Current postgraduate taught students
COMP61421: Computer and Network Security (2012-2013)
This course unit is jointly developed and delivered by Ning Zhang (from the School of Computer Science) and Daniel Dresner (a graduate of Manchester Business School who works with government, industry, and the third sector to secure information systems).
The course unit covers security technologies as well as the requirements of information system security throughout the system development process from the `Acquisition' stage to the `Disposal' stage.
|Programme outcome||Unit learning outcomes||Assessment|
|A1 A2 B2||Have a good understanding of how to define system security requirements and a good understanding of a variety of generic security threats and vulnerabilities, and be able to identify and analyse particular security problems for a given network, combination of networks, or application.|
|B2 C3 G4||Be able to prioritise requirements, and match requirements to solutions and countermeasures commensurate with associated risks.|
|A1||Have a good understanding of the correlation of business processes to technology in relation to security requirements; particularly in the balancing of information and computing technologies with the human vulnerabilities in computing and information systems.|
|C3||Be familiar with the relevant industry security standards and the regulation, and their application.|
|A1 A2||Appreciate the application of security techniques and technologies in solving real-life security problems in practical systems.|
The need for information assuranceSecurity Breaches;
Introduction to business continuity;
Human vulnerabilities in computer and network security.
Introduction to standardsPlan-do-check-act lifecycles;
Overview of information security management standards.
Information security managementSecurity Policy;
Asset Classification and Control;
Physical and Environmental Security;
Communications and Operations Management;
System Development and Maintenance;
Business Continuity Management;
Technologies and countermeasuresEntity identification and authentication;
Access control in computer systems and in networks;
Communication security, Virtual Private Networks (VPNs) and Web security;
Wireless network security;
Active securityAudits and reviews;
With active industry speakers as part of the core lecture programme.
Other SourcesThere is an on-line support via the Moodle Virtual Learning Environment (https://moodle.cs.man.ac.uk/login/index.php) for this course.
The following material supports the course unit:
National Computing Centre Guideline 269, Managing Risk - a practical guide, July 2002.
National Computing Centre Guideline 319: Information Systems Continuity - IT governance on the frontline
National Computing Centre Guideline 320, Desert Island Standards II, December 2008.
ISO/IEC 27002 (ISO/IEC 17799:2005) Code of practice for information security management.
Core TextTitle: Cryptography and network security: principles and practice (7th edition)
Author: Stallings, William
Supplementary TextTitle: Building Internet firewalls (2nd edition)
Author: Zwicky, Elizabeth D. and Simon Cooper and D.Brent Chapman
Publisher: O' Reilly
This is a highly respected book on the topic of Internet Firewalls.