IY3S667B - Security and Threat Management 15 Jul 2020 - 31 Aug 2027 | Version 1
Associated Module Information
| Module Code: | IY3S667B | ||
|---|---|---|---|
| Module Title: | Security and Threat Management | ||
| Faculty: | Faculty of Computing, Engineering and Science | ||
| Faculty Group: | Computing and Mathematics | ||
| Faculty Sub Group: | Computing | ||
| Module Leader: | Mamoun Qasem, Ian Fitzell | ||
| Module Team: | Peter Eden, Andrew Bellamy | ||
| First Intended Intake: | AUG 2020 | Final Year of Intake: | |
| Date Closed: | |||
| Credit Value: | 20 | Credit Level: | 6 |
| Language: | English | ||
| Percentage of Module Taught in Welsh: | 0 | ||
| Equivalent Module: | |||
| HECOS codes: | 100376 - computer and information security | ||
| HECOS Code Weighting: | 100 | ||
Document Version Information
| Version | 1 |
|---|---|
| Valid From | 15 Jul 2020 |
| Valid To | 31 Aug 2027 |
Module Aims
To develop the students’ ability to manage and understand the threats/security of an information system at a strategic, tactical and operational level.
Content Summary
Managing Risk
• Threat Assessment and Modelling
• Information classification and protection
• Risk Assessment
• Developing Policies Standards and Guidelines
o Regulatory Frameworks
o Managing and Implementing Security Policies
• Organisation of Information Security
o Asset Management
o Human Resource Security
o Communications and Operations Management
Physical and Environmental Security
• Design and Implement Physical Security
• Implement and Manage Physical Security
Security Governance
Defence in Depth (from operational level)
Host Data and Application Security Management
• Threat Actors and Attributes
o Advanced Persistent Threat (APT)
• Use of Open Source Intelligence
• Classification of Vulnerabilities, e.g.
o Common Vulnerabilities and Exposures (CVE)
o Common Weakness Enumeration (CWE)
o Common Vulnerability Scoring System (CVSS)
o Zero-day
o Managing Patches and Reducing Vulnerabilities
• Database Security Management
o File and Database Security
o Secure Configuration
Controlling and Monitoring Access
o Virtual Private Network (VPN)
o Remote Access (e.g. SSH, RDP)
o Data Loss Prevention (e.g. DLP, SIEM)
o Hardware Security
Disaster Recovery & Business Continuity Planning
• Business continuity planning components
• Standards and best practices
• Selecting, developing, and implementing disaster and continuity solutions
• Issues associated with Business Continuity
• Incident Handling and Response Process
Learning and Teaching Methods
| Activity Type | Hours |
|---|---|
| Lecture | 24 |
| Practical classes and workshops | 16 |
| Independent Study | 88 |
| Directed Study | 72 |
| Total Hours Selected | 200 |
Learning Outcomes
| # | Learning Outcome |
|---|---|
| LO1 | To analyse and evaluate different approaches to the implementation and management of security and threats within an organisation. |
| LO2 | Perform risk, threat and vulnerability analysis, undertake security counter-measures and the application of the various standards related to information security. |
Module Requisites
N/A
Assessment Criteria
| Assessment Category | Assessment Type | Description | Duration | Word Count | Weight (%) | Best of? | Pass Mark |
|---|---|---|---|---|---|---|---|
| Asynchronous Assessment | Report 1 | A study that reflects the latest topics within the subject area of the module. As the subject is fast moving, this description best fits its aims. | 0 | 2000 | 50 | No | 40 |
| Asynchronous Assessment | Report 2 | Given a scenario generate a security and threat analysis report with recommendations | 0 | 2000 | 50 | No | 40 |
Assessment Matrix
| Assessment Type | Learning Outcomes | ||
|---|---|---|---|
| LO1 | LO2 | ||
| Report 1 | ✔ | ✔ | |
| Report 2 | ✔ | ✔ | |