module specification

CC5004 - Security in Computing (2018/19)

Module specification Module approved to run in 2018/19
Module title Security in Computing
Module level Intermediate (05)
Credit rating for module 30
School School of Computing and Digital Media
Total study hours 300
 
90 hours Scheduled learning & teaching activities
139 hours Guided independent study
71 hours Assessment Preparation / Delivery
Assessment components
Type Weighting Qualifying mark Description
Coursework 30%   The report will consist of up to 1200 words based on hands on practical work (Weblearn Submission)
Coursework 30%   The report will consist of up to 1200 words based on hands on practical work (Weblearn Submission)
Unseen Examination 40%   Unseen Examination (2 hours)
Running in 2018/19
Period Campus Day Time Module Leader
Year North Tuesday Morning

Module summary

This module is concerned with the fundamentals of security in key areas of computing in terms of understanding, controlling and managing the various risks and threats to computer-based systems. In addition, the issues in development of the security software will be dealt with via software engineering approaches.

Assessment: Coursework 1 (30%) + Coursework 2 (30%) + Unseen exam (40%) [Pass on aggregate]

The key skills and knoweldge to be gained are:

1. Provide students with an understanding of fundamental computer security concepts and issues.
2. Introduce students to the various types of security threats and risks to computer systems and networks.
3. Develop students’ ability to identify, analyse and evaluate a range of computer security threats.
4. Enable students to develop and/or use appropriate tools, techniques, methods, approaches and strategies to mitigate the various threats and provide practical, feasible and sustainable solutions.
5. Equip students with appropriate knowledge and skills necessary to protect the secrecy of confidential data and information.
6. Develop students’ knowledge, transferable skills and confidence in handling, managing and solving computer security issues leading to further academic progression and future employability in this area.

Prior learning requirements

Successful completion of level 4 or equivalent

Syllabus

1. General Security Problems: attacks; computer criminals; computer security; methods of defence. LO1,LO2,LO3,LO4,LO5
2. Program Security: secure programs; viruses and malicious code; controls against program threats. LO2,LO3,LO4,LO5
3. Security in Operating Systems: user authentication; memory and address protection; file protections; control of access to   general objects; trusted operating systems.  LO1,LO2,LO3,LO4,LO5
4. Database Security: security requirements; integrity and reliability; inference; multilevel security. LO1,LO2,LO3,LO4,LO5
5. Security in Networks:  threats in networks; firewalls intrusion detection; secure email; security control. LO1,LO2,LO3,LO4,LO5
6. Administering Security. LO1,LO2,LO3,LO6
7. The Economics of Cybersecurity. LO1,LO2,LO7
8. Legal, Privacy, and Ethical Issues and code of practice. LO1,LO2,LO3,LO4,LO5
9. Elementary Cryptography: Substitution Ciphers; Transposition Ciphers; Data Encryption Standard (DES); Public Key Encryption; Digital Signatures; Message Digests; Overview of Authentication  LO1,LO2,LO3,LO4,LO5
10. System Requirement and Modelling LO8
11. Architectural Design, Module Design, and Implementation LO1,LO2,LO3,LO4,LO5,LO8
12. Software Testing, Evaluation, and Deployment LO9
13. Project Management Issues, Managing Design Process, and Evaluating Outcomes LO9
14. Evaluation of Systems in Terms of Quality and Trade-Offs LO9

Balance of independent study and scheduled teaching activity

Students will develop theoretical understanding and practical skills in the subject area based on weekly lectures, tutorials and supervised workshops.  The tutorials and workshops, in particular, are provided to support students in gaining practical experience in tackling a wide range of computer security related issues and problems.

Appropriate blended learning approaches and technologies, such as, the University’s VLE and online tools, will be used to facilitate and support student learning, in particular, to:
• deliver content;
• encourage active learning;
• provide formative and summative assessments, and prompt feedback; 
• enhance student engagement and learning experience.

Students will be expected and encouraged to produce reflective commentaries and an action plan for personal development on the learning activities and tasks that they carry out to complete their work, e.g. in the form of an assessed section of their coursework report/essay.

Learning outcomes

On completing the module the students will be able to:

LO1. Demonstrate a general understanding of key computer security concepts and issues.
LO2.  Describe a range of security threats that undermine the integrity, availability and confidentiality of computer systems and networks.
LO3.  Identify, analyse, evaluate, test and document various security threats and risks to computer systems and networks. 
LO4. Use appropriate software tools, techniques, methods, strategies and approaches to provide practical solutions and measures to prevent and mitigate security threats and risks to computer systems and networks.
LO5. Apply appropriate procedures, methods, techniques and algorithms to protect and preserve the secrecy of confidential data and information.
LO6. Describe computer security policies, audits, standards and code of practice.
LO7. Critically evaluate and reflect on their learning, development and achievements within the context of security in computing.
LO8. Understand security software development issues, including system requirement and modelling, architectural design, software design and implementation, software testing, and software deployment and evaluation.
LO9. Demonstrate the knowledge of project management techniques to achieve objectives, evaluation of systems in terms of quality and trade-offs, and management of design process and evaluating outcomes.

Assessment strategy

The coursework will involve developing practical solutions to a wide range of computer security problems and issues using appropriate methods, techniques and tools [LO1-LO9].  Students will produce a report detailing their work based on some case study, scenario or investigation.

The final exam will further assess students’ broader understanding of the theoretical concepts of the subject [LO1, LO2, and LO6].  

Students will be encouraged to complete weekly tutorial and workshop exercises as well as periodic formative diagnostic tests to enhance their learning. During tutorial and workshop sessions students will receive ongoing support and feedback on their work to promote engagement and provide the basis for tackling the summative assessments.

Bibliography

Textbooks:

Core Text:

• Pfleeger, C. P., Pfleeger, S. L. & Margilies, J., 2015. Security in Computing (5th Edition), Prentice Hall Press Upper Saddle River, NJ, USA. ISBN-10: 0134085043 | ISBN-13: 978-0134085043

Other Texts:
• Bellovin, S. M., 2016. Thinking Security: Stopping Next Year's Hackers. Addison-Wesley Professional Computing. ISBN: 978-0-13-427754-7
• Bishop, M., 2004. Introduction to computer security (1st Edition). ISBN-10: 0321247442 | ISBN-13: 978-0321247445
• Easttom II, W.C, 2014. Network defence and countermeasures: principles and practices (2nd Edition), Indianapolis, IN: Pearson IT Certification. ISBN 10:0789750945 | ISBN 13:9780789750945
• Easttom II, W.C., 2016. Computer security fundamentals. 3rd Edition, Pearson IT Certification. ISBN-13: 978-0-7897-5746-3
• Gollmann, D., 2011. Computer Security 3rd ed., John Wiley & Sons. ISBN10 0470741155 | ISBN13 9780470741153
• Goodrich, M. & Tamassia, R., 2013. Introduction to Computer Security (1st Edition). Pearson Education. ISBN 9781292037912
• Pfleeger, C. P., Pfleeger, S. L. Current, 2012. Analyzing Computer Security: A Threat / Vulnerability / Countermeasure Approach. Prentice Hall, Pearson Education, Inc. United States. ISBN-10: 0133853896 | ISBN-13: 9780133853896
• Sommerville, I., 2016, Software Engineering, 10th Edition, Pearson Education Ltd, ISBN: 1292096136
• Stallings, W., 2016. Cryptography and network Security: Principles and Practice (7thEdition), Pearson Education Limited, Harlow, United Kingdom. ISBN10 1292158581 | ISBN13 9781292158587
• Stallings, W., 2016. Network Security Essentials: Applications and Standards (6TH Edition), Pearson Education, United States. ISBN10 013452733X | ISBN13 9780134527338

Journals:
• Journal of Cyber Security, ISSN 2057-2085 (Electronic); Publisher: Oxford Academic :Oxford Journals, Oxford, UK: Oxford University Press
• ACM Transactions on Information and System Security (TISSEC), ACM New York, NY, USA, ISSN:1094-9224

Websites:
• Cyber Security, British Computer Society - http://www.bcs.org/category/19052
• Web Security - http://w3schools.sinsixx.com/site/site_security.asp.htm
• Computer Security Tutorial Point - https://www.tutorialspoint.com/computer_security/index.htm

Electronic Databases (available from the University Library):
• ACM Digital Library,
• IEEE Xplore/IET Digital Library.
Other:
• Lynda.com