masters in Applied Cyber Security Upskilling Existing Employees

Masters in Applied Cyber Security Upskilling Existing Employees Masters in Applied Cyber Security Upskilling Existing Employees Origination The Masters in Applied Cyber Security (MACS) emerged from discussions at the Steering Group of ICT Ireland Skillnet where companies

More information

Course Specification MSc Information Management 2016-17 (INMAM)

Course Specification MSc Information Management 2016-17 (INMAM) LEEDS BECKETT UNIVERSITY Course Specification MSc Information Management 2016-17 (INMAM) Our courses undergo a process of review periodically, in addition to annual review and enhancement. Course Specifications

More information

Digital Industries Apprenticeship: Assessment Plan. Cyber Security Technologist. April 2016

Digital Industries Apprenticeship: Assessment Plan. Cyber Security Technologist. April 2016 Digital Industries Apprenticeship: Assessment Plan Cyber Security Technologist April 2016 1 Digital Industries Apprenticeships: Assessment Plan 1. General Introduction and Overview The apprenticeship Standard

More information

MSc in Computer and Information Security

MSc in Computer and Information Security MSc in Computer and Information Security Programme Specification Primary Purpose: Course management, monitoring and quality assurance. Secondary Purpose: Detailed information for students, staff and employers.

More information

Plymouth University. Faculty of Science and Engineering. School of Computing Electronics and Mathematics. Programme Specification

Plymouth University. Faculty of Science and Engineering. School of Computing Electronics and Mathematics. Programme Specification Plymouth University Faculty of Science and Engineering School of Computing Electronics and Mathematics Programme Specification MSc Network Systems Engineering Programme codes: 2359 (Sept), 2938(Jan) September

More information

Cyber Defence Capability Assessment Tool (CDCAT ) Improving cyber security preparedness through risk and vulnerability analysis

Cyber Defence Capability Assessment Tool (CDCAT ) Improving cyber security preparedness through risk and vulnerability analysis Cyber Defence Capability Assessment Tool (CDCAT ) Improving cyber security preparedness through risk and vulnerability analysis An analogue approach to a digital world What foundations is CDCAT built on?

More information

Plymouth University. Faculty of Science and Engineering. School of Computing Electronics and Mathematics. Programme Specification

Plymouth University. Faculty of Science and Engineering. School of Computing Electronics and Mathematics. Programme Specification Plymouth University Faculty of Science and Engineering School of Computing Electronics and Mathematics Programme Specification MSc Computer and Information Security Programme Codes: 3836 (Sept), 3837 (Jan)

More information

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii The Office of the Auditor General has conducted a procedural review of the State Data Center (Data Center), a part of the Arizona Strategic Enterprise Technology (ASET) Division within the Arizona Department

More information

PRINCIPLES AND PRACTICE OF INFORMATION SECURITY

PRINCIPLES AND PRACTICE OF INFORMATION SECURITY PRINCIPLES AND PRACTICE OF INFORMATION SECURITY Protecting Computers from Hackers and Lawyers Linda Volonino, Ph.D. Canisius College Stephen R. Robinson Verity Partners, LLC with contributions by Charles

More information

A GOOD PRACTICE GUIDE FOR EMPLOYERS

A GOOD PRACTICE GUIDE FOR EMPLOYERS MITIGATING SECURITY RISK IN THE NATIONAL INFRASTRUCTURE SUPPLY CHAIN A GOOD PRACTICE GUIDE FOR EMPLOYERS April 2015 Disclaimer: Reference to any specific commercial product, process or service by trade

More information

Specialist Cloud Services. Acumin Cloud Security Resourcing

Specialist Cloud Services. Acumin Cloud Security Resourcing Specialist Cloud Services Acumin Cloud Security Resourcing DOCUMENT: FRAMEWORK: STATUS Cloud Security Resourcing Service Definition G-Cloud Released VERSION: 1.0 CLASSIFICATION: CloudStore Acumin Consulting

More information

Professional Development for Engagement Partners Responsible for Audits of Financial Statements (Revised)

Professional Development for Engagement Partners Responsible for Audits of Financial Statements (Revised) IFAC Board Exposure Draft August 2012 Comments due: December 11, 2012 Proposed International Education Standard (IES) 8 Professional Development for Engagement Partners Responsible for Audits of Financial

More information

---Information Technology (IT) Specialist (GS-2210) IT Security Competency Model---

---Information Technology (IT) Specialist (GS-2210) IT Security Competency Model--- ---Information Technology (IT) Specialist (GS-2210) IT Security Model--- TECHNICAL COMPETENCIES Computer Forensics Knowledge of tools and techniques pertaining to legal evidence used in the analysis of

More information

January 2015 Issue No: 2.1. Guidance to CESG Certification for IA Professionals

January 2015 Issue No: 2.1. Guidance to CESG Certification for IA Professionals January 2015 Issue No: 2.1 Guidance to Issue No: 2.1 January 2015 The copyright of this document is reserved and vested in the Crown. This document may not be reproduced or copied without specific permission

More information

Part-time MSc in Cyber Security from Northumbria University. masters.qa.com

Part-time MSc in Cyber Security from Northumbria University. masters.qa.com Part-time MSc in Cyber Security from Northumbria University masters.qa.com Thank you for your interest in Northumbria University s part-time MSc in Cyber Security programme, delivered in Central London

More information

Programme Specification

Programme Specification Programme Specification Course record information Name and level of final award: MSc Cyber Security and Forensics Name and level of intermediate awards: Postgraduate Diploma in Cyber Security and Forensics

More information

SCHOOL ONLINE SAFETY SELF REVIEW TOOL

SCHOOL ONLINE SAFETY SELF REVIEW TOOL SCHOOL ONLINE SAFETY SELF REVIEW TOOL UPDATED February 2016 The South West Grid for Learning, Belvedere House, Woodwater Park, Pynes Hill, Exeter, EX2 5WS. Tel: 0844 381 4772 Email: esafety@swgfl.org.uk

More information

Cyber Security - What Would a Breach Really Mean for your Business?

Cyber Security - What Would a Breach Really Mean for your Business? Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber

More information

Why compromise on the quality of your cyber security training? How APMG, CESG and QA accreditations ensure the highest possible training standards

Why compromise on the quality of your cyber security training? How APMG, CESG and QA accreditations ensure the highest possible training standards Why compromise on the quality of your cyber security training? How APMG, CESG and QA accreditations ensure the highest possible training standards Cyber Security CESG Certified Training // 2 Contents 3

More information

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)

More information

Michelle Govan & Anand Philip Network & Security Engineering

Michelle Govan & Anand Philip Network & Security Engineering Michelle Govan & Anand Philip Network & Security Engineering Network & Security Engineering Suite Dr Michelle Govan Anand Philip Programme Philosophy The philosophy of the programmes is unique to others

More information

October 2014 Issue No: 2.0. Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services

October 2014 Issue No: 2.0. Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services October 2014 Issue No: 2.0 Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services

More information

CESG CIR SCHEME AND CREST CSIR SCHEME FREQUENTLY ASKED QUESTIONS

CESG CIR SCHEME AND CREST CSIR SCHEME FREQUENTLY ASKED QUESTIONS CESG CIR SCHEME AND CREST CSIR SCHEME FREQUENTLY ASKED QUESTIONS QUESTION General What is the Cyber Security Incident Response (CSIR) Scheme? What is the Cyber Incident Response (CIR) scheme? Why have

More information

N252; N250; N250; I120; I160; I210 KEY PROGRAMME INFORMATION. Originating institution(s) Bournemouth University

N252; N250; N250; I120; I160; I210 KEY PROGRAMME INFORMATION. Originating institution(s) Bournemouth University KEY PROGRAMME INFORMATION Originating institution(s) Bournemouth University Faculty responsible for the programme Faculty of Management Final award(s), title(s) and credits MSc Crisis, Disaster Management

More information

Big Data, Big Risk, Big Rewards. Hussein Syed

Big Data, Big Risk, Big Rewards. Hussein Syed Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data

More information

Good Practice Guide Security Incident Management

Good Practice Guide Security Incident Management October 2015 Issue No: 1.2 Good Practice Guide Security Incident Management Customers can continue to use this guidance. The content remains current, although may contain references to legacy SPF policy

More information

Digital Forensics G-Cloud Service Definition

Digital Forensics G-Cloud Service Definition Digital Forensics G-Cloud Service Definition 2013 General Dynamics Information Technology Limited. All rights 1 GDIT Team Clients Metropolitan Police Service The General Dynamics Information Technology

More information

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2 Policy Procedure Information security policy Policy number: 442 Old instruction number: MAN:F005:a1 Issue date: 24 August 2006 Reviewed as current: 11 July 2014 Owner: Head of Information & Communications

More information

How small and medium-sized enterprises can formulate an information security management system

How small and medium-sized enterprises can formulate an information security management system How small and medium-sized enterprises can formulate an information security management system Royal Holloway Information Security Thesis Series Information security for SMEs Vadim Gordas, MSc (RHUL) and

More information

Programme Specification including programme description

Programme Specification including programme description Programme Specification including programme description Form QA3-2 GENERAL INFORMATION Awarding Institution//Body Teaching Institution Validated/Franchised (if appropriate) Programme accredited by (including

More information

Mandatory Provident Fund Schemes Authority COMPLIANCE STANDARDS FOR MPF APPROVED TRUSTEES. First Edition July 2005. Hong Kong

Mandatory Provident Fund Schemes Authority COMPLIANCE STANDARDS FOR MPF APPROVED TRUSTEES. First Edition July 2005. Hong Kong Mandatory Provident Fund Schemes Authority COMPLIANCE STANDARDS FOR MPF APPROVED TRUSTEES First Edition July 2005 Hong Kong Contents Glossary...2 Introduction to Standards...4 Interpretation Section...6

More information

February 2015 Issue No: 5.2. CESG Certification for IA Professionals

February 2015 Issue No: 5.2. CESG Certification for IA Professionals February 2015 Issue No: 5.2 CESG Certification for IA Professionals Issue No: 5.2 February 2015 The copyright of this document is reserved and vested in the Crown. This document may not be reproduced or

More information

Electronic Payment Schemes Guidelines

Electronic Payment Schemes Guidelines BANK OF TANZANIA Electronic Payment Schemes Guidelines Bank of Tanzania May 2007 Bank of Tanzania- Electronic Payment Schemes and Products Guidleness page 1 Bank of Tanzania, 10 Mirambo Street, Dar es

More information

The Next Generation of Security Leaders

The Next Generation of Security Leaders The Next Generation of Security Leaders In an increasingly complex cyber world, there is a growing need for information security leaders who possess the breadth and depth of expertise necessary to establish

More information

Central Sponsor for Information Assurance. A National Information Assurance Strategy

Central Sponsor for Information Assurance. A National Information Assurance Strategy Central Sponsor for Information Assurance A National Information Assurance Strategy A NATIONAL INFORMATION ASSURANCE STRATEGY i Foreword Information and communications technology is changing the way that

More information

RARITAN VALLEY COMMUNITY COLLEGE COURSE OUTLINE. CISY 229 Information Security Fundamentals

RARITAN VALLEY COMMUNITY COLLEGE COURSE OUTLINE. CISY 229 Information Security Fundamentals RARITAN VALLEY COMMUNITY COLLEGE COURSE OUTLINE CISY 229 Information Security Fundamentals I. Basic Course Information A. Course Number & Title: CISY-229 Information Security Fundamentals B. New or Modified

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

Research Data Security. Paul Kennedy IT Services

Research Data Security. Paul Kennedy IT Services Research Data Security Paul Kennedy IT Services 1 Is information security important to RDM? EPSRC recognises that there are legal, ethical and commercial constraints on release of research data. To ensure

More information

Future Research Leaders call 2015/16 Guidance notes for non-academic reviewers

Future Research Leaders call 2015/16 Guidance notes for non-academic reviewers Future Research Leaders call 2015/16 Guidance notes for non-academic reviewers Introduction... 1 Aims and objectives... 1 Procedure... 3 Peer Review form on Je-S... 3 The decision-making process... 3 Assessment

More information

CASSIDIAN CYBERSECURITY

CASSIDIAN CYBERSECURITY CASSIDIAN CYBERSECURITY ADVANCED PERSISTENT THREAT (APT) SERVICE In a world where cyber threats are emerging daily, often from unknown sources, information security is something no organisation can afford

More information

AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES

AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES Final Report Prepared by Dr Janet Tweedie & Dr Julie West June 2010 Produced for AGIMO by

More information

Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation

Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation Commonwealth Approach to Cybergovernance and Cybersecurity By the Commonwealth Telecommunications Organisation Trends in Cyberspace Cyberspace provides access to ICT Bridging the digital divide and influencing

More information

JOB DESCRIPTION REF: 50001776

JOB DESCRIPTION REF: 50001776 JOB DESCRIPTION REF: 50001776 Note: This job description does not form part of the employee s contract of employment but is provided for guidance. The precise duties and responsibilities of any job may

More information

PROGRAMME SPECIFICATION University Certificate Psychology. Valid from September 2012. Faculty of Education, Health and Sciences -1 -

PROGRAMME SPECIFICATION University Certificate Psychology. Valid from September 2012. Faculty of Education, Health and Sciences -1 - Faculty of Education, Health and Sciences PROGRAMME SPECIFICATION University Certificate Valid from September 2012-1 - www.derby.ac.uk/ehs CONTENTS SECTION ONE: GENERAL INFORMATION... 1 SECTION TWO: OVERVIEW

More information

Henley Business School. Henley Business School at Univ of Reading. Henley Business School Board of Studies for

Henley Business School. Henley Business School at Univ of Reading. Henley Business School Board of Studies for BA Accounting and Business For students entering Part 1 in 2014/5 Awarding Institution: Teaching Institution: Relevant QAA subject Benchmarking group(s): Faculty: Programme length: Date of specification:

More information

Aberdeen City Council IT Security (Network and perimeter)

Aberdeen City Council IT Security (Network and perimeter) Aberdeen City Council IT Security (Network and perimeter) Internal Audit Report 2014/2015 for Aberdeen City Council August 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary

More information

Careers in Cryptology, codes, code-breaking and encryption (Developed from AGCAS link enquires, January 2011)

Careers in Cryptology, codes, code-breaking and encryption (Developed from AGCAS link enquires, January 2011) Careers in Cryptology, codes, code-breaking and encryption (Developed from AGCAS link enquires, January 2011) A summary of information received from numerous Careers Services regarding codes, code-breaking

More information

Programme Specification for the MSc in Computing ()

Programme Specification for the MSc in Computing (<Specialism>) Programme Specification for the MSc in Computing () include: Artificial Intelligence; Computational Management Science; Distributed Systems; Software Engineering and Visual Information

More information

BSc Management with Information Technology For students entering Part 1 in 2015/6. Henley Business School at Univ of Reading

BSc Management with Information Technology For students entering Part 1 in 2015/6. Henley Business School at Univ of Reading BSc Management with Information Technology For students entering Part 1 in 2015/6 Awarding Institution: Teaching Institution: Relevant QAA subject Benchmarking group(s): Faculty: Programme length: Date

More information

HP Laptop & Apple ipads

HP Laptop & Apple ipads Shalom College Student 1:1 Laptop & ipad Program HP Laptop & Apple ipads Policy and Guidelines Booklet TABLE OF CONTENTS 1. Educational Opportunities of A 1 to 1 Laptop & ipad Program... 2 2. Overview

More information

PROGRAMME SPECIFICATION POSTGRADUATE PROGRAMMES. Masters in Management of Information Security and Risk

PROGRAMME SPECIFICATION POSTGRADUATE PROGRAMMES. Masters in Management of Information Security and Risk PROGRAMME SPECIFICATION POSTGRADUATE PROGRAMMES KEY FACTS Programme name Masters in Management of Information Security and Risk Award MSc School School of Mathematics, Computer Science and Engineering

More information

Henley Business School at Univ of Reading. Eligible for British Computer Society Professional Certificate in Business Analysis Practice

Henley Business School at Univ of Reading. Eligible for British Computer Society Professional Certificate in Business Analysis Practice MSc in Management Information Systems (Ghana) For students entering in 2014/5 Awarding Institution: Teaching Institution: Relevant QAA subject Benchmarking group(s): Faculty: Programme length: Date of

More information