Things You Need to Know at the Beginning

Module Outline Template v6

Module Outline: COMP3371Cyber Security 2016-17

Contents / Page
Things you need to know at the beginning / 1
Assignment 1 and 2 / 2
Assessmentgrading matrix / 6
If you have problems with assessments / 8
Module Content / 8

Things you need to know at the beginning

Occurrence A Occurrence B Occurrence C / Rooms: lecture Mon 1215 CH2008
seminar Mon 1615 CH1001
Rooms: lecture Tues 1315 SS8
seminar Wed 1615 CH1001
Rooms: additional seminar Tues 915-1115 CH1009
Teaching team / Richard Henson,
,
CH1004
Website:
/ Richard Henson FBCS MSc ARCS CEng CITP is a Senior Lecturer in Computing at the University of Worcester, specializing in Information Security. He is also a member the government’s IAAC (Information Assurance Advisory Committee), through its Academic Liaison Panel. His research leans towards knowledge transfer, although he is also helping to develop a body of knowledge informing thinking on information security in smaller businesses. He has written and co-written published papers over a number of years covering aspects of information security, particularly in relation to small to medium enterprises (SMEs) and the supply chain.
How this module fits into your course / It develops computing knowledge and skills of hardware, operating systems, networking and computer security to cover securing data over local systems and the full expanse of the Internet
How this module engages with the external environment / It covers all technical aspects of security, covering the basic knowledge required to secure a network against attack to the requirements of the UK government‘s Cyber Essentials and other controls to protect digital data, as well as more complex aspects of securing data against attack.
A trip to the cyber day of the Malvern Festival of Innovation will be embedded into the schedule for the module.

How this module will enhance your employability / It will provide you with the technical skills and knowledge needed to provide security to an individual or networked computer, including principles relating to secure server and router configuration. All these skills are highly sought after in the IT industry, as can be readily confirmed through the website
It will also enable you to develop and enhance the following and evidence them on your CV:

• Application of relevant knowledge; students will build a detailed knowledge base around the subject area to enhance security applications in their place of employment
• Research and problem solving; students will be able to develop and apply principles of research and problem solving to real world problems by understanding various types of security options available and which one to use in various circumstances
• Communication; students will be able to communicate effectively in a variety of formats e.g. orally in presentation format
• Self-management; students will be able to manage their own learning and development demonstrating initiative, motivation, drive and resilience.
• Use of IT; students will be able to make effective use of IT over the entire duration of the module to achieve the learning outcomes, this will include the use of a variety of various security principles and software

What you need to know before you start this module / Basics of computer hardware and computer networking will certainly be helpful, but no prior technical knowledge is assumed. In previous years, students have particularly appreciated the hands on activities and opportunities to apply their knowledge to real scenarios
You are recommended to at least look at the free Open University course on Cyber Security:
You should also take a look at the reading list: see how it relates to each taught and practical session. If you have further questions about reading materials please contact Stephanie Allen the Academic Liaison Librarian for the Business School or go toBusiness LibGuide or ComputingLibGuide
Your responsibility / This module uses ‘flipped lectures’ that is all the basic information you need will be made available in advance of the class as a Powerpointpresentation. There is no soundtrack, however, and you must attend all sessions and undertake required pre-reading, since failure to do so will affect your performance. If you cannot attend for any reason you must notify the module by email as soon as possible.
It is your responsibility to actively and positively engagewith the 2 hour practical sessions - for example asking questionsif stuck -and take responsibility for your learning. This way you’ll get the most out of the sessions.
If there is anything which is unclear or you do not understand askme… either in person or at the email address above
What help is there if you have a disability or a particular learning need? / The University of Worcester is committed to ensuring diversity and equality within its teaching practice. If you have a registered disability or particular learning need and you wish this to be taken into account please speak to your Personal Academic Tutor or let the module leader know. You will find additional useful information on the Disability and Dyslexia webpages at

Assessment(s) / Two

If anything about either assignment is not clear to you, please contact the module leader.

You are expected to plan your time and work to manage your overall assessment workload.

Assessment 1 / Report
Word Limit or equivalent (e.g. time) / 1500
Weighting / 50%
Learning Outcomes Assessed /

1. Analyse the information security issues and threats facing both users and information managers in organizations
2. Identify methods, tools and techniques for combating security threats

Submission date / 10th November 2016
Feedback date / 8th December 2016
Module Leader / R. C. Henson
Verified by / J. Garfield
What you need to do / Read, digest, and carry out the tasks based on the following scenario: (PTO)
You have recently started work for the solutions provider “We-can-fix-IT”, working with small businesses.
The microbusiness “Buy-and-Go” providing online event tickets sales to the public has been very successful in its first three years and is now looking to extend their operation. So far, they have managed their business solely through their e-commerce website, which was produced by a local web company and uses Paypal to deal with customer and financial data. “Buy-and-go” has grown enormously during that time, and gets a lot of its traffic from smartphones. Many customers still prefer to have physical tickets sent to a home address, and the organisation is employing an increasing number of staff to meet demand. Recently, mistakes have been occurring, and tickets have been sent to the wrong address. Sandy Commerce, the company’s founder and MD is also generally concerned about security of customer data especially in view of all the large number of UK small companies that have been hacked over the past year (e.g. 67%). She runs a very lean organisation, however, and doesn’t want unnecessary costs.
She informally approached We-can-fix-IT to start with because her business seems in danger of getting out of control. She didn’t really intend it this way, but all employees are now getting their information via smart phone. As you are currently We-can-fix-IT”’s most cost-effective advisor, you’ve been given the job of assisting “Buy-and-Go”. Sandy has put it in writing that she is worried about outsourcing of IT and that she is also concerned about the data management skills of some of her employees. She watched what happened to TalkTalk through their website, and doesn’t want her organisation to lose its reputation through that kind of bad publicity.
You arrange a meeting with Sandy to discuss her dilemma. In the meantime, you do a little research on the practices of online start-up microbusinesses. What you find out surprises you, because you thought businesses would keep meticulous records of transactions, at least. The meeting confirms that transactions take place via a merchant provider and no customer data is held locally. It also confirms that data is often read and entered on smartphones, and that employees often process transaction requests outside the office. Five part-time staff do the administration, although there is work for three full-time employees.
Assignment task(s)
With regard to the scenario above, your response to Sandy will be a management report. You will need to include:

1. Your data security concerns for the business now and if it expands? (300 words)

1. Your business continuity concerns for the business now and if it expands? (300 words)

1. What extra IT equipment/software would you advise Sandy to purchase to deal with each of the concerns you listed in 1 and 2? (300 words)

1. The approximate costs of your proposed improvements (300 words)

1. Apart from the changes in technology, what else would you recommend? (300 words)

Assessment briefing
This document provides details of the assessment. There will also be an oral briefing conducted during week 3.
There is also an assessment Q&A Page on Blackboard
Assessment criteria
In addition to the general points that apply to all assessed work as outlined in the Course Handbook, the following specific criteria will be used for this work:

• Explanation of security concerns, both now and on expansion
• Explanation of business continuity and how it might be threatened
• Explanation of item(s) of hardware and software listed & recommended
• Breakdown of costs for each item of expenditure
• Explanations of further changes to make the online system secure
• Referencing, using the Harvard system (see the link to ‘Referencing’ from for more information.)

Assessment feedback
Feedback is provided in an ongoing basis over the course of the module (see “Types of Feedback on my Module” slides on Blackboard and Assessment & Feedback section in the Module Outline).
Formative Feedback opportunity
Your opportunity to receive written feedback will be until Monday 24th October 2016 before 3pm via Blackboard. You can submit up to 20% of your Word document via email with your student number. You will receive written feedback on the document itself in the form of comments also via email. Seek out as much feedback as you can, it is your responsibility to initiate it and helps you get at issues that need attention early on. Students who do this always achieve higher marks than those who don’t fully participate in the process because they have continued to improve their work.
Handing in and return
Work must be word-processed/typed and should clearly show your student number.You are required to keep a copy of work handed in. You should submit your work electronically via SOLE by the 3pm deadline onThursday, 10/11/16.The return date for this assignment is electronically via SOLE on Thursday, 8/12/16
See the University’s guide to uploading and submitting assessment items at the University of Worcester via SOLE in under 60 seconds on You Tube
If for any reason the systems are down, email your work to before the deadline just to be on the safe side. You may also email your tutor before the deadline. Providing that the documents emailed are the final copy, these emails will be treated as on time submission. You can then submit to the required system when it is working again. With technology sometimes, things can go wrong; these are back-up safeguards.
Turnitin
For this assignment, please put your work through Turnitin to generate an originality report. You should include a print screen of the part of the Turnitin report showing the overall similarity percentage at the front of your assignment file and submit it with your work. In the event of problems with Turnitin, you should submit your work on time as normal but without the Turnitin report/screen dump, and then e-mail the Turnitin report to your module tutor as soon as possible when Turnitin is back working properly. Use the website turnitinuk.com. You will need a class id and password. Included below:
Class ID: 3248430
Password: computer
Technical support is available by emailing
How you should present your work
Report Template / As a structured report. Embedded diagrams are encouraged but they must be referred to from the text and labelled
On the title page list the following
Module name and code
Student number
Submission date
Assignment Number/Title
Include also:
Grading Matrix
Table of Contents
Introduction
Body
Conclusion
References (use the University Harvard referencing system, support is available through the library

How we’ll give you guidance

/ You can submit up to 20% of the assignment as a “sample”. This will be marked and returned to you in good time before the assignment deadline.
If you want to check whether your work will fall foul of plagiarism (copying someone else’s work without an appropriate attribution) check out this library guide which deals with how to use Turnitin
How and when to hand the assessment in / Work must be word-processed/typed and should clearly show your student number.You are required to keep a copy of work handed in. You should submit your work by the 3pm deadline on10/11/16. You should submit your work to SOLE, which is available via your student portal.
See the University’s guide to uploading and submitting assessment items at the University of Worcester via SOLE in under 60 seconds on You Tube
If you have issues uploading your assessment to sole you will need to contact , if you have issues with Blackboard, Turnitin or PebblePad you will need to contact

How the assessment will be marked

/ Specific criteria are in the Grading Matrix for this assignment, which can be found on page 6
How you will get feedback / Youcan send and receive formative feedback by email. Summative feedback will be available via the SOLE systems within 20 working days of hand-in date.
If you have problems submitting work or submitting work on time: / Firstly, contact someone, your Module Leader or personal Academic Tutor.
It is essential that you submit your work, in order to be able to pass the module. Work which is submitted late will be subject to grade penalties as below.

• Students who submit course work late but within 5 days of the due date will have work marked, but the grade will be capped at the minimum pass grade unless an application for mitigating circumstances is accepted.
• Students who submit work later than 5 days but within 14 days of the due date will not have work marked unless they have submitted a valid claim of mitigating circumstances.

For full details of submission regulations seeUndergraduate Regulatory Framework at
If you are ill or have personal problems / The University has a system for applying for mitigating circumstances where things happen, beyond your control, which affect your assessments. Don’t suffer in silence. Speak to your Module Leader, your Personal Academic Tutor or a Programme Advisor.
Full details of Procedures for Dealing with Exceptional Mitigating Circumstances are available at

If you engage in academic misconduct (cheating)

/ Do not use material from sources without acknowledging them using a recognised referencing system. Do not copy another student’s work. If you do you will be referred to the School’s Academic Integrity Tutor and may face further penalties. Details in your Course Handbook accessible via SOLE and at
If you don’t pass at the first attempt / DON’T PANIC. In the event you are required to take reassessment you will receive formal notification of this via a letter from Registry Services posted on the SOLE page after the meeting of the Board of Examiners. The letter will normally include a copy of the reassessment task(s). Deadlines for re-assessment can be found in the University Calendar at

1

Module Outline Template v6

Grading Matrix

This matrix captures the assessment criteria for this part of the coursework.

Student Number: / Academic Year and Semester:2016-17, sem1 / Learning Outcomes:
1.Analyse the information security issues and threats facing both users and information managers in organizations
2.Identify methods, tools and techniques for combating security threats
Module Code/Title:
COMP3371 / Assignment No/Weighting:
1, 50%
Occurrence: / Assessment Title:
Report on IT transformation to make a system secure
Assessment Criteria
GRADE / Explanation of security concerns, both now and on expansion / Explanation of business continuity and how it might be threatened / Explanation of item(s) of hardware and software listed & recommended / The approximate costs of your proposed improvements / Apart from the changes in technology, what else would you recommend?
A / Comprehensive list of technical and non-technical concerns provided, including in each case exactly what the concern might be / Definition of the term, detailed explanation of factors that could affect it, and how each factor could impinge on the normal running of the business / Comprehensive list of hardware items that needs to be in place, and detailed explanation how each item should be configured to work effectively to protect digital information / A full breakdown of the typical cost for each named hardware component, and the time taken to maintain that component / A comprehensive set of reasons why human factors are important in maintaining security of digital data, and the corrective actions that may need to be taken to mitigate the threat
B / Focus on specific technical and non-technical matters as security concerns, and why in each case / Definition of the term, explanation of factors that could affect it, and how each factor could impinge on the normal running of the business / List of relevant hardware items and explanation how each item should be configured to work effectively to protect digital information / Breakdown of costs for hardware items listed, and of time to configure each / A good set of reasons why human factors are important in maintaining security of digital data, in each case providing corrective actions that may need to be taken to mitigate the threat
C / List of technical and non-technical concerns provided, and some explanation for each / Definition of the term; explanation of factors that could affect it, / List of relevant hardware items and explanation how each item should be configured to work effectively to protect digital information / Breakdown of costs for hardware items, and an estimation of total configuration time / A good set of reasons why human factors are important in maintaining security of digital data, with some corrective actions suggested that may need to be taken to mitigate the threat
D / List of technical and non-technical concerns provided, and some explanations / Definition of the term, explanation of some factors that could affect it, / List of relevant hardware items and description of how some items could be configured to work effectively to protect digital information / Breakdown of costs for hardware items, but little mention of configuration / A limited set of reasons why human factors are important in maintaining security of digital data, and some suggestion of corrective actions that may need to be taken to mitigate the threat
Fail (E-G) / List of technical and non-technical concerns provided, but no explanations given / Definition of the term, but little/no explanation of some factors that could affect it, / List of relevant hardware items but not even a description of configuration matters / Incomplete breakdown of costs; little mention of configuration / A limited set of reasons why human factors are important in maintaining security of digital data, but little suggestion of corrective actions that may need to be taken to mitigate the threat
General comment:
What you can do better in future assignments:
How successful completion of this assignment helps your employability:
Assignment Grade: / Marker: / Moderator*:

* This person is responsible for moderating a sample of student work for this module. Your work may, or may not, have been included in this sample