Module Details |
The information contained in this module specification was correct at the time of publication but may be subject to change, either during the session because of unforeseen circumstances, or following review of the module at the end of the session. Queries about the module should be directed to the member of staff with responsibility for the module. |
Title | SECURITY ENGINEERING AND COMPLIANCE | ||
Code | CKIT511 | ||
Coordinator |
Mr K Dures Computer Science K.Dures@liverpool.ac.uk |
||
Year | CATS Level | Semester | CATS Value |
Session 2021-22 | Level 7 FHEQ | Whole Session | 15 |
Aims |
|
To provide students with a core understanding of the principles and practice of building secure distributed systems. To prov ide students with experience of how to address practical security problems. |
Learning Outcomes |
|
(LO1) An in depth and critical understanding of information security concepts and models. |
|
(LO2) An in depth and wide-ranging understanding of the principles and best practices for protecting information systems and critical infrastructures through prevention, detection and response cycles. |
|
(LO3) A wide-ranging capability to identify threats, design security infrastructures and defeat attacks on information systems |
|
(LO4) A comprehensive ability to develop security compliance policies according to industry standards. |
|
(LO5) A substantial capability to carry out penetration testing and perform risk assessment for an organisation. |
|
(S1) Organisational skills |
|
(S2) Communication skills |
|
(S3) IT skills |
|
(S4) Communication and collaboration online participating in digital networks for learning and research |
|
(S5) Learning skills online studying and learning effectively in technology-rich environments, formal and informal |
Syllabus |
|
Week 1: Introduction Basics of information security engineering through studying several examples. The Open System Interconnection (OSI) security architecture that provides a common framework for both security protocols development and analysis. Week 2: Password, Access Controls and Distributed Systems Password and social engineering issues, technical protection of passwords, operating system access control, Role Based Access Control (RBAC), distributed systems security, fault-tolerance and failure recovery. Week 3: Basic Cryptology Symmetric encryption: DES, TDES, AES; symmetric authentication; asymmetric encryption and digital signature: RSA, DSA; key management, Public Key Infrastructure and related standards and practical examples. Week 4: Security policy models, Nuclear command and control The Reference Monitor (RM) concept, Multilevel Security (MLS), security policy models, Trusted Computing Platform Architecture (TCPA), nuclear com mand and control. Week 5: Physical security and biometrics Biometrics, physical tamper resistance, smart cards, Identity Based Cryptography (IBC), monitoring systems, emission security. Week 6: Network and Internetworking security, digital content protection The most common attacks on Internet systems, Distributed Denial of Service (DDoS) attacks, antivirus tools, intrusion detection, firewall, IETF protocols (TLS/SSL, IPSec, VPN, PKI, S/MIME), host-to-host and end-to-end security, XML digital signature, XML encryption. Week 7: eCommerce Security, Copyright, and Privacy Technology for eCommerce, payment systems, copyright and privacy. Week 8: Management Issues, and System Evaluation and Assurance Security management, security controls, security development lifecycle, system evaluation and assurance . |
Teaching and Learning Strategies |
|
Teaching Method 1 - Virtual classroom hours (for online modules) Teaching Method Description Attendance Recorded Notes Self-Directed Learning Description: Number of hours per week that students are expected to devote to reading, research and other individual work to support engagement in the classroom is 11.25. |
Teaching Schedule |
Lectures | Seminars | Tutorials | Lab Practicals | Fieldwork Placement | Other | TOTAL | |
Study Hours |
60 |
60 | |||||
Timetable (if known) | |||||||
Private Study | 90 | ||||||
TOTAL HOURS | 150 |
Assessment |
||||||
EXAM | Duration | Timing (Semester) |
% of final mark |
Resit/resubmission opportunity |
Penalty for late submission |
Notes |
CONTINUOUS | Duration | Timing (Semester) |
% of final mark |
Resit/resubmission opportunity |
Penalty for late submission |
Notes |
Essay: Module Project Part 5 - security policies Standard UoL penalty applies for late submission. This is not an anonymous assessment. Assessment Schedule (When) :Week 8 | one week/500-650 wor | 8 | ||||
Pratical: Penetration Testing Project Standard UoL penalty applies for late submission. This is not an anonymous assessment. Assessment Schedule (When) :Week 7 | one week / project i | 8 | ||||
Essay: Module Project Part 4 - risk analysis and assessment Standard UoL penalty applies for late submission. This is not an anonymous assessment. Assessment Schedule (When) :Week 5 | one week/500-650 wor | 10 | ||||
Essay: Module Project Part 3 - compliance & legal standards Standard UoL penalty applies for late submission. This is not an anonymous assessment. Assessment Schedule (When) :Week 4 | one week/500-650 wor | 8 | ||||
Essay: Module Project Part 2 â security strategy & policy Standard UoL penalty applies for late submission. This is not an anonymous assessment. Assessment Schedule (When) :Week 3 | one week/500-650 wor | 8 | ||||
Essay: Module Project Part 1 - security models Standard UoL penalty applies for late submission. This is not an anonymous assessment. Assessment Schedule (When) :Week 2 | one week/500-650 wor | 8 | ||||
Pratical: Firewall and Intrusion Detection System design and implementation. Standard UoL penalty applies for late submission. This is not an anonymous assessment. Assessment Schedule (When) :We | one week /project in | 10 |
Recommended Texts |
|
Reading lists are managed at readinglists.liverpool.ac.uk. Click here to access the reading lists for this module. |