Security Fundamentals: Scene-setting module introducing the fundamental concepts of cyber security.
Networks, distributed Systems and Network Security: A 30-credit wide-ranging module that goes from basic networking principles to networking protocols to network topologies to the OSI stack and TCP/IP, then introduces distributed systems, distributed system architectures and (e.g.) contemporary issues, such as the cloud and Internet of Things. The final 10 credits will revisit many of these with a focus on network security, vulnerabilities, threats and mitigations (secure protocols, key exchange, PKI, network analytics, firewalls, and so on.
Secure Programming: Now students have the basics of programming, helping them learn about developing secure code, defensive programming, memory usage and vulnerabilities (e.g. buffer overflows, code injections), introducing V&V strategies.
Security Threats, Vulnerabilities and Mitigations: Building on the concepts introduced in outline in Security Fundamentals. Case-study based. Large element on cryptography and cryptanalysis.
Information Assurance Methodologies and Testing: Draws on existing module on testing and reliability. Places security in the context of other dependability attributes (such as reliability, availability and safety) and outlines a range of V&V techniques for these in general, and for security in particular. Large element on penetration testing. Likely to be heavily lab-based.
Security Management: Security policy, access control, culture and governance, operational security hygiene.
Ethical, Legal and Business Issues: Ethical issues around use and misuse of data (lots of case studies). Business obligations, governance and risk (financial, reputational, etc.). The law as it applies to the management and collection of data (e.g. GDPR).
Designing Secure Systems: Module that specializes the existing Software Engineering module with a focus on developing the knowledge and skills needed to analyse problems from a security perspective (e.g. misuse cases) and develop a solution design with the appropriate architecture and design-level mitigations to deal with the identified threats. Introduces notion of risk. Likely to be groupwork-based.
Human Factors in Security: Draws on material form existing HCI modules with additional material on (e.g.) how poor HCI compromises security (e.g. requiring people to remember long passwords). Large element on human factors and social engineering.
Security Risk Management: How to identify assets, and assess their value and the vulnerabilities and threats that apply to them. More on corporate governance.
Security Forensics: Part introduction to digital forensics (data storage media, operating systems, networks and mobile devices), and part introduction to forensic linguistics, for example profile chatroom grooming.