CS7064 - Information Security (2026/27)
| Module specification | Module approved to run in 2026/27 | ||||||||||||
| Module title | Information Security | ||||||||||||
| Module level | Masters (07) | ||||||||||||
| Credit rating for module | 20 | ||||||||||||
| School | School of Computing and Digital Media | ||||||||||||
| Total study hours | 200 | ||||||||||||
|
|||||||||||||
| Assessment components |
|
||||||||||||
| Running in 2026/27(Please note that module timeslots are subject to change) | No instances running in the year |
Module summary
The module is concerned with the study and application of tools and techniques that enable the protection of information and other resources of enterprise information systems. Increases in storage, manipulation, and transfer of data across computer networks requires effective encryption techniques. This module will provide you with insight into some of those techniques, algorithms and their development through history. Part of the course is dedicated to introducing you to the mathematical concepts in number theory relevant to cryptography with techniques developed using software such as Maple to which you will be introduced in the early weeks of the module. Your focus will also be on the analysis, design and implementation of tools and techniques that achieve the three goals of confidentiality, integrity and availability in security computing. Particular focus will be on the management framework that facilitate the accomplishment of the above three goals. Importantly the module will address the ethical framework of information security, the issues around privacy and data protection and the rights of private citizens to access strong encryption. Throughout the module connections with other aspects of computer science and cybersecurity will be emphasised through the examples chosen.
Prior learning requirements
N/A
Syllabus
• Information security principles; confidentiality, availability and integrity. Framework standards for Information Security and taxonomies of threat; threat assessment and the identification of vulnerabilities. (LO1, LO4)
• Human factors in Information Security; vulnerabilities and possible defences; legal frameworks and responsibilities in respect of privacy and data protection. Security Administration.; e.g. integrating people, processes, technologies and policies. (LO1, LO5)
• Frameworks to identify and evaluate risks. Qualitative and quantitative models; risk mitigation and controls. Business continuity planning frameworks. (LO3)
• Introduction to cryptography, history and terminology. Basic principles of substitution and transposition. (LO3)
• Symmetric cryptography systems including Advanced Encryption Standard and related techniques of block and stream ciphers. (LO3, LO4),
• Asymmetric cryptography including RSA, Diffie Hellman key exchange, El Gamal, Elliptic Curve cryptography. (LO2, LO4)
• Message authentication and non repudiation. Hash standards, message authentication codes and digital signatures based on public/private keys. (LO3)
• Mathematics for cryptography: primes and prime factorisation techniques; quotient/remainders, gcds and inverses modulo n; finite fields and discrete logarithms; elliptic curves. Mathematics will be developed as required with emphasis on computational interpretation through Maple/Excel and other programming languages. (LO2)
• Security processes and technologies for enterprise systems; e.g. access control, authentication, firewalls, filters, biometrics etc. (LO3, LO5)
• E-commerce security and e-policy; e.g. digital signature, PKI, etc. Mobile and wireless security protocols. (LO3, LO5)
• Ethical issues raised by questions of privacy and access to strong encryption. (LO5)
Balance of independent study and scheduled teaching activity
Topics will be introduced through appropriate mediums.
Theoretical content will usually be supported by multimedia technologies (e.g., slides, videos, podcasts, and screencasts) or asynchronous materials (e.g., videos, reading tasks, and small formative or summative tests). Tutorials will typically involve in-class discussions to encourage reflective learning. Workshops will typically involve hands-on experience. Students are strongly encouraged to engage in independent study prior to attending any scheduled sessions.
Theoretical understanding will be developed and reinforced through provided learning materials and appropriate methods of delivery.
The remaining hours of private study will allow students to complete background reading, work on exercises and prepare for assessment.
Learning outcomes
This module aims to enable students to:
LO1 Show appreciation of the concepts, mechanisms and processes involved in securing information in enterprise information systems;
LO2 Demonstrate an understanding of the mathematics that underpins modern (symmetric and asymmetric) systems for cryptography;
LO3 Acquire in-depth knowledge and training to analyse, design and implement dependable security infrastructure for enterprise applications;
LO4 Develop skills (including for teamwork) necessary for the development of organisational and managerial policies for effective security administration;
LO5 Appreciate and analyse the ethical, practical and human dimensions of information security and cryptography and apply the legal frameworks covering privacy and data protection.