| Unit name | Security 101 |
|---|---|
| Unit code | COMS10005 |
| Credit points | 10 |
| Level of study | C/4 |
| Teaching block(s) |
Teaching Block 1 (weeks 1 - 12) |
| Unit director | Dr. Oswald |
| Open unit status | Open |
| Pre-requisites |
None |
| Co-requisites |
None |
| School/department | Department of Computer Science |
| Faculty | Faculty of Engineering |
The primary goal of the unit is to impart knowledge about dangers/threats (practice orientated) specific to security critical applications. A secondary goal is to raise awareness of how such threats impact on individual’s (online) lives, as well as how they impact on organisations. A third goal is to create awareness about tools and techniques to improve ones online security.
Consequently, the unit centres around lectures that explain basic threats, in part based on real life case studies. To ensure that the topics covered are sufficiently relevant to students but also expose them to new ideas, the principle of designing the unit is to identify ‘core’ topics and ‘extension’ topics. All core topics will be delivered every year the unit runs, whereas extension topics can be chosen, and I envision that students vote on them at the end of month 1.
Core Topics: (taught over 5ish weeks)
Optional Topics: (a subset will be selected each time)
Explain and define the basic principles fundamental to modern information security concepts.
Identify information security principles within their own use of information technology.
Raise awareness about the existence of tools improving their online security.
Delivery via lectures (2 hours per week) and bi-weekly labs (a 2 hour slot every other week).
Assessment: in line with the goals, there are three assessment components:
a) submitted by end of week 6, via a signed and encrypted email to the course director (or some email-alias specific to the unit), a 2-page summary of their experience setting up email encryption and signatures, specifically focussing on usability but also explaining their understanding of the processes involved.
b) submitted by end of week 12, via a signed and encrypted email to the course director (or to some email-alias specific to the unit), an up to 2 page reflection on their own practice regarding computer security. This might include: how they choose passwords, how/where they save them, if or not they have antivirus installed/configured, what online providers they use, what they share on Social Media, what certificates they have installed, their awareness of the information security policies of whatever organisations they are in (University), have they got a back up, etc. Students should aim to cover 3 different points in their reflection and aim to choose one of the areas of reflection in connection with one of the additional topics that we will have covered.
The definition of 1 page equals, A4, 2cm borders on all sides, 11pt Arial font. Text beyond the page limit will ignored, and any story/explanation or argument that due to that becomes meaningless is to the detriment of the student. There will be no penalty (other than ignoring what is beyond the page limit) imposed.
c) in the January assessment period a multiple choice test.
Assessments a) and b) will each count 30%. They will test the increase in awareness of the students regarding the mechanisms available to improve their online security (and that of the wider public). They will also test students’ ability to practically use at least one tool that improves their online security. Assessment c) will count 40% and test their knowledge.
Anderson: Security Engineering, Wiley
Schneier: Cryptography Engineering, Wiley
Schneier: Liars and Outliers, Wiley
