About the course
The creation, transmission and storage of huge volumes of electronic data is one of the defining features of our age. Whilst these technologies bring us untold benefits, they also expose businesses, governments and individuals to repeated threats, such as fraud through data manipulation, deliberate sabotage and blackmail. As a result, businesses, governments and individuals around the world rely on the expertise and innovations of information security specialists, without which global communications systems would grind to a halt.
Want to join this expanding field and learn from the very best? Our flagship Information Security programme was the first of its kind in the world. It is certified by GCHQ, the UK Government Communications Headquarters, and taught by academics and industrial partners in one of the largest and most established Information Security Groups in the world. We are a UK Academic Centre of Excellence for cyber security research, and an Engineering and Physical Sciences Research Council (EPSRC) Centre for Doctoral Training in cyber security. We work closely with industry, and much of our curriculum and research is informed and audited by the industry itself. Our teachers are specialists in the field, with backgrounds in computer science, engineering, mathematics, statistics and the social sciences.
Our broad curriculum encompasses cryptography, fraud detection, system security, network security, device security and the study of how security itself should be managed. You will learn about the technical, legal and commercial aspects of the industry and have the chance to complete a supervised dissertation on a topic of your choice. In a typical year you could benefit from lectures and seminars given by as many as 50 different guest speakers. You will also have access to our virtualisation software, for experimenting with network security settings and ideas, as well as to our Penetration Testing Laboratory and industry-sponsored Smart Card Centre.
We offer a friendly, supportive learning environment and you will have a dedicated personal adviser to guide you through your studies. The skills you gain will open up a range of high-level career options and provide a solid foundation if you wish to progress to a PhD. Our graduates are in demand for their cutting-edge grasp of the field as well as their technical expertise and transferrable skills such as data handling, analysis, problem solving and research. The programme can be completed in one year full-time, two years part-time, three to seven years through Continuous Professional Development (CPD), or two to four years through distance learning.
- Join a world-class Information Security Group, recognised as an Academic Centre of Excellence by the UK Government.
- Learn from an interdisciplinary team of renowned information security specialists who are involved in pioneering research in the field.
- Benefit from our close ties with the information security industry.
- Enjoy the flexibility to tailor your degree to your particular interests and complete a supervised research project of your own.
The programme can be completed in one year full-time, two years part-time, three to five years through Continuous Professional Development (CPD), or two to four years through distance learning.
In this module you will develop an understanding of the need for effective security management. You will look at alternative security strategies and examine methods for responding to security management problems. You will critically evaluate different approaches and consider security management requirements. Sessions will be delivered by a combination of security practioners, information managers and academics and you will be encourage to actively discuss the subject matter, engaging in an online discussion forum.
Introduction to Cryptography and Security Mechanisms
In this module you will develop an understanding of the uses of cryptography. You will look at the basic cryptographic mechanisms used to provide core security services and examine differences between them, identifying suitations in which they are most usefully employed. You will consider the issues than need to be addressed to 'secure' an application, and evaluate the limitations of cryptography and methods for supporting it within a full security architecture.
You will carry out a major individual piece of work. It can be of academic nature focussing on a specific area of information security, or may document the ability to deal with a practical aspect of information security. You will produce a well-structured report of between 10,000 and 20,000 words, with introduction, motivation, analysis and relevant references to existing work.
You will also take either:
- Core A - Network Security and Computer Security (Operating Systems) or
- Core B - Secure Business Architectures and Security Technologies
The module is concerned with the protection of data transferred over digital networks, including computer and telecommunications networks. We review networking concepts, particularly the concepts of services and protocols, and study how services are incorporated in network communications by specifying protocols. We extend the discussion of services to address security concerns, considering how cryptographic primitives may be used to provide confidentiality, integrity and authentication services. We illustrate these concepts by considering case studies, including WEP/WPA/WPA2, GSM and UMTS, IPsec and SSL/TLS. We also study non-cryptographic countermeasures, including packet-filtering and intrusion detection.
Computer Security (Operating Systems)
In this module you will develop an understanding of the role of security mechanisms for modern computer systems, including both hardware and software. You will look at the mechanisms that are used to implement security policies, considering core concepts such as security models, subjects and objects, authorisation and access rights. You will examine the use and operation of a range of access and control methods and authentication mechanisms, such as tokens an biometrics. You will also and evaluate the main issues relating to software security and their effect on the security of compter systems, in particular the practical implementation of access control.
In this module you will develop an understanding of the construction of information networks, specifically the architecture and operation of the internet protocol suite. You will look at the construction of a modern computer system, considering hardware and software components which support multiprocessing. You will examine the causes and potential effects of vulnerabilities that affect computer systems and identify appropriate countermeasures, including user authentication and access control mechanisms. You will evaluate authentication and key exchange protocols, such as how SSL and TLS are applied to the internet, and analyse the key security threats faced in network environments.
Secure Business Architectures
In this module you will develop an understanding of the design and implementation of security architectures in the business environment. You will look at example systems and architectures which focus on delivering security service common to many modern businesses. You will examine the concept of the security lifecycle in relation to specific security architectures, and consider the high-level components of a risk assessment and how to apply these. You will also analyse governance, risk and compliance issues related to business architectures and see how organisations manage their security policies.
You may choose to register for one of the following pathways, which will constrain your choices as follows:
- Cybercrime - Core A, Cyber Crime, Digital Forensics, and a Project related to cybercrime
- Smart Cards, RFIDs and Embedded Systems Security - Core A, Smart Cards, RFIDs and Embedded Systems Security, and a Project related to smart cards, RFIDs or embedded systems
- Cyber Security - Core A or Core B, Cyber Security, and a Project related to cyber security
- Security Testing - Core A, Security Testing - Theory and Practice, and a Project related to security testing
- Digital Forensics - Core A, Digital Forensics, and a Project related to digital forensics
- Secure Digital Business - Core B, Legal and Regulatory Aspects of Electronic Commerce and a Project related to secure digital business
In addition to these mandatory course units there are a number of optional course units available during your degree studies. The following is a selection of optional course units that are likely to be available. Please note that although the College will keep changes to a minimum, new units may be offered or existing units may be withdrawn, for example, in response to a change in staff. Applicants will be informed if any significant changes need to be made.
Legal and Regulatory Aspects of Information Security
In thid module you will develop an understanding of legal and regulatory risk management in the field of information security and secure ecommerce. You will look at legal obligations and liabilities between private parties, and the implications of government regulations for corporate risk management. You will examine law regulation and liability, voluntary obligations, legal treatment of dematerialised documents and problems of form, involuntary obligations such as negligence, understanding and managing multi-jurisdiction legal and regulatory risk where the laws of several countries apply simultaneously, and the legal treatment of electronic and digital signature systems. You will also consider intellectual property and associated risks, and the basics of data protection and privacy law.
In this module you will develop an understanding of a range of widely deployed crytographic alogritms. You will look at the key design trends over the past twenty years, comparing algorithms and their properties. You will consider the basical mathematical techniques used alongside practical aspects of the performance and security of cryptographic algoritms, and will examine new research trends that are likely to influence work in this field in the coming years.
In this module you will develop an understanding of database security and concurrency control in distributed databases. You will look at methods used in failure recovery in distributed databases, and consider how security can be established within relational databases. You will examine the conflicting interactions between security requirements and concurrency control, examining the implications that security and its administration have in the context of commercial relational databases, such as Oracle. You will critically evaluate how access control policies can be adapted to relational databases, the approaches for achieveing multi-level security while still permitting concurrent transaction execution, and see why condientiality is so difficult to achieve within a statistical database.
In this module you will develop an understanding of computer crime and its history, looking at legal measures such as computer misuse, data protection, criminal damage, software piracy, forgery, and investigative powers. You will examine case studies with emphasis on investigations into hacking, computer misuse and forensics, considering malware such as computer viruses, denial of service attacks and trojan horses. You will also gain an insight into issues that may arise in the future for example, the expansion of the internet, pornography, unsuitable material, and social engineering.
Smart Cards, RFIDs and Embedded Systems Security
In this module you will develop an understanding of the applications of smart cards and security tokens and their use as assets in cyber security. You will look at the constituent components of common systems, analysing strengths and weaknesses in their manufacture and potential risks and security safeguards. You will consider the range of campabilities of SIM cards in smartphones and the main standards and applications of smarts cards for banking and finance. You will also examine the role of embedded smart card and RFID technology for passports, identity cards, and satellite TV, and the security measures that have protected past and current cards.
In this module you will develop an understanding of the importance of security in the development of applications. You will look at poor programming practices and how they can be exploited, leading to catastrophic security breaches. You will consider the threat posed by malicious software and examine some of the newer research trends that are likely to influence software security work in the coming years.
In this module you will develop an understanding of the foundations and theoretical underpinnings of how data is generated, stored, transmitted, and used as evidence. You will look at the methods used for the collection and analysis of digital evidence, and consider how the integrity of the underlying data is maintained. You will examine the general and UK legal requirements for data storage, and consider the frameworks for the handling and processing of such evidence.
Security Testing - Theory and Practice
In this module you will develop an understanding of the common approaches and methodologies used for carrying out and managing security and penetration testing, including legal requirements for such audits. You will look at network protocols, relevant computer system architectures, and web application systems, considering their vulnerabilities, common forms of attack, and security technologies designed to mitigate these. You will gain practical experience of exploting vulnerabilities to penetrate a system, learning how to design secure systems and defend them against intrusion.
In this module you will develop an understanding of the key areas of cyber security, with particular focus on the critical national information (CNI) infrastructure. You will look at fault and attack models for information and cyber-physical systems, considering variants of attack trees. You will analyse large-scale networks and their robustness for both random failures and deliberate attacks, evaluating how key elements of the CNI, such as the internet and power and transport infrasturctures, can be captured by such models. You will also examine case studies of attacks by state actors and security problems in control systems protocols.