MSc Information Systems Security

Attendance

Full-time, Part-time

Full-time Ц12 to 18 months
Part-time Ц typically two years
Starts September

At a glance

About this course

The MSc Information Systems Security is one of a kind. We are the only university in the world to offer a course in this area which includes the BSI accredited ISO27001 lead auditor certification.

We have developed this course in conjunction with the SANS Institute and the British Standards Institution (BSI) providing you with an excellent level of skill and knowledge that is required in the industry.

The course is ideal for those already working in an information technology environment or those wishing to specialise in information security. After successfully completing this course, you gain industry-recognised certifications that will assist you in progressing further in this field. The course is available full-time or part-time providing you with the flexibility to study around your personal and working commitments.

Most modern organisations face security risks that threaten their valuable assets. It is not easy to design secure information systems that defend against these threats. It needs a wide range of skills and knowledge of existing technologies and security principles, which can only be acquired through practical experience and education.

The course provides the environment for you to develop the professional skills and experience needed technically, and as a manager.

On this course you
Х develop the knowledge, understanding and skills to work as a computing security professional
Х learn the concepts, principles, techniques and methodologies you need to design and assess complex networks, systems and applications
Х develop the practical experience you need to plan, perform and direct security audits of information systems to the level required by standard security frameworks
Х develop the effective and appropriate communication skills you need to be a security professional

Free training and certification exam
Thanks to our association with BSI Learning, you are entitled to attend the BSI ISO27001 Lead Auditor course and take the exam which allows you to become accredited as a BSI certified lead auditor.

From BSI
Х ISO27001 Lead Auditor

BSI courses are delivered by approved BSI trainers and qualified ISO27001 lead auditors. As part of the course you receive the same course material as the official BSI training courses.

Technical and managerial focus
The course has been designed to focus on both the technical and managerial aspects of information security. The technically-focused modules involve you exploring a range of systems, tools and techniques at the cutting edge of technology. The managerial-focused modulesаgive youаan appreciation of the role information security has in an organisation and how it can be implemented and managed.

Optional modulesаallow youаto specialise in the areas you want to develop your skills. These specialised modules can then be further enhanced with SANS trainingаwhichаcarries a fee to cover the cost of online materials includingаMP3s. Due to our relationship with SANS, we can offer you the SANS training at a discounted rate.

From SANS (laptop required)
Х Computer Forensics and Incident Response (SANS 508)
Х Intrusion Detection in Depth (SANS 503)
Х Web App Penetration Testing and Ethical Hacking (SANS 542)
Х Incident Handling and Hacking Techniques (SANS 504)
Х Assessing and Securing Wireless Networks (SANS 617)

Associated careers

This course gives you the knowledge, skills and experience you need to work in many different positions, from technical to management roles.

The Institute of Information Security Professionals (IISP) has highlighted the following specialisms in the area.

Strategy, policy, governance
Х strategist Х policy manager Х information technology services officer (ITSO)аХ department security officer (DSO)аХ chief information security officer (CISO)

Risk management, verification and compliance
Х risk analyst Х risk assessor Х business information security officer Х reviewer Х auditor

Incident and threat management and response
Х incident manager Х threat manager Х forensics (computer analyst, mobile and network analyst) Х computer security incident response team (CSIRT) Х attack investigator Х malware analyst Х penetration tester Х disaster recovery Х business continuity

Operations and security management
Х network security officer Х systems security officer Х information security officer Х crypto custodian Х information manager

Engineering, architecture and design
Х architect Х designer Х development Х secure coding Х software design and development Х applications development Х security tools Х implementation

Education, training and awareness
Хsecurity programme manager

Research
Х security researcher

Successful graduates of this course have gone on to work for companies such as HSBC, Citrix, and Price Waterhouse Coopers.

Course content

We developed this course along two main lines.

The first covers the principles and issues of security design concerning systems and systems integration, web and non web-based applications and communication networks.

The second addresses the methodologies and development of skills required to perform security assessments of complex information systems.

Semester one modules

Information security concepts and principles
In this module we introduce the idea of risk management and the basic security properties (confidentiality, integrity, availability), security mechanisms (authentication and access control), security principles such as 'least privilege' and 'failsafe defaults' and security legislation. We spend time looking at cryptosystems and protocols; symmetric and asymmetric algorithms, digests, message authentication codes, digital signatures and Public Key Infrastructure (PKI). We look in detail at authentication mechanisms and protocols and a variety of access control types and implementations.

Assessment is via two online sets of challenges where you are presented with a series of problems to solve. The first of these involves general crytography and the second concerns PKI. A short online exam completes the assessment. Previous students have reported that they find the challenges an interesting and enjoyable way to expand their knowledge and understanding of the subject. You are supported by weekly lectures and lab sessions where hands-on exercises enable you to put the theory into practice to consolidate your learning.

Network security
You are initially introduced to the underlying technologies and protocols which allow networks to function. You then build on this information by learning how these technologies and protocols can be used to either secure or break into a network. Typical topics include Х the principles of securing computer networks Х firewall architecture and design Х virtual private networks Х network intrusion detection Х vulnerability scanning.

Systems and application security
We consider security threats against the operating system and a number of commonly-used servers, such as Domain Name System (DNS), Email and Web. For example we look at issues relating to email spoofing in the Sendmail application and how a poorly-configured email server, either deliberately or accidently, can allow emails to be sent to users from trusted addresses. Another example of an area we look at is the Linux file system and how when properly secured, it can be used to prevent or delay an attacker compromising the entire system.

Web applications and e-commerce security
We aim to educate you on the potential insecurities that may be present in web applications throughout the world. We take you through the steps and processes required to carry out a penetration test on a web application to discover weaknesses in its configuration and setup. For example part of the module looks at cross-site scripting (XSS) and SQL injection, two very common and potentially dangerous vulnerabilities that have had their fair share of media attention. We also investigate ways to secure vulnerable web applications using techniques and tools such as web-based firewalls, access control and secure encryption.

Semester two modules

BSI ISO27001 lead auditor
Modern organisations have to constantly protect their assets and information against threats. These threats come in a variety of forms such as external hackers and internal users with grudges, script kiddies and organised crime syndicates. There are vast number of controls which can be put in place to help secure an organisation against these threats. Unfortunately, over time, these controls can become disjointed and unfit for purpose as the organisation grows or changes. This module teaches you how to approach the issue of information security management. You learn how to examine risks to organisations in depth, how to select a suite of information security controls and adopt and manage the process to ensure the information security management system works.

Group-based practical case study
You are given the opportunity to put into practice what you have learned in the preceding modules. In a team of six, you are given the specification for a computer system providing a number of services typical to a small organisation. Half of the team designs and builds a secure implementation of the specification and the other half develops a security evaluation strategy for the system. The emphasis is on following accepted standards, methodologies and systematic procedures in the development process. At the end of the module those developing the security evaluation system apply their strategy to another team's system in a day-long practical pen-testing session. All procedures are conducted in safe virtual environments built in our well-equipped labs. Tutors act as clients and consultants in the development processes and you also receive guidance from visiting expert security consultants. This is a highly demanding but extremely rewarding and valuable experience in the development of your security knowledge, awareness and skills.

Option modules
You study a selection from Х information security management Х computer forensics and incident response Х intrusion detection in depth Х incident handling and hacking techniques Х assessing and securing wireless networks Х consultancy theory and practice Х an option module from other computing master degree

Semester three

You study research methods and do a substantial research project leading to a dissertation.

Assessment

Group and individual coursework. You also so a range of Х problem solving assignments Х workshops Х practical projects Х research activities.

Entry requirements

You need

Х a good level of general education with good analytical skills

Х an ambition to develop to a high level in the area of information security

Х a degree Ц 2.1 or above in computing or a closely-related discipline

We will consider your application if you cannot meet the above criteria but have at least one yearТs direct work experience in information security or a closely related discipline.

You can apply for prior certificated credit or prior experiential credit for the course if it is appropriate. We consider any professional certification of a suitable level and other criteria related to your application. In some cases we may ask you to take an entrance exam.

Overseas applicants from countries whose first language is not English must normally produce evidence of competence in English. An IELTS score of 6.0 with 5.5 in all skills (or equivalent) is the standard for non-native speakers of English. If your English language skill is currently below an IELTS score of 6.0 with a minimum of 5.5 in all skills we recommend you consider a Sheffield Hallam University Pre-sessional English course which will enable you to achieve an equivalent English level.

Fees

Home and EU students

2013/14 academic year

Typically г5,355 for the course
Part-time study should be calculated pro rata.

International students

2013/14 academic year

Typically г12,060 for the course

2014/15 academic year

Typically г12,150 for the course

How to apply

Complete the application form available at www.shu.ac.uk/study/form

Contact details

For further information please contact the Faculty of Arts, Computing, Engineering and Sciences, Sheffield Hallam University, City Campus, Sheffield S1 1WB. Phone +44 (0)114 225 6777 or email aces-helpdesk@shu.ac.uk