Course not currently available

MSc Information Systems Security

Postgraduate

In Sheffield ()

£ 6,300 + VAT

Description

  • Type

    Postgraduate

Course description
Study computer and information systems security on a course that combines academic teaching, industry input and practical skills development.
The course has four main focuses
• information security management
• ethical hacking
• system hardening
• computer forensics
This course is ideal if you are already working in an information technology environment or if you wish to specialise in the field of information security. After successfully completing it, you gain industry-recognised certifications that will assist you in progressing further in this field.
You focus on both the technical and managerial aspects of information security. The technically-focused modules involve you exploring a range of systems, tools and techniques at the cutting edge of technology. The managerial-focused modules give you an appreciation of the role information security has in an organisation and how it can be implemented and managed.
On this course you
• develop the knowledge, understanding and skills to work as a computing security professional.
• learn the concepts, principles, techniques and methodologies you need to design and assess complex networks, systems and applications.
• develop the practical experience you need to plan, perform and direct security audits of information systems to the level required by standard security frameworks.
• develop the effective and appropriate communication skills you need to be a security professional.
Free training and certification exam
Thanks to our association with BSI Learning, you are entitled to attend the BSI ISO27001 Lead Auditor course and take the official exam which allows you to become accredited as a BSI certified lead auditor.
Our ethical hacking module is aligned with the CREST Practitioner Security Analyst (CPSA) syllabus providing graduates with industry recognised and desired skills.
BSI lead auditor qualification
• ISO27001 Lead Auditor
BSI courses are delivered by approved BSI...

About this course

Gain a masters degree and specialise with modules in professional ethical hacking and information security management. The CREST Practitioner Security Analyst Certification and the BSI ISO27001 accreditation provide an important industry element to the course. Ultimately you focus on both the managerial and technical aspects of computer security giving you the skills needed to advance your career in this industry

Entry requirements
2017 entry requirements
You need
• a good level of general education with good analytical skills
• an ambition to develop to a high level in the area of information security
• a degree 2.2 or above in computing or a closely-related discipline. You may also be able to claim credit points which can reduce the amount of time it takes to complete your qualification at Sheffield Hallam. Find out more
We will consider your application if you cannot meet the above criteria but have at least one year’s direct work experience in information security or a closely...

Questions & Answers

Add your question

Our advisors and other users will be able to reply to you

Fill in your details to get a reply

We will only publish your name and question

Reviews

Subjects

  • Access Control
  • Access
  • Information Systems
  • Networks
  • Email
  • Network
  • Hacking
  • Design
  • Web
  • Systems
  • Technology
  • Industry
  • Security Management
  • Team Training
  • Communication Training
  • Network Training

Course programme

Course structure

Full time – September start – typically 12 or 18 months

Full time – January start – typically 12 or 18 months

Part time – September start – typically 36 months

Part time – January start – typically 36 months

Typical modules may include

Course design

We developed this course along two main lines.

The first covers the principles and issues of security design concerning systems and systems integration, web and operating system based applications and communication networks.

The second addresses the methodologies and development of skills required to perform security assessments of complex information systems.

Semester one modules

Information security concepts and principles
In this module we introduce the idea of risk management and the basic security properties (confidentiality, integrity, availability), security mechanisms (authentication and access control), security principles such as 'least privilege' and 'failsafe defaults' and security legislation. We spend time looking at cryptosystems and protocols; symmetric and asymmetric algorithms, digests, message authentication codes, digital signatures and Public Key Infrastructure (PKI). We look in detail at authentication mechanisms and protocols and a variety of access control types and implementations.

Assessment is via two online sets of challenges where you are presented with a series of problems to solve. The first of these involves general cryptography and the second concerns PKI. A short online exam completes the assessment. Previous students have reported that they find the challenges an interesting and enjoyable way to expand their knowledge and understanding of the subject. You are supported by weekly lectures and lab sessions where hands-on exercises enable you to put the theory into practice to consolidate your learning.

Network security
You are initially introduced to the underlying technologies and protocols which allow networks to function. You then build on this information by learning how these technologies and protocols can be used to either secure or break into a network. Typical topics include • the principles of securing computer networks • firewall architecture and design • virtual private networks • network intrusion detection • vulnerability scanning.

Systems and application security
We consider security threats against the operating system and a number of commonly-used servers, such as Domain Name System (DNS), Email and Web. For example we look at issues relating to email spoofing in the Sendmail application and how a poorly-configured email server, either deliberately or accidently, can allow emails to be sent to users from trusted addresses. Another example of an area we look at is the Linux file system and how when properly secured, it can be used to prevent or delay an attacker compromising the entire system.

Web applications and e-commerce security
We aim to educate you on the potential insecurities that may be present in web applications throughout the world. We take you through the steps and processes required to carry out a penetration test on a web application to discover weaknesses in its configuration and setup. For example part of the module looks at cross-site scripting (XSS) and SQL injection, two very common and potentially dangerous vulnerabilities that have had their fair share of media attention. We also investigate ways to secure vulnerable web applications using techniques and tools such as web-based firewalls, access control and secure encryption.

Semester two modules

BSI ISO27001 lead auditor
Modern organisations have to constantly protect their assets and information against threats. These threats come in a variety of forms such as external hackers and internal users with grudges, script kiddies and organised crime syndicates. There are vast numbers of controls which can be put in place to help secure an organisation against these threats. Unfortunately, over time, these controls can become disjointed and unfit for purpose as the organisation grows or changes. This module teaches you how to approach the issue of information security management. You learn how to examine risks to organisations in depth, how to select a suite of information security controls and adopt and manage the process to ensure the information security management system works.

Group-based case study with capture the flag
You are given the opportunity to put into practice what you have learned in the preceding modules. In a team of six, you are given the specification for a computer system providing a number of services typical to a small organisation. Half of the team designs and builds a secure implementation of the specification and the other half develops a security evaluation strategy for the system. The emphasis is on following accepted standards, methodologies and systematic procedures in the development process. At the end of the module those developing the security evaluation system apply their strategy to another team's system in a day-long practical pen-testing session. All procedures are conducted in safe virtual environments built in our well-equipped labs. Tutors act as clients and consultants in the development processes and you also receive guidance from visiting expert security consultants. Culminating in a capture the flag exercise where each team spends a day penetration testing the other groups system. This is a highly demanding but extremely rewarding and valuable experience in the development of your security knowledge, awareness and skills.

Semester two options

Computer forensics and incident response
Computer forensics is a practical, hands-on module designed to transfer skills in responding to security breaches and carry out a computer forensics investigation. Using a variety of computer forensics tools and a portable forensics laboratory you will be working through a number of practical exercises and challenges. You learn how to best react to incidents while collecting volatile and non-volatile evidence. In addition you understand how to investigate security breaches and analyse digital evidence that could be used internally or in a court of law. During the course you play the role of a computer forensics professional in charge of a real investigation case and apply the methods, techniques and tools required in a real scenario.

Information security management
This module looks to educate students on how to develop a secure information management system within an organisation. The technical controls are the key elements which ultimately secure systems, but if they are not properly designed, managed and implemented their effectiveness can be reduced significantly. Students are taken through this process and given experience and understanding on how to implement these practices in an organisation.

Incident handling and hacking techniques (ethical hacking)
Incident handling and hacking techniques is about ‘doing stuff’ and practically learning how to assess the computer security posture of an organisation before the ‘bad guys’ do. The module has been designed from the ground up to allow you to understand how attacks are commonly carried out by malicious users, and in particular to learn how to apply hacking tools and techniques to gain unauthorised access to information assets. Ethical Ninja focuses on a few selected tools, which are widely used, giving you the opportunity to learn how to use them effectively, the final aim is to understand the mind set of malicious users in order to protect your organisation from common attacks.

Semester three modules

You study research methods and do a substantial research project leading to a dissertation.

MSc Information Systems Security

£ 6,300 + VAT