Outline Description of Module
Modern computer applications are typically exposed to the Internet via the host machine or a networked system, thus making them vulnerable to attack from many different entities on a global scale. Developing secure applications means designing, implementing and testing code that can withstand attacks by malicious entities. Additional challenges are posed by the trend towards DevOps, i.e. merged development and operations phases, as well as the increased use and combination of technologies such as Cloud, IoT, ICS, mobile applications, and hybrid and converged deployments. These trends enable rapid applications development, but also increase the potential for security vulnerabilities. The core cybersecurity principles of confidentiality, availability and integrity can be disrupted by attacks on insecure systems and applications, leading to financial and reputational loss, and possibly legal prosecution.
This module covers fundamental issues that need to be understood when designing and building secure systems and applications. It aims to provide students with an overview of the common technical security controls available to prevent security incidents and to mitigate risk, as well as an understanding of the importance of secure development processes, security policies, and appropriate project management.
Note: The module focusses on the development phase. Maintaining security throughout operation is taught in the accompanying module “Cybersecurity Operations”.
On completion of the module a student should be able to
1.Compare and contrast common technical security controls available to prevent and recover from security incidents and to mitigate cyber risks.
2.Articulate security architectures relating to business needs using available tools, standards and protocols.
3.Deliver systems assured to have met their security profile using accepted methods and development processes.
4.Critically analyse the correctness and properties of secure systems
5.Justify the selection of different cryptosystems
6.Critically analyse recent cyber security case studies
How the module will be delivered
This module will be delivered through blended learning. Students will be guided through learning activities appropriate to a module, which may include: • weekly on-line interactive sessions to work with other students and staff (e.g. live streaming of presentations, discussions, guest sessions from industry practitioners, live-coding, team meetings, supervised hands-on practical sessions and lab exercises) • on-line resources that students will be guided through and can work through at their own pace (e.g. videos, web resources, e-books, quizzes), • face to face small group sessions (e.g. help classes, feedback sessions, practical hands-on activities)
Skills that will be practised and developed
Communication skills – discussions, report
Research of relevant resources
How the module will be assessed
The assessment includes a coursework to cover all learning outcomes. Technical Report (LO 1-6). The coursework will be a report that will give students an opportunity to use their knowledge and understanding, do online research, and ability to apply some of the taught course content, in the context of an informatics application domain.
Formative assessments will take place during the semester prior to summative assessment and regular feedback will be provided to students in the form of model answers and group discussions of common issues in formative assessment submissions.
Reassessment will be via 100% resit coursework during the summer resit period.