CC5004 - Security in Computing (2017/18)
| Module specification | Module approved to run in 2017/18 | ||||||||||||||||
| Module title | Security in Computing | ||||||||||||||||
| Module level | Intermediate (05) | ||||||||||||||||
| Credit rating for module | 30 | ||||||||||||||||
| School | School of Computing and Digital Media | ||||||||||||||||
| Total study hours | 300 | ||||||||||||||||
|
|||||||||||||||||
| Assessment components |
|
||||||||||||||||
| Running in 2017/18(Please note that module timeslots are subject to change) |
|
Module summary
This module is concerned with the fundamentals of security in key areas of computing in terms of understanding, controlling and managing the various risks and threats to computer-based systems.
Prior learning requirements
Successful completion at level 4 or equivalent
Module aims
The module aims are to:
1. Provide students with an understanding of fundamentalcomputer security concepts and issues.
2. Introduce students to the various types of security threats and risks to computer systems and networks.
3. Develop students’ ability to identify, analyse and evaluate a range of computer security threats.
4. Enable students to use appropriate tools, techniques, methods, approaches and strategiesto mitigate the various threats and provide practical, feasible and sustainable solutions.
5. Equip students with appropriate knowledge and skills necessary to protect the secrecy of confidential data and information.
6. Develop students’ knowledge, transferable skills and confidence in handling, managing and solving computer securityissues leading to further academic progression and future employability in this area.
Syllabus
1. General Security Problems: attacks; computer criminals; computer security; methods of defence.
2. Program Security: secure programs; viruses and malicious code; controls against program threats.
3. Security in Operating Systems: user authentication; memory and address protection; file protections; control of access to general objects; trusted operating systems.
4. Database Security: security requirements; integrity and reliability; inference; multilevel security.
5. Security in Networks: threats in networks; firewalls intrusion detection; secure email; security control.
6. Administering Security.
7. The Economics of Cybersecurity.
8. Legal, Privacy, and Ethical Issues and code of practice.
9. ElementaryCryptography:
• Working with Substitution Ciphers;
• Working with Transposition Ciphers;
• Overview of Data Encryption Standard (DES);
• Overview of Advanced Encryption Standard (AES);
• Overview of Public Key Encryption;
• Overview of Digital Signatures;
• Overview of Message Digests;
• Overview of Authentication;
• Overview of Current Developments.
Learning and teaching
Students will develop theoretical understanding and practical skills in the subject area based on weekly lectures, tutorials and supervised workshops. The tutorials and workshops, in particular, are provided to support students in gaining practical experience in tackling a wide range of computer security related issues and problems.
Appropriate blended learning approaches and technologies, such as, the University’s VLE and online tools, will be used to facilitate and support student learning, in particular, to:
• deliver content;
• encourage active learning;
• provide formative and summative assessments, and prompt feedback;
• enhance student engagement and learning experience.
Students will be expected and encouraged to produce reflective commentaries on the learning activities and tasks that they carry out to complete their work.
Learning outcomes
On completing the module the student will be able to:
LO1. Demonstrate a general understanding of key computer security concepts and issues.
LO2. Describea range of security threats that undermine the integrity, availability and confidentiality of computer systems and networks.
LO3. Identify, analyse, evaluate, test and document various security threats and risks to computer systems and networks.
LO4. Use appropriate software tools, techniques, methods, strategies and approaches to provide practical solutions and measures to prevent and mitigate security threats and risks to computer systems and networks.
LO5. Apply appropriate procedures, methods, techniques and algorithms to protect and preserve the secrecy of confidential data and information.
LO6. Describe computer security policies, audits, standards and code of practice.
LO7. Critically evaluate and reflect on their learning, development and achievements within the context of security in computing.
Assessment strategy
The coursework will involve developing practical solutions to a wide range of computer security problems and issues using appropriate methods, techniques and tools [LO1-LO7]. Students will produce a report detailing their work based on some case study, scenario or investigation.
The final exam will further assess students’ broader understanding of the theoretical concepts of the subject [LO1, LO2,and LO6].
Students will be encouraged to complete weekly tutorial and workshop exercises as well as periodic formative diagnostic tests to enhance their learning. During tutorial and workshop sessions students will receive ongoing support and feedback on their work to promote engagement and provide the basis for tackling the summative assessments.
Bibliography
1. Pfleeger, C.P. &Pfleeger, S.L., 2007. Security in Computing 4th ed., Prentice Hall.
2. Gollmann, D., 2010. Computer Security 3rd ed., John Wiley & Sons.
3. Goodrich, M. &Tamassia, R., 2010. Introduction to Computer Security: International Version 1st ed., Pearson Education.
4. Chuck, E., 2011. Computer Security Fundamentals 2nd ed., Pearson IT Certification.
5. Stallings, W., 2010. Cryptography and Network Security: International Version: Principles and Practice 5th ed., Pearson Education.