This module introduces the student to the issues that arise when we consider the security of computer networks and software systems including -
- What is security and needs to be secured?
- Security policies and mechanisms
- How best to coordinate security across IT services
PRINCIPLES OF SECURITY
Information and IT systems (e.g. OS, applications, network, mobile, cloud based); What security hopes to achieve(Authentication, Authorisation, Confidentiality, Integrity, Availability)
RISKS AND VULNERABILITIES
Data Loss (e.g. accidental overwrites, hardware or software failure, etc.); Public networks and applications (e.g. Internet and Cloud, Mobile applications); Malicious attacks (e.g. Malware, Network, Software & Application Flaws (buffer overflow, failed validation, incomplete mediation, etc.); Application vulnerabilities, Social engineering.
CRYPTOGRAPHY & SECURITY PROTOCOLS:
Symmetric cryptography; Public Key cryptography and PKI; Blockchain; Security Protocols (e.g for authentication and confidentiality); Issues of Cryptography (e.g key length, key, safety, passwords, etc.)
SECURITY MECHANISMS AND FORENSICS
Access Control (Passords, Biometrics, etc.)Preventions and Detection (e.g. physical security, systems update and patching, Backup mechanisms, Failover, Firewalls, Intrusion Detection Systems, Malware detection, etc.); Information Detritus; Audit Trail Analysis; Incident Response (e.g. Tracing an attack, recovery, restoring backups, etc.)
SECURITY MANAGEMENT
Introduction to Security Policies, Models, and Architecture; Prevention versus Detection; Identifying user roles responsibilities; Running with least privilege; Ensuring a policy is workable, practical and desirable; Performing a security review; Ethical and Legal issues
Lectures, labs and independent study.
Module Content & Assessment | |
---|---|
Assessment Breakdown | % |
Formal Examination | 50 |
Other Assessment(s) | 50 |