The University of Southampton
Courses

COMP6230 Implementing Cyber Security

Module Overview

The module complements the Foundations of Cyber Security module for Cyber Security MSc students by providing a practical grounding in the implementation of cyber security practices, including both methodology and technical applications. The module is also offered to select other MSc programmes. The aims at a high level are to: - Investigate security issues around web-based and database systems - Introduce core technical security theory and concepts - Review a variety of security frameworks, standards and best practices, and understand how to apply these to exemplar scenarios - Implications of passive monitoring for communication software systems - Provide examples of posture assessment, network penetration testing and exploring system vulnerabilities

Aims and Objectives

Module Aims

To provide a practical grounding in the implementation of cyber security practices, including both methodology and technical applications

Learning Outcomes

Knowledge and Understanding

Having successfully completed this module, you will be able to demonstrate knowledge and understanding of:

  • Cyber security frameworks, standards and best practices, and how to apply these within an organisation
  • The core technical elements of security systems
  • The current trends in cyber security; threats, their importance, and why they are hard to face
Transferable and Generic Skills

Having successfully completed this module you will be able to:

  • Communicate effectively on a broad range of issues with security professionals
Subject Specific Practical Skills

Having successfully completed this module you will be able to:

  • Perform a security assessment for an organisation as part of a team
  • Use examples of security penetration testing tools
Subject Specific Intellectual and Research Skills

Having successfully completed this module you will be able to:

  • Recognise and discuss examples of cyber security vulnerabilities

Syllabus

Frameworks for implementing cyber security - Cyber security standards, and best practices - Implementation of secure cryptography (ciphers, hashing, digital signatures, PKI) - Implementation of authentication (passwords and access control) Posture assessment - Penetration testing - Web-based systems; OWASP - Vulnerabilities and exploitation - Security of database applications - Injection attacks, cross-site scripting Network security - Network security monitoring (NSM) systems - Case study: the Domain Name System - Introduction to Malware detection and analysis - Denial of service attacks, detection and mitigation - Implications of pervasive passive monitoring for communicating systems - Trust-based systems - Trusted systems and the Trusted Computing initiative - Case study: eCash, Bitcoin - Case study: Mobile platform

Learning and Teaching

Teaching and learning methods

Lecture - 36 hours per semester Seminar - 8 hours per semester

TypeHours
Lecture36
Preparation for scheduled sessions18
Completion of assessment task22
Wider reading or practice38
Specialist Laboratory12
Follow-up work18
Revision10
Total study time154

Resources & Reading list

Kennedy, D. et al. (2011). Metasploit: The Penetration tester's Guide. 

Pfleeger C.P. and Pfleeger S.L (2006). Security in Computing. 

Anderson, R (2008). Security Engineering. 

Schneier, B., Secrets and Lies (2004). Digital Security in a Networked World. 

Stoll, C (2005). The Cuckoo's Egg. 

Assessment

Summative

MethodPercentage contribution
Exam  (2 hours) 50%
Exercise 30%
Exercise 20%

Referral

MethodPercentage contribution
Exam  (2 hours) 100%

Repeat Information

Repeat type: Internal & External

Share this module Facebook Google+ Twitter Weibo

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×