- Homepage
- Key Information
- Students
- Taught programmes (UG / PGT)
- Student Services and Procedures
- Student Support
- Events and Colloquia
- International Students
- Students as Change Agents (SACA)
- Student Staff Liaison Committees (SSLC)
- The Exeter Award
- Peer Support
- Skills Development
- Equality and Diversity
- Athena SWAN
- Outreach
- Living Systems Institute Webpage
- Alumni
- Info points and hubs
- Inbound Exchange Students
- Staff
- PGR
- Health and Safety
- Computer Support
- National Student Survey (NSS)
- Intranet Help
- College Website
ECM3437 - Cyber Security 1 (2023)
| MODULE TITLE | Cyber Security 1 | CREDIT VALUE | 15 |
|---|---|---|---|
| MODULE CODE | ECM3437 | MODULE CONVENER | Mr Alexander Richardson-Hall (Coordinator) |
| DURATION: TERM | 1 | 2 | 3 |
|---|---|---|---|
| DURATION: WEEKS | 0 | 11 | 0 |
| Number of Students Taking Module (anticipated) | 15 |
|---|
***DEGREE APPRENTICESHIP STUDENTS ONLY***
A cyber security analyst is responsible for the implementation, maintenance and support of the security controls that protect an organisation’s systems and data assets from threats and hazards. They ensure that security technologies and practices are operating in accordance with the organisation’s policies and standards to provide continued protection. They require a broad understanding of network infrastructure, software and data to identify where threat and hazard can occur. They are responsible for performing periodic vulnerability assessments to evaluate the organisation’s ongoing security posture and will provide visibility to management of the main risks and control status on an ongoing basis. They respond to security incidents and implement resolution activities across the organisation.
The aim of this module is to build on your skills and knowledge in cyber security principles and techniques and their application in the business context. The module gives an introduction to the detection and assessment of security hazards and risks as well as basic skills in implementing security controls.
On successful completion of this module, you should be able to:
Module Specific Skills and Knowledge:
1. Analyse and evaluate security threats and vulnerabilities to planned and installed information systems or services
2. Perform security risk assessments for a range of information systems and propose solutions
3. Perform a business impact analysis in response to a security incident
4. Research and investigate common and emerging attack techniques
5. Identify and follow organisational security policies and standards and implement security processes in line with policies and standards
6. Analyse security requirements including functional and non-functional security requirements that may be presented in a security case.
Discipline Specific Skills and Knowledge:
7. Demonstrate understanding of the types of security (confidentiality, authentication; non-repudiation; service integrity) and security big picture (network security; host OS security; physical security)
8. Demonstrate understanding of main types of common attack techniques, including phishing, social engineering, malware, network interception, blended techniques, denial of service and theft
9. Recognise and assess risk including performing a risk assessment
10. Recognise the typical security hazards that may concern an organisation
Personal and Key Transferable/ Employment Skills and Knowledge:
11. Communicate orally and in writing
12. Think analytically and critically
13. Organise your own work
14. Work to a deadline
15. Make decisions
Introduction (2 weeks)
• Typical security hazards that may concern an organisation
o Security context: network security; host OS security; physical security
o Common attack techniques: phishing, social engineering, malware, network interception, blended techniques, denial of service, theft
• Types of security: confidentiality, authentication; non-repudiation; service integrity
Detecting and analysing security incidents (3 weeks)
• Intruder/intrusion types and methods
• Monitoring and detection
• Forensic analysis
Assessing security risk for different types of information system (3 weeks)
• Risk assessment frameworks
• Analysing functional and non-functional security requirements
o Analysing environment, assets and system architecture
o Researching common and emerging attack techniques
o Identifying threats (present, past and future)
o Use of tools
o Prioritising assets and vulnerabilities
Implementing network security controls in line with policies and standards (4 weeks)
• Identifying and following organisational security policies and standards
• Network access
• Intrusion prevention
• Identity and access management
| Scheduled Learning & Teaching Activities | 22.00 | Guided Independent Study | 128.00 | Placement / Study Abroad | 0.00 |
|---|
| Category | Hours of study time | Description |
| Scheduled learning and teaching activities | 18 | Online learning activity, including virtual workshops, synchronous and asynchronous virtual lectures and other e-learning. |
| Scheduled learning and teaching activities | 2 | Lectures |
| Scheduled learning and teaching activities | 2 | Group workshops |
| Guided independent study | 128 | Coursework, exam preparation and self-study |
| Form of Assessment | Size of Assessment (e.g. duration/length) | ILOs Assessed | Feedback Method |
|---|---|---|---|
| Contribution to class discussion | N/A | 7-15 | Verbal |
| Coursework | 60 | Written Exams | 40 | Practical Exams | 0 |
|---|
| Form of Assessment | % of Credit | Size of Assessment (e.g. duration/length) | ILOs Assessed | Feedback Method |
|---|---|---|---|---|
| Security controls implementation | 60 | 3,000 words | 1-15 | Written |
| Written exam | 40 | 2 hours | 1-15 | Written |
| Original Form of Assessment | Form of Re-assessment | ILOs Re-assessed | Time Scale for Re-assessment |
|---|---|---|---|
| Security controls implementation (60%) | Security controls implementation | 1-15 | Completed over summer with a deadline in August |
| Written exam (40%) | Written exam (2 hours) | 1-15 | August assessment period |
Deferral – if you miss an assessment for certificated reasons judged acceptable by the Mitigation Committee, you will normally be deferred in the assessment. The mark given for a re-assessment taken as a result of deferral will not be capped and will be treated as it would be if it were your first attempt at the assessment.
Referral – if you have failed the module overall (i.e. a final overall module mark of less than 40%) you may be required to sit a referral. The mark given for a re-assessment taken as a result of referral will be capped at 40%.
information that you are expected to consult. Further guidance will be provided by the Module Convener
ELE: vle.exeter.ac.uk
Reading list for this module:
| Type | Author | Title | Edition | Publisher | Year | ISBN | Search |
|---|---|---|---|---|---|---|---|
| Set | Stewart, J. M., Chapple, M., Gibson, D. | CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide | 7th | Sybes | 2015 | 978-1119042716 | [Library] |
| Set | Graham, J.. Howard, R., Olson, R. | Cyber Security Essentials | 1st | CRC Press | 2011 | 9781439851234 | [Library] |
| Set | Pfleeger, C. P., Pfleeger, S. L., Margulies, J | Security in Computing | 5th | Prentice Hall | 2015 | 978-0-13-408504-3 | [Library] |
| CREDIT VALUE | 15 | ECTS VALUE | 7.5 |
|---|---|---|---|
| PRE-REQUISITE MODULES | None |
|---|---|
| CO-REQUISITE MODULES | None |
| NQF LEVEL (FHEQ) | 6 | AVAILABLE AS DISTANCE LEARNING | No |
|---|---|---|---|
| ORIGIN DATE | Tuesday 10 July 2018 | LAST REVISION DATE | Wednesday 08 February 2023 |
| KEY WORDS SEARCH | Cyber, Security |
|---|