| Long Title: | Security Principles |
|---|
| Language of Instruction: | English |
|---|
| Field of Study: |
Software and applications development and analysis
|
| Module Coordinator: |
Eugene McLaughlin |
| Module editor: |
Eugene McLaughlin |
| Teaching and Learning Strategy: |
The learning strategy involves the use of lectures, class discussions and practical work.
The practical aspects of the module may involve the use of online vulnerable websites to demonstrate real life situations as well as teaching how to mitigate against such vulnerabilities.
Virtual machines can be used to open up the world of ethical hacking to the students for use in a controlled environment. The production of assignments with an emphasis on industry certification may also be used e.g. incorporating ISO standards into academic submissions.
|
| Learning Environment: |
Learning will take place in a class room/lab environment with IT access. Module materials will be placed on Moodle, the college's virtual learning environment. |
| Module Description: |
The module aims to give students an understanding of the infrastructural and security aspects needed to support Business Systems and applications. |
| Learning Outcomes |
| On successful completion of this module the learner will be able to: |
| LO1 |
Understand the architecture and environment in which E-Business operates. |
| LO2 |
Apply security principles to Application Development. |
| LO3 |
Assess Networks and computer systems for security weaknesses. Identify appropriate defense mechanisms in order to protect systems and data from data loss or malicious attack |
| LO4 |
Address different security issues when dealing with different server APIs when creating Web and Mobile applications. |
| Pre-requisite learning |
Module Recommendations
This is prior learning (or a practical skill) that is required before enrolment on this module. While the prior learning is expressed as named NCI module(s) it also allows for learning (in another module or modules) which is equivalent to the learning specified in the named module(s).
|
| No recommendations listed |
Requirements
This is prior learning (or a practical skill) that is mandatory before enrolment in this module is allowed. You may not enrol on this module if you have not acquired the learning specified in this section.
|
| No requirements listed |
Module Content & Assessment
| Indicative Content |
|
Introduction to E-Business (5%)
E-Business: Definition and concepts
E-Business Framework, Classification, and Content
Digital revolution, its business environment, and organisational responses
WWW Architecture
E-Business Architectural framework
The Role of the Information Architect
Business Process Models
|
|
Access Control (10%)
Identify the mechanisms that work together to to create architecture to protect the assests of an information system
- Concepts / Methodologies / Techniques
- Attacks
- Effectiveness
|
|
Telecommunications and Network Security (10%)
discusses network structures, transmission methods, transport formats and security measures used to provide availability, integrity and confidentiality.
Network architecture and design
Communication channels
Network components
Network attacks
|
|
Cryptography (10%)
the principles, means and methods of disguising information to ensure its integrity, confidentiality
and authenticity.
Secret Key
Public Key
Protocols
Encryption algorithms
Encryption concepts
Digital signatures
Cryptanalytic attacks
Public Key Infrastructure (PKI)
Information hiding alternatives
|
|
Information Security Governance and Risk Management (10%)
the identification of an organization’s information assets and the development, documentation and implementation of policies, standards, procedures and guidelines.
Security governance and policy
Information classification/ownership
Contractual agreements and procurement processes
Risk management concepts
Personnel security
Security education, training and awareness
Certification and accreditation
|
|
Software Development Security (10%)
refers to the controls that are included within systems and applications
software and the steps used in their development.
Systems development life cycle(SDLC)
Application environment and security controls
Effectiveness of application security
|
|
Security Architecture and Design (10%)
contains the concepts, principles, structures and standards used to design, implement, monitor, and secure, operating systems, equipment, networks, applications, and those controls used to enforce various levels of confidentiality, integrity and availability.
Fundamental concepts of security models
Capabilities of information systems (e.g. memory protection, virtualization)
Countermeasure principles
Vulnerabilities and threats (e.g. cloud computing, aggregation, data flow control)
|
|
Operations Security (10%)
used to identify the controls over hardware, media and the operators with access privileges to any of these resources.
Resource protection
Incident response
Attack prevention and response
Patch and vulnerability management
|
|
Business Continuity and Disaster Recovery Planning (10%)
addresses the preservation of the business in the face of major disruptions to normal business operations.
Business impact analysis
Recovery strategy
Disaster recovery process
|
|
Legal, Regulations, Investigations and Compliance (5%)
addresses computer crime laws and regulations; the investigative measures and techniques which can be used to determine if a crime has been committed and methods to gather evidence.
|
|
Physical(Environmental)Security (5%)
addresses the threats, vulnerabilities and countermeasures that can be utilized to physically protect an enterprise’s resources and sensitive information.
Site/facility design considerations
Perimeter security
Internal security
Facilities security
|
|
OWASP Top 10 Mobile and Security (5%)
Current OWASP Top 10 for Mobile and Application Security
|
| Assessment Breakdown | % |
|---|
| Coursework | 30.00% |
| End of Module Assessment | 70.00% |
Full Time
| Coursework |
|---|
| Assessment Type |
Assessment Description |
Outcome addressed |
% of total |
Assessment Date |
| Continuous Assessment (0200) |
Sample Assessment: Create a Business continuity and Disaster Recovery document for the organisation of your choice. Please include assessments of Risk in the following areas.
The preservation of the business in the face of major disruptions to normal business operations.
• Business impact analysis
• Recovery strategy
• Disaster recovery process |
1,2,3,4 |
30.00 |
Sem 1 End |
| End of Module Assessment |
|---|
| Assessment Type |
Assessment Description |
Outcome addressed |
% of total |
Assessment Date |
| Terminal Exam |
End-of-Semester Final Examination |
1,2,3,4 |
70.00 |
End-of-Semester |
| Reassessment Requirement |
Repeat examination
Reassessment of this module will consist of a repeat examination. It is possible that there will also be a requirement to be reassessed in a coursework element.
|
Reassessment Description
Learners will be afforded an opportunity to repeat the final examination and all learning outcomes will be assessed in the repeat sitting.
|
NCIRL reserves the right to alter the nature and timings of assessment
Module Workload
| Workload: Full Time |
| Workload Type |
Workload Description |
Hours |
Frequency |
Average Weekly Learner Workload |
| Lecture |
No Description |
2 |
Every Week |
2.00 |
| Tutorial |
No Description |
1 |
Every Week |
1.00 |
| Independent Learning |
No Description |
7.5 |
Every Week |
7.50 |
| Total Hours |
10.50 |
| Total Weekly Learner Workload |
10.50 |
| Total Weekly Contact Hours |
3.00 |
| Workload: Part Time |
| Workload Type |
Workload Description |
Hours |
Frequency |
Average Weekly Learner Workload |
| Lecture |
No Description |
2 |
Every Week |
2.00 |
| Total Hours |
2.00 |
| Total Weekly Learner Workload |
2.00 |
| Total Weekly Contact Hours |
2.00 |
Module Resources
| Recommended Book Resources |
|---|
- Shon Harris 2012, CISSP All-in-One Exam Guide, 6th Edition, McGraw-Hill Osborne Media [ISBN: 0071781749]
- Raymond R Panko, Julia Panko 2012, Business Data Networks and Security, Prentice Hall [ISBN: 0132742934]
- Turban Effraim, King David et al 2008, Electronic commerce, A managerial perspective,, Pearson International Edition.
| | Supplementary Book Resources |
|---|
- Chetan Damani, Ravi Damani 2007, E-Business 2.0: The Evolution of E-Business:1,, Imano plc
| | This module does not have any article/paper resources |
|---|
| This module does not have any other resources |
|---|
Module Delivered in
|
