Skip to content


Recent pages

There are no recent pages yet

Your favourites

Favourite pages

Select up to 3 courses to compare

Please select at least 2 courses

MSc Information Systems Security

Gain a masters degree and specialise with modules in professional ethical hacking and information security management. The CREST Practitioner Security Analyst Certification and the BSI ISO27001 accreditation provide an important industry element to the course. Ultimately you focus on both the managerial and technical aspects of computer security giving you the skills needed to advance your career in this industry

Course length 12-36 Month(s)
Location City Campus

Course description

Study computer and information systems security on a course that combines academic teaching, industry input and practical skills development.

The course has four main focuses

• information security management

• ethical hacking

• system hardening

• computer forensics

This course is ideal if you are already working in an information technology environment or if you wish to specialise in the field of information security. After successfully completing it, you gain industry-recognised certifications that will assist you in progressing further in this field.

You focus on both the technical and managerial aspects of information security. The technically-focused modules involve you exploring a range of systems, tools and techniques at the cutting edge of technology. The managerial-focused modules give you an appreciation of the role information security has in an organisation and how it can be implemented and managed.

On this course you

• develop the knowledge, understanding and skills to work as a computing security professional.

• learn the concepts, principles, techniques and methodologies you need to design and assess complex networks, systems and applications.

• develop the practical experience you need to plan, perform and direct security audits of information systems to the level required by standard security frameworks.

• develop the effective and appropriate communication skills you need to be a security professional.

Free training and certification exam

Thanks to our association with BSI Learning, you are entitled to attend the BSI ISO27001 Lead Auditor course and take the official exam which allows you to become accredited as a BSI certified lead auditor.

Our ethical hacking module is aligned with the CREST Practitioner Security Analyst (CPSA) syllabus providing graduates with industry recognised and desired skills.

BSI lead auditor qualification

• ISO27001 Lead Auditor

BSI courses are delivered by approved BSI trainers and qualified ISO27001 lead auditors. As part of the course you receive the same course material as the official BSI training courses.

Guest Speakers from industry

Due to our strong ties with industry we regularly have special guest speakers. Recent speakers have included industry professionals from Mozilla, South Yorkshire Police, RSA and Blackberry.

Ethical Hacking

In 2014 Sheffield Hallam hosted the North of England's first Ethical Hacking Conference Steelcon. This is set to be an annual event with 2015's event already booked.

Entry requirements

2017 entry requirements

You need

• a good level of general education with good analytical skills

• an ambition to develop to a high level in the area of information security

• a degree 2.2 or above in computing or a closely-related discipline. You may also be able to claim credit points which can reduce the amount of time it takes to complete your qualification at Sheffield Hallam. Find out more

We will consider your application if you cannot meet the above criteria but have at least one year’s direct work experience in information security or a closely related discipline.

You can apply for prior certificated credit or prior experiential credit for the course if it is appropriate. We consider any professional certification of a suitable level and other criteria related to your application. In some cases we may ask you to take an entrance exam.

Overseas applicants from countries whose first language is not English must normally produce evidence of competence in English. An IELTS score of 6.0 with 5.5 in all skills (or equivalent) is the standard for non-native speakers of English. If your English language skill is currently below an IELTS score of 6.0 with a minimum of 5.5 in all skills we recommend you consider a Sheffield Hallam University Pre-sessional English course which will enable you to achieve an equivalent English level.

International and European entry qualifications

If you are an International or non-UK European student, you can find out more about the country specific qualifications we accept on our international qualifications page.

Course structure

Full-time – typically 12 months or 18 months
Part-time – typically 36 months
Starts September

Typical modules may include

Course design

We developed this course along two main lines.

The first covers the principles and issues of security design concerning systems and systems integration, web and operating system based applications and communication networks.

The second addresses the methodologies and development of skills required to perform security assessments of complex information systems.

Semester one modules

Information security concepts and principles
In this module we introduce the idea of risk management and the basic security properties (confidentiality, integrity, availability), security mechanisms (authentication and access control), security principles such as 'least privilege' and 'failsafe defaults' and security legislation. We spend time looking at cryptosystems and protocols; symmetric and asymmetric algorithms, digests, message authentication codes, digital signatures and Public Key Infrastructure (PKI). We look in detail at authentication mechanisms and protocols and a variety of access control types and implementations.

Assessment is via two online sets of challenges where you are presented with a series of problems to solve. The first of these involves general cryptography and the second concerns PKI. A short online exam completes the assessment. Previous students have reported that they find the challenges an interesting and enjoyable way to expand their knowledge and understanding of the subject. You are supported by weekly lectures and lab sessions where hands-on exercises enable you to put the theory into practice to consolidate your learning.

Network security
You are initially introduced to the underlying technologies and protocols which allow networks to function. You then build on this information by learning how these technologies and protocols can be used to either secure or break into a network. Typical topics include • the principles of securing computer networks • firewall architecture and design • virtual private networks • network intrusion detection • vulnerability scanning.

Systems and application security
We consider security threats against the operating system and a number of commonly-used servers, such as Domain Name System (DNS), Email and Web. For example we look at issues relating to email spoofing in the Sendmail application and how a poorly-configured email server, either deliberately or accidently, can allow emails to be sent to users from trusted addresses. Another example of an area we look at is the Linux file system and how when properly secured, it can be used to prevent or delay an attacker compromising the entire system.

Web applications and e-commerce security
We aim to educate you on the potential insecurities that may be present in web applications throughout the world. We take you through the steps and processes required to carry out a penetration test on a web application to discover weaknesses in its configuration and setup. For example part of the module looks at cross-site scripting (XSS) and SQL injection, two very common and potentially dangerous vulnerabilities that have had their fair share of media attention. We also investigate ways to secure vulnerable web applications using techniques and tools such as web-based firewalls, access control and secure encryption.

Semester two modules

BSI ISO27001 lead auditor
Modern organisations have to constantly protect their assets and information against threats. These threats come in a variety of forms such as external hackers and internal users with grudges, script kiddies and organised crime syndicates. There are vast numbers of controls which can be put in place to help secure an organisation against these threats. Unfortunately, over time, these controls can become disjointed and unfit for purpose as the organisation grows or changes. This module teaches you how to approach the issue of information security management. You learn how to examine risks to organisations in depth, how to select a suite of information security controls and adopt and manage the process to ensure the information security management system works.

Group-based case study with capture the flag
You are given the opportunity to put into practice what you have learned in the preceding modules. In a team of six, you are given the specification for a computer system providing a number of services typical to a small organisation. Half of the team designs and builds a secure implementation of the specification and the other half develops a security evaluation strategy for the system. The emphasis is on following accepted standards, methodologies and systematic procedures in the development process. At the end of the module those developing the security evaluation system apply their strategy to another team's system in a day-long practical pen-testing session. All procedures are conducted in safe virtual environments built in our well-equipped labs. Tutors act as clients and consultants in the development processes and you also receive guidance from visiting expert security consultants. Culminating in a capture the flag exercise where each team spends a day penetration testing the other groups system. This is a highly demanding but extremely rewarding and valuable experience in the development of your security knowledge, awareness and skills.

Semester two options

Computer forensics and incident response
Computer forensics is a practical, hands-on module designed to transfer skills in responding to security breaches and carry out a computer forensics investigation. Using a variety of computer forensics tools and a portable forensics laboratory you will be working through a number of practical exercises and challenges. You learn how to best react to incidents while collecting volatile and non-volatile evidence. In addition you understand how to investigate security breaches and analyse digital evidence that could be used internally or in a court of law. During the course you play the role of a computer forensics professional in charge of a real investigation case and apply the methods, techniques and tools required in a real scenario.

Information security management
This module looks to educate students on how to develop a secure information management system within an organisation. The technical controls are the key elements which ultimately secure systems, but if they are not properly designed, managed and implemented their effectiveness can be reduced significantly. Students are taken through this process and given experience and understanding on how to implement these practices in an organisation.

Incident handling and hacking techniques (ethical hacking)
Incident handling and hacking techniques is about ‘doing stuff’ and practically learning how to assess the computer security posture of an organisation before the ‘bad guys’ do. The module has been designed from the ground up to allow you to understand how attacks are commonly carried out by malicious users, and in particular to learn how to apply hacking tools and techniques to gain unauthorised access to information assets. Ethical Ninja focuses on a few selected tools, which are widely used, giving you the opportunity to learn how to use them effectively, the final aim is to understand the mind set of malicious users in order to protect your organisation from common attacks.

Semester three modules

You study research methods and do a substantial research project leading to a dissertation.

Assessment Group and individual coursework. You also do a range of
  • problem solving assignments
  • workshops
  • practical projects
  • research activities.


On this course, you gain the knowledge, skills and experience you need to work in many different positions, from technical to management roles.

The Institute of Information Security Professionals (IISP) has highlighted the following specialisms in the area.

Strategy, policy, governance
• strategist • policy manager • information technology services officer (ITSO) • department security officer (DSO) • chief information security officer (CISO)

Risk management, verification and compliance
• risk analyst • risk assessor • business information security officer • reviewer • auditor

Incident and threat management and response
• incident manager • threat manager • forensics (computer analyst, mobile and network analyst) • computer security incident response team (CSIRT) • attack investigator • malware analyst • penetration tester • disaster recovery • business continuity

Operations and security management
• network security officer • systems security officer • information security officer • crypto custodian • information manager

Engineering, architecture and design
• architect • designer • development • secure coding • software design and development • applications development • security tools • implementation

Education, training and awareness
•security programme manager

• security researcher

Successful graduates of this course have gone on to work for companies such as HSBC, Citrix, and Price Waterhouse Coopers.


Home / EU student

Please note tuition fees may increase in each subsequent academic year of your course, subject to government regulations on fee increases and in line with inflation. More information can be found in the ‘Tuition Fee Increases’ section of our Fees Regulations (PDF, 2.10 MB)

2016/17 academic year

Typically £6,300 for the course

Part-time study should be calculated pro rata.

Postgraduate loans of up to £10,000 are available across the majority of subject areas.

2017/18 academic year

Typically £6,400 for the course

Part-time study should be calculated pro rata

International student

2016/17 academic year

Typically £12,800 for the course

2017/18 academic year

Typically £13,250 for the course

Additional course costs

This link allows you to view estimated costs associated with the main activities on specific courses. These are estimates and, as such, are only an indication of additional course costs. Actual costs can vary greatly depending on the choices you make during your course.

Additional costs information

How to apply

Complete the application form available at www.shu.ac.uk/study/form

Any offer of a place to study is subject to your acceptance of the University’s Terms and Conditions and student Regulations.

Connect with us:

Cancel event

Are you sure you want to cancel your place on Saturday 12 November?