ECM1424 - Information Security (2023)

Back | Download as PDF
MODULE TITLEInformation Security CREDIT VALUE15
MODULE CODEECM1424 MODULE CONVENERMr Alexander Richardson-Hall (Coordinator)
DURATION: TERM 1 2 3
DURATION: WEEKS 0 11 0
Number of Students Taking Module (anticipated) 15
DESCRIPTION - summary of the module content

***DEGREE APPRENTICESHIP STUDENTS ONLY***

This module provides you with an introduction to the fundamental principles of Information Technology Security and Risk Management at the organisational level. You will learn critical information and cyber security principles and management. You will also address the role of hardware, software, processes, communications, applications, people and policies and procedures with respect to organisational information security.

AIMS - intentions of the module

The aim of this module is to ensure that you  have a good understanding of IT security. In particular, you will be able to demonstrate the following competences:

  • Can undertake a security risk assessment for a simple IT system and propose resolution advice.
  • Can identify, analyse and evaluate security threats and hazards to planned and installed information systems or services (e.g. Cloud services).
INTENDED LEARNING OUTCOMES (ILOs) (see assessment section below for how ILOs will be assessed)

On successful completion of this module you should be able to:

Module Specific Skills and Knowledge

1. Undertake a security risk assessment for a simple system without direct supervision and propose basic remediation advice.

2. Analyse and evaluate security threats and hazards to planned and installed information systems or services (e.g. Cloud services).

3. Explain how the concepts of threat, hazard and vulnerability relate to each other and lead to risk.

4. Describe in simple terms what risk is and how risks are usually characterised (likelihood and impact) and illustrate by use of at least one commonly used tool (e.g. a risk register).

5. Understand the inherent asymmetric nature of cyber security threats.

6. Describe and characterise (in terms of capability, opportunity & motive) examples of threats and also describe some typical hazards that may concern an organisation. Relate these descriptions to example security objectives.

7. Describe some common vulnerabilities in computer networks and systems (for example un-secure coding and unprotected networks)

Discipline Specific Skills and Knowledge

8. Assurance concepts: Explain the difference between ‘trusted’ and ‘trustworthy’ and explain what assurance is for in security.

9. Describe the main approaches to assurance (intrinsic, extrinsic, design & implementation, operational policy & process) and give examples of how these might be applied at different stages in the lifecycle of a system.

10. Explain what penetration testing is and how it contributes to information assurance.

11. Understand both technical and administrative mitigation approaches.

12. Understand the need for a comprehensive security model and its implications for the security manager or Chief Security Officer (CSO).

Personal and Key Transferable / Employment Skills and Knowledge

13. Communicate orally and in writing

14. Think analytically and critically

15. Organise your own work

16. Work to a deadline

17. Make decisions

 

SYLLABUS PLAN - summary of the structure and academic content of the module

Introduction (2 weeks)

•          The need for security

•          Terminology of information security

•          Security and the components of a computer system, e.g. software, hardware, people and policies

•          Human factors in security

•          Information systems security case studies

 

Threats, hazards and vulnerabilities (3 weeks)

•          Definitions

•          Examples

•          Asymmetric nature

•          Capability, opportunity & motive

•          Analysing and evaluating security threats and hazards

 

Risk (2 weeks)

•          Likelihood and impact

•          Risk register

•          Security risk assessment and remediation

 

Assurance (3 weeks)

•          Definitions; ‘trusted’ vs ‘trustworthy’

•          Main approaches (intrinsic, extrinsic, design & implementation, operational policy & process)

•          Examples at different stages in the lifecycle of a system.

•          Encryption

•          Penetration testing techniques and tools; ethical hacking

•          Technical and administrative mitigation approaches

 

Management implications (2 weeks)

•          Security objectives

•          Need for comprehensive security model

•          Implications for security manager or Chief Security Officer (CSO)

LEARNING AND TEACHING
LEARNING ACTIVITIES AND TEACHING METHODS (given in hours of study time)
Scheduled Learning & Teaching Activities 22.00 Guided Independent Study 128.00 Placement / Study Abroad 0.00
DETAILS OF LEARNING ACTIVITIES AND TEACHING METHODS
Category Hours of study time Description
Scheduled learning and teaching activities 18 Online learning activity, including virtual workshops, synchronous and asynchronous virtual lectures and other e-learning.
Scheduled learning and teaching activities 2 Lectures
Scheduled learning and teaching activities 2 Group workshops
Guided independent study 128 Coursework, exam preparation and self-study

 

ASSESSMENT
FORMATIVE ASSESSMENT - for feedback and development purposes; does not count towards module grade
Form of Assessment Size of Assessment (e.g. duration/length) ILOs Assessed Feedback Method
Contribution to class discussion N/A 1-17  Verbal
       
       
       
       

 

SUMMATIVE ASSESSMENT (% of credit)
Coursework 50 Written Exams 50 Practical Exams 0
DETAILS OF SUMMATIVE ASSESSMENT
Form of Assessment % of Credit Size of Assessment (e.g. duration/length) ILOs Assessed Feedback Method
Threat and risk analysis exercise 50 10 minute narrated presentation recording 1-4, 8, 9, 11, 13-17 Written
Written Examination 50 1.5 hours 1-17 Written
         
         
         

 

DETAILS OF RE-ASSESSMENT (where required by referral or deferral)
Original Form of Assessment Form of Re-assessment ILOs Re-assessed Time Scale for Re-assessment
Threat and risk analysis exercise (50%) Threat and risk analysis exercise 1-4, 8, 9, 11, 13-17 Completed over the summer with a deadline in August
Written Examination (50%) Written Examination 1-17 August assessment period
       

 

RE-ASSESSMENT NOTES

Deferral – if you miss an assessment for certificated reasons judged acceptable by the Mitigation Committee, you will normally be deferred in the assessment. The mark given for a re-assessment taken as a result of deferral will not be capped and will be treated as it would be if it were your first attempt at the assessment.

Referral – if you have failed the module overall (i.e. a final overall module mark of less than 40%) you may be required to sit a referral. The mark given for a re-assessment taken as a result of referral will be capped at 40%.

RESOURCES
INDICATIVE LEARNING RESOURCES - The following list is offered as an indication of the type & level of
information that you are expected to consult. Further guidance will be provided by the Module Convener

ELE: http://vle.exeter.ac.uk

 

Reading list for this module:

Type Author Title Edition Publisher Year ISBN Search
Set Pfleeger, C. P., Pfleeger, S. L., Margulies, J Security in Computing 5th Prentice Hall 2015 978-0-13-408504-3 [Library]
CREDIT VALUE 15 ECTS VALUE 7.5
PRE-REQUISITE MODULES None
CO-REQUISITE MODULES None
NQF LEVEL (FHEQ) 5 AVAILABLE AS DISTANCE LEARNING No
ORIGIN DATE Tuesday 10 July 2018 LAST REVISION DATE Wednesday 08 February 2023
KEY WORDS SEARCH Information security