Cyber Security module details

Block 1

Foundation of Cyber Security and Engineering – 30 credits 

Part-A 

This module covers four broad topic areas: programming, operating systems, encryption and networks. These topics will be taught in the context of Cyber Security. This module prepares the ground for other more tightly- focused modules covering closely related topics. The programming topic will move rapidly through procedural programming concepts, C programming practice, debugging, and the relationship between source and executable code. The operating systems topic will focus on non-volatile storage, memory, processes and to a lesser extent scheduling. The intention here is to give students an adequate mental model of what the operating system does against which other cyber security concepts can be explained and understood. The encryption topic will cover symmetric and asymmetric ciphers as well as the role of secure hashes for integrity checking. The networks topic will focus on the transport layer but also cover the supporting network and link layers. There will be a strongly applied practical feel to the module. Programming will involve writing, modifying and debugging code using gcc / gdb. Operating systems will look at (probably Linux) kernel source code. Encryption will involve sending and receiving messages encrypted / signed using gpg and performing integrity checks on various files. Networking will use netkit / netcat / wireshark to generate and analyse traffic.

Part-B

This module introduces the core electronic and communication engineering concepts and devices that constitute the physical part of the cyber domain. The aim is to make students aware of the physical constraints on systems and devices. This knowledge should equip them to have meaningful conversations with practicing engineers about issues surrounding cyber security. This module will cover a wide range of technologies that are currently in use and are further developed in future technologies such as Smart Grids and the Internet of Things. Students are made aware of the technology challenges in IACS systems and how system evolution affects cyber security. A particular concern is the cross connectivity and lack of separation in many of these systems that lead to cascading failures.

Block 2 

Cyber Threat Intelligence and Network Security – 30 credits 

Part-A

Cyber threat intelligence has become one of the most popular topics in recent years with the explosion of cyber threat data from different data sources. Incorporating data from these sources can generate intelligence to guide security decision making. A simple web search will bring millions of results regarding intelligence. Government and industries are looking for threat intelligence experts to help them properly collect, analyse, and produce Cyber Threat Intelligence. This module is going to be exciting and challenging. This module develops students' ability to reason about threats to cyber security. It aims to develop their ability to understand the strengths and limitations of methods to produce actionable intelligence. The extent of the cyber domain is reviewed from a range of perspectives. That it extends beyond the Internet is particularly emphasised. Various threat actors are considered, operating with different levels of resource and at a variety of different scales. The intelligence cycle and current intelligence theory is critiqued. This module also has a strong focus on security assessment and management. The students will be able to compare cyber threats and measure their potential impact through risk assessment. To ensure that students do not perceive all risk as coming from purposeful threats, risk analysis also considers hazards and their consequence to cyber security. 

Part-B  

Trying to defend a modern IT system is a daunting task. Faced with protecting assets within a complex of switches, routers, desktop PCs, servers and myriad mobile computing devices can be an overwhelming challenge. One approach is to categorise each component as either a host or part of the network infrastructure. The twin tasks of host security and network security are introduced and defined. Students learn about the conceptual framework of hardware and software layers within a computer and about the common vulnerabilities and threats. Similarly, network components and protocols, designing a defensible network, monitoring and intrusion detection, control mechanisms and threat assessment are studied. Further topics will familiarise students with the generic aspects of security: privileges and authentication, monitoring techniques, user and software management, hardening techniques etc. An important aspect of the module is the knowledge that some attackers are smarter than defenders and know more about the computer and its systems than defenders do. Acknowledging this and planning accordingly is an essential skill.

Block 3

Malware Analysis, Penetration Testing and Incident Response – 30 credits

Part-A

This module shows how to think like an attacker, how to probe systems for exploitable vulnerabilities and how to react appropriately when an incident occurs. No longer is it acceptable to 'patch and proceed' when responding to system compromise, how to remove the threats from systems effectively and in a way that preserves evidence. Initially, the key components of corporate IT infrastructure are taught / refreshed. These include network topology and components, DNS, email, and authentication services such as LDAP. The module moves on to explain the principles, tools, and techniques of penetration testing. This module will teach students how to perform reconnaissance on a target, how to identify possible victims and how to enumerate their services, how to gain access and how to escalate their privileges and hide their tracks. Client-side attacks, social engineering and physical attacks will also be covered, as will standard practices and rules of engagement. Finally, the module covers incident response and explains the principles, tools and techniques used to react appropriately. The students will learn about the essential preparations before an incident occurs, how to detect incidents, including extrusion detection, how to perform an initial response, how to collect live data and network-based evidence, evidence handling and analysis, incident reporting and resolution. 

Part-B

Investigation of a compromised host reveals an unidentified executable. What does it do? Answering this question might be the only way of discovering to what extent your systems are compromised. In this module, the students will learn the principles, tools and techniques used to reverse engineer binaries, including how to avoid anti reversing traps. It is all too easy to make it seem that malware analysis is the methodical application of a prepared response, but the reality is that, when faced with actual incidents and executables, the biggest hurdle to overcome is the fear of the unknown. This module aims to present the material in such a way that the students become comfortable with making good-quality decisions quickly, when faced with an unknown situation.

Block 4

Digital Forensics with Legal, Ethical and Research Methods – 30 credits

Part-A

The module focuses on the ethical and professional context of cyber security digital engineering, systems management, and digital forensics and in doing so it addresses the theory of professionals in organisations, security management, project management, the legal framework, ethical issues in professional practice and their resolution, legal and professional responsibilities of the digital engineer, systems manager, computer forensic and security practitioner. The legal component will address UK and international law affecting cyber security, digital engineering, systems management, and digital forensics The module identifies and explicates relevant research methods.

Part-B

The overall objective of a forensic response to a computer-related incident is beguilingly simple: to preserve the evidential value of any digital artefacts that are relevant to the incident, then interpret them. Behind this apparent simplicity is however, the difficult truth that there will be conflicting pressures on the respondent. For example, choosing whether/how you shut down a live system can make the difference between forever losing access to memory resident / encrypted evidence, and triggering an evidence-eliminator protection device so you lose all evidence that was on non-volatile media as well. There are twin foundations for an appropriate response to a forensic incident: preparedness and familiarity. This module gives the foundation skills to the students for digital forensic investigation. Students are taught analytical and investigative skills using industrial standard tools and techniques in a digital forensic examination laboratory. During the module students will be introduced to the foundation of digital forensic investigation and will learn how to examine digital devices such as desktop computers, mobile phones, tablets, etc. in a forensically sound manner. With great link with public and private organisations as well as various law enforcement agencies, we aim at the students receive the best learning experience towards becoming a digital forensic investigator. By completion of this module, students will be able to demonstrate a critical knowledge of tools and methods used in digital forensics and associate scientific risks and proper use of relevant guideline to maintain a chain of custody.

Blocks 5 & 6

PGT Project – 60 credits

The aim of the project/dissertation is to provide students with the opportunity to carry out a self-managed in-depth study involving design, fact finding, analysis, synthesis and integration of complex ideas which are sometimes based on incomplete and contradictory data or requirements. The project is likely to demonstrate the application of skills acquired from the taught course to the solution to a particular problem or research topic. Normally the project is a self-contained piece of work of considerably greater depth than can be accommodated within a taught module and may reflect and build on the entire breadth of material studied by the student. 

While there are a range of types of projects, there are no rigid distinctions between them, as the scope and importance of literature analysis, primary research, and system development can be tailored to fit the needs and interests of individual students and topics. Development projects, research projects and literature study projects are the most common types: 

  1. Development Project: In a development project, the student is normally expected to produce a working piece of software that serves a particular purpose, meeting a defined set of requirements. In some cases, the product may include self-designed and purpose-built hardware as well as software, for instance an innovative robotic system. The running system itself is normally the major deliverable, and is normally the most important factor in the assessment. However, the requirements analysis, the system design work, and the testing and evaluation of the software - and how they are documented and presented - are also important to the assessment of development projects. The development work should be set in the context of the questions that it should help answer and how it contributes to answering them.

  1. Research Project: Research projects normally involve the design and implementation of original empirical research. Students are normally expected to create a research proposal and plan, identify research questions, undertake a literature review, review, select and evaluate data collection and data analysis methods, design and implement empirical research, analyse data and report research outcomes. All research projects are required to be undertaken within, and contribute to, a theoretical framework.

  1. Literature Study Project: A project may consist of a literature review alone when it is extensive, strategically significant, rigorously defined and implemented, and includes well-thought-out recommendations and implications. This requires the student to produce a novel and creative analysis that attempts to answer one or more unanswered (or perhaps wrongly answered) research questions. The student is expected to produce a report describing and critically evaluating existing documents and other sources of information, setting them in the context of a clear conceptual framework, and presenting a cogent analysis.

  1. Consultancy Project: In a consultancy project, the student is normally expected to produce a consultancy-style report to meet a clearly defined need for a clearly defined client or audience, providing a detailed and sophisticated critical evaluation of existing techniques, approaches or systems, or how to solve a practical problem, with recommendations. The practical consultancy work should be set in the context of how the work can answer more general and scholarly questions.

  1. Data Analysis Project: In a data analysis project, the student is expected to evaluate, select and apply computational techniques for data analysis and knowledge extraction, to solve a novel data analysis or knowledge extraction problem, or develop a novel technique for solving a particular data analysis problem, or develop a novel technique for presenting data or statistical information to support a particular human activity. The student is expected to demonstrate and illustrate the application of the technique and evaluate how well it solves the problem.

  1. Conceptual Analysis Project: In a conceptual analysis project, the student is expected to develop an analysis on paper of a system or of how to solve a problem. Such projects might involve developing an analysis of a working software system by applying one or more analytical techniques, for example for producing a usability evaluation; or analysing or modelling a process; or producing a notation or technique for describing a particular sort of information that a software system might generate or use; or devising a procedure for tackling a particular class of problem in software development. The student is expected to demonstrate and illustrate the application of the technique and evaluate how well it solves the problem.