CC7180 - Security Auditing and Penetration Testing (2017/18)
|Module specification||Module approved to run in 2017/18|
|Module title||Security Auditing and Penetration Testing|
|Module level||Masters (07)|
|Credit rating for module||20|
|School||School of Computing and Digital Media|
|Total study hours||200|
|Running in 2017/18||
This module is designed to introduce principles underlying computer and network security auditing, securing, and penertration testing. It also introduces tools used to assess and validate security posture of a network and its applications. There is an extensive exposure to network threats and vulnerabilities. Students will assess the various security and configuration features required to secure networks.
This module also focuses on guiding students for further specilaisation in vendor-neutral security certification programs such as GIAC, ISC, EC-Council, ISACA and networking with industry experts and engage in professional bodies such as BCS-ISSG.
The aim of the module is:
- To provide students with knowledge of the fundamental principles and techniques employed in auditing, securing networks and penetration testing.
- To create awareness of the need for security in computer and communications systems.
- To appraise a security policy and network security posture.
- To enable students to assess security risks and be able to apply appropriate mechanisms to counter the risks
• Internet and Web security
• Security policy design and implementation
• Network security auditing and validation of security policy assumptions
• Security auditing standards, procedures and toolkits
• IT governance frameworks such as COBIT, ITIL, and ISO 17799/27001
• Overview and fundamentals of penetration testing - reconnaissance techniques, scanning & sniffing tools
• Penetration testing guidance and standards
• TCP/IP and encryption techniques.
• Types of attacks and countermeasures
• Known vulnerabilities in software and protocols used in web and mail servers
• Inherited vulnerably of Windows and Linux
• Incident handling
Learning and teaching
- A combination of lectures and extensive hands-on practical will be applied to the delivery of this module.
- Lectures will focus on the fundamental principles and techniques employed in auditing, securing and penetration testing of information and network systems. Workshops and coursework project will give students opportunities to understand, practice and peer-review how the theory can be applied in a real world enviroment. Self assessments will help students to revise and reflect on the theroy learnt.
- Students are also encouraged to spend extra time for unsupervised study and practice.
On successful completion of the module, the student will be able to:
LO1. Evaluate the security risks presented by computer networks.
LO2. Understand IT governance frameworks and security modelling techniques.
LO3. Identify and implement a Security Policy.
LO4. Explain different security protocols and encryption methods, and understand their significance in a secure environment.
LO5. Use security auditing and penetration testing tools and techniques, in securing a network based on the security policy, and assess the protections provided by each tool and technique.
LO6. Engage proactively with the Cyber Security community.
The assessment consists of two elements; unseen examination testing students understanding of the subject and assesses the LO1-6, and a research and practical based coursework (2500 Words) assessing learning outcomes LO1,4 and 5.
- Basta, A. Basta, N. Brown, M. (2015) Computer Security and Penetration Testing 2e, United Kingdom: Cengage Learning (ISBN-13: 9780840020932 / ISBN-10: 0840020937) (Core)
- CompTIA (2015) CompTIA Security+: Exam Code SY0-401, Available at: http://certification.comptia.org/getCertified/certifications/security.aspx (Accessed: 20 Nov 2015).
- Davis, C. Schiller, M. Wheeler, K. (2011) IT Auditing Using Controls to Protect Information Assets, 2nd edn., London: McGraw-Hill Education.
- EC-Council (2015) EC-Council: Hackers are here where are you? Available at: www.eccouncil.org/certification.aspx (Accessed: 20 Nov 2015).
- GIAC (2015) Global Information Assurance Certification - Security Certifications: Security Administration, Available at: www.giac.org/certifications/security (Accessed: 20 Nov 2015).
- ISACA (2015) Information Systems Audit and Control Association (ISACA) Certification: IT Audit, Security, Governance and Risk, Available at: www.isaca.org (Accessed: 20 Nov 2015).
- ISC2 (2015) (ISC) 2 Inspiring a safe and secure cyber world, Available at: https://www.isc2.org/ (Accessed: 20 Nov 2015).
- Jackson, C. (2010) Network security auditing, Indianapolis, Ind : Cisco Press
- Weaver W,Weaver D, Farwood D (2014) Guide to Network Defense and Countermeasures, Thompson, 3rd edn. United Kingdom: Cengage Learning (ISBN-13: 978-1133727941 ISBN-10: 1133727948)