Information Security (MSc and Postgraduate Diploma)

Overview
Structure
Study materials
Fees
Assessment
Requirements
Leaders

Is this course for me?

The field of Information Security is the study of countermeasures to the threat of information infrastructure failure to ensure the security of electronic information. It embraces a range of technologies such as cryptography, computer security, and fraud detection, and also includes the study of how security can best be managed.

This programme introduces the technical, legal and commercial aspects of Information Security. Students come from a variety of backgrounds, ranging from new graduates through to senior security managers in blue chip enterprises seeking a formal qualification in Information Security.

Course summary

	You study	Study period	Cost (2012-2013)
MSc	6 modules + project	2-5 years	£12,985
Postgraduate Diploma	6 modules	1-5 years	£10,015
Individual modules	Single modules are ideal if you're keen to update your professional knowledge and enhance your career. In 2012-2013 the fee per module is £1,695.

Prestige

The programme has been developed by academics within the Information Security Group (ISG) [external link] at Royal Holloway, University of London, one of the foremost academic security groups in the world.

ISG awarded Centre of Excellence status - Royal Holloway, University of London has been recognised for its world class research in the field of cyber security by UK intelligence agencies GCHQ.

The ISG is at the cutting edge of research into the design and evaluation of smart cards, electronic commerce, security management, mobile telecommunications security, and the integration of security techniques into specific applications. The ISG was awarded a Queen's Anniversary Prize in 1998 in recognition of it providing "a unique national resource for the training of information security specialists".

A pioneering course that continues to provide students with the essential knowledge and understanding of information security, with many graduates going on to fill senior roles.

Malcolm Marshall, Partner, KPMG.

Information Security Group research

Read more about research activities in the white paper [PDF: 6pgs, 2.68 Mb] by Jason Crampton, Director of Research, Royal Holloway.

Career progression

Graduates of the programme can be found in many organisations, ranging from large financial institutions to technology and research- oriented organisations, as well as security specialists. The MSc is also a foundation for further postgraduate research.

Continuing Professional Education (CPE)

You can study any of the compulsory core modules on a stand-alone basis and earn CPE credits. On successful completion of each module you will receive a University of London certificate.

Your time commitment

This courses are offered online, enabling you to fit your studies around work and family commitments. To complete in the minimum study period you will need to study 20 hours per week during the academic session (September-April).

Excellent support

Fully supported by a Virtual Learning Environment, you will take part in online tutor-supported seminars and discussions; a virtual student cafe allows you to interact and network with other students.

Summary of key dates

Application deadline			30 June
Registration deadline			31 August
Course starts			September
Examinations take place			May

*Induction Module

Students are strongly advised to look at the induction module for further details about learning materials and online support. If you have any questions regarding the induction module please email: information security support (Note: this is for queries regarding the induction module only).

The MSc consists of six modules and a project. The Postgraduate Diploma consists of six modules:

Four compulsory core modules

Security management

Aims

This module will emphasise the need for good security management. Its aims are to identify the problems associated with security management and to show how various (major) organisations solve those problems.

Objectives

On completion of the module, the student will appreciate the complexities of security management, and have seen how some companies attempt to solve these problems.

An introduction to cryptography and security mechanisms

Aims

The approach of this module is non-technical. The main objective is to introduce the students to the main types of cryptographic mechanism, to the security services which they can provide, and to their management, including key management. The mathematical content of this module is minimal. Support materials for the elementary mathematics needed for this module will be provided.

Objectives

On completion of this module students will have gained an understanding of the use of, and services provided by, the main types of cryptographic scheme. They should also have gained an appreciation of the need for good key management. This will include an appreciation of the general nature of: encryption techniques for providing confidentiality services (including stream ciphers, block ciphers and public key techniques), mechanisms for providing data integrity and origin authentication, including MACs and digital signatures, message exchanges to provide entity authentication and/or key establishment, and the use of Trusted Third Parties, such as Certification Authorities (CAs), to provide and support Public Key Infrastructures. Students completing this module should not expect to be able to design algorithms.

Network security

Aims

This module is concerned with the protect-ion of data transferred over commercial information networks, including computer and telecommunications networks. After an initial brief study of current networking concepts, a variety of generic security technologies relevant to networks are studied, including user identification techniques, authentication protocols and key distribution mechanisms. This leads naturally to consideration of security solutions for a variety of types of practical networks, including LANs, WANs, proprietary computer networks, mobile networks and electronic mail.

Objectives

At the end of the module students should have gained an understanding of the fundamentals of the provision of security in information networks, as well as an appreciation of some of the problems that arise in devising practical solutions to network security requirements.

Computer security

Aims

This course deals with the more technical means of making a computing system secure. This process starts with defining the proper security requirements, which are usually stated as a security policy. Security models formalise those policies and may serve as a reference to check the correctness of an implementation. The main security features and mechanisms in operating systems will be examined as well as security related issues of computer architecture. Specific well-known operating systems are then studied as case studies. Other areas investigated include the security of middleware, software protection and web security.

Objectives

On completion of this course students should be able to:

demonstrate an understanding of the importance of security models with reference to the security of computer systems
describe the features and security mechanisms which are generally used to implement security policies
provide examples of the implementation of such features and mechanisms within particular operating systems
display a breadth of knowledge of the security vulnerabilities affecting computer systems
demonstrate an understanding of the main issues relating to Web security in the context of computer systems.

Two optional modules chosen from

Secure electronic commerce and other applications

Aims

This module aims to put the role of security into perspective and demonstrate how it forms part of a security system within an application. The aim is to illustrate, usually by the use of case studies, how a particular situation may make certain aspects of security important and how an entire system might fit together.

Objectives

On completion of the module the students should be able to:

recognise the security issues that arise in a variety of applications
appreciate how and why particular applications can address various security concerns
review how the various security issues in a particular application relate to one another
analyse how the security aims are met in a particular application.

Advanced cryptography

Aims

This module follows on from the introductory cryptography module (IC02). In IC02 cryptographic algorithms were introduced according to the properties they possessed and how they might fit into a larger security architecture. In this unit we look inside some of the most popular and widely deployed algorithms and we highlight design and cryptanalytic trends over the past twenty years. This course is, by necessity, somewhat mathematical and some basic mathematical techniques will be used. However, despite this reliance on mathematical techniques, the emphasis of the module is on understanding the more practical aspects of the performance and security of some of the most widely used cryptographic algorithms.

Objectives

On completion of this module, students will gain a broad familiarity of the inner-workings of many of today's most widely deployed cryptographic algorithms. Students will also develop a more detailed understanding of some of the most prominent algorithms.

Database security

Aims

This module covers several aspects of database security and the related subject of concurrency control in distributed databases. We will discuss methods for concurrency control and failure recovery in distributed databases and the interaction between those methods and security requirements. We will also examine how access control policies can be adapted to relational and object-oriented databases.

Objectives

At the end of the module the student should:

understand how multi-level security can be preserved within a database whilst still permitting the concurrent execution of transactions
understand why confidentiality is so difficult to achieve within a statistical database
understand the implications that security and its administration have in the context of commercial databases such as Informix and Oracle.

Information crime

Aims

This module complements other modules by examining the subject from the criminal angle and presenting a study of computer crime and the computer criminal. We will discuss its history, causes, development and repression through studies of surveys, types of crime, legal measures, and system and human vulnerabilities. We will also examine the effects of computer crime through the experiences of victims and law enforcement and look at the motives and attitudes of hackers and other computer criminals.

Objectives

On completion of the module students should be able to:

follow trends in computer crime
relate computer security methodologies to criminal methods
detect criminal activity in a computerised environment
apply the criminal and civil law to computer criminality
understand how viruses, logic bombs and hacking are used by criminals
appreciate the views of business, governments, and the media to instances of computer crime.

Smart cards/tokens security and applications

Aims

This course will:

provide an overview of smart cards/tokens and their properties
introduce various applications that exploit smart cards/tokens
examine benefits, threats and attacks
consider systems for the development, manufacture and management of smart cards/tokens
review smart card standards and security evaluation methodologies.

Objectives

On completion of this module students will be able to:

identify constituent components, analyse strengths and weaknesses and identify new applications of smart cards
identify the steps in the manufacturing/personalisation processes, analyse and evaluate potential risks and compare security safeguards
identify and compare the systems in use, analyse the strengths and weaknesses and evaluate interoperability and security issues
analyse the range of capabilities of SIM/USIM cards and apply them to new service ideas, evaluate the possible range of services and security measures
understand the main standards and applications of smart cards for banking and finance, compare with earlier card solutions and analyse strengths and weaknesses of approaches
analyse the key role of the smart card for passports, IDs and satellite TV, evaluate the security measures that have protected past and current cards
identify and describe new technologies, including TPM and apply them to new application and evaluate the likely suitability/success of approach
explain how common criteria may affect smart card design/development, analyse the different approaches and compare with less formal methods
identify and describe the classes of attack and notable methods within each class, analyse countermeasures and evaluate practicality of attacks
identify, compare and evaluate different methods of developing applications for smart cards, and understand the development cycle and the use of practical tools
analyse the issues concerning smart card lifestyle management, and evaluate and compare methods of local and remote card management.

Digital forensics

Aims

The objective of this module is to provide the foundations and theoretical underpinnings for an understanding of the way in which data that can subsequently be used as evidence is generated, stored, and transmitted. Based on this, methods for the collection and analysis of digital evidence are covered which will not alter the underlying data or potentially trigger destructive mechanisms and which can be reproduced reliably. Beyond the technical underpinnings, the module is to provide an understanding of general and UK legal requirements as well as resulting frameworks for the handling and processing of such evidence.

Objectives

After completing this course, students will have:

an understanding of the legal requirements for gathering, storing, transmitting, and processing evidence mainly within the United Kingdom and, where appropriate, in other European Union member states
learned about procedures and recognised practices for handling digital evidence
gained an understanding of audit and indirect activity records retained by operating systems, particularly in file systems, and on how to retrieve such information
understanding of selected network protocols and the collection and derivation of evidence leading to the reconstruction of system and user activity based on network trace information
learned about infiltration and anti-forensics techniques used particularly by malicious software
gained an overview of steganographic and particularly steganalytical methods for different types of media
obtained understanding of retention characteristics of storage systems and non-standard devices such as mobile/smart phones, cloud computing, and vehicular systems.

Plus

Project - MSc Information Security

Aims

A project is a major individual piece of work. It can be of academic nature and aimed at acquiring and demonstrating understanding and the ability to reason about some specific area of information security. Alternatively, the project work may document the ability to deal with a practical aspect of information security.

Objectives

The student will write a comprehensive dissertation on the topic of the project. On completion of the project students should have demonstrated their ability to:

work independently on a security-related project, for which they have defined the objectives and rationale
apply knowledge about aspects of information security to a particular problem, which may be of an engineering, analytical or academic nature, and
produce a well-structured report, including introduction, motivation, analysis, and appropriate references to existing work.

Supervisor

Each student will be assigned an academic project supervisor who may give advice on the choice of the project and will monitor its progress. However, it is primarily the responsibility of the student to define and plan the MSc project.

Note: The compulsory core modules are available as stand alone individual modules. Students applying to register on this basis should normally satisfy the entrance requirements for the MSc/Postgraduate Diploma. However, if you do not hold such qualifications, the University will still consider your application. Upon successful completion of two individual modules, you will then be considered for entry to the Postgraduate Diploma or MSc degree programmes. Students who have completed the Postgraduate Diploma or MSc may also register for any optional modules offered by the programme.

Fees

Fees are subject to annual review. When you register you can either pay the total amount upfront or pay as you go (a one-off registration fee plus a fee for each module).

	2012-2013
Registration fee	£ 1,105
Fee per module (x6)	£ 1,485
Project fee	£ 2,970
Short course fee (per module)	£ 1,695
TOTAL MSc	£ 12,985
TOTAL Postgraduate Diploma	£ 10,015
ConvertGBP x 1

The University reserves the right to amend previously announced fees, if necessary.

All fees must be paid in pounds sterling, which may be paid either by a credit card recognised by MasterCard International or by the Visa group OR by banker's draft, cheque or UK postal order, made payable to 'The University of London' and crossed 'a/c payee'.

Other costs

Besides the fees payable to the University, you should also budget for the fee levied by your local examination centre to cover their costs (if you do not sit your exams in London).

Academic Requirements

A second class honours degree or the equivalent, in a relevant discipline, from a university or other institution acceptable to the University of London (a relevant discipline includes, but is not restricted to, computer science, electronics, information systems, and mathematics).

Note: applicants without a degree but with appropriate industrial experience will also be considered.

Individual modules

Students applying to register for single modules on a stand alone basis should normally satisfy the entrance requirements for the MSc/Postgraduate Diploma. However, if you do not hold such qualifications, the University will still consider your application. Upon successful completion of two individual modules, you will then be considered for entry to the Postgraduate Diploma or MSc degree programmes.

What our students say

David Boyd
MSc graduate and chartered engineer, UK.

"The tutors were always willing to make contact in times of need and there was an online network of students who were keen to share the ups and downs of study. I have moved from being a wary student who had been out of the academic world for years to an eager student who has been accepted for a part-time PhD."

Language Requirements

For awards at FHEQ level 7, students must provide satisfactory evidence showing that they have passed within the previous three years a test of proficiency in English at the following minimum level:

IELTS with an overall grade of at least 6.5 with a minimum of 6 in each sub test; or
TOEFL with a score of 600 of 250 on the computerised test plus a Test of Written English (TWE of at least 4.5); or
a test of proficiency in English language from the prescribed list published by the University.

Where an applicant does not meet the prescribed English language proficiency requirements but believes that they can demonstrate the requisite proficiency for admission the University may, at its discretion, consider the application.

Note: Some programmes will require greater proficiency in English language; these requirements will be reflected in the relevant programme regulations.

Computer Requirements

Online access and general computer requirements
As one of our students you need to have regular access to a computer and the internet; this may be for accessing the Student Portal, downloading course materials from the Virtual Learning Environment, and accessing resources from the Online Library. You will also need to have access to appropriate software, for example, a PDF reader and suitable hardware capacity on your computer, e.g. for document storage. Additional requirements include that you have JavaScript and cookies enabled to access particular online systems, for example, the Student Portal.

Supported Browsers include:
Internet Explorer 7+
Firefox 5+
Chrome 13+

Screen resolution (recommended)
1024 x 768 or greater

Certain programmes may have their own specific requirements, please refer to the relevant Regulations.

Academic leaders: Royal Holloway

Founded in 1885, Royal Holloway is one of the six largest Colleges of the University of London and is home to the Information Security Group (ISG), one of the largest academic security groups in the world.

The ISG brings together expertise in education, research and practice in the field of Information Security. It offers world-leading Masters and Postgraduate Diploma programmes (campus-based and online). The ISG also includes the Smart Card Centre of Excellence which it founded with Vodafone and Giesecke & Devrient. In recognition of its work, the ISG received a prestigious Queen's Anniversary Prize for Higher and Further Education. The Prize Citation was as follows:

"This pioneering Group provides a unique national resource for the training of information security specialists and the development of highly secure communications and computer systems. It offers world-leading independent expertise in a field of national importance where trust and integrity are paramount."
Queen's Anniversary Prize for Higher and Further Education

Academic leaders

Professor Fred Piper

Director of External Relations, Information Security Group

Professor Fred Piper was appointed Professor of Mathematics at the University of London in 1975 and has worked in information security since 1979. In 1985, he formed a company, Codes & Ciphers Ltd, which offers consultancy advice in all aspects of information security. He has acted as a consultant to over 80 companies including a number of financial institutions and major industrial companies in the UK, Europe, Asia, Australia, South Africa and the USA.

The consultancy work has been varied and has included algorithm design and analysis, work on EFTPOS and ATM networks, data systems, security audits, risk analysis and the formulation of security policies. He has lectured worldwide on information security, both academically and commercially, has published more than 100 papers and is joint author of Cipher Systems (1982), one of the first books to be published on the subject of protection of communications, Secure Speech Communications (1985), Digital Signatures - Security & Controls (1999) and Cryptography: A Very Short Introduction (2002).

Fred has been a member of a number of DTI advisory groups. He has also served on a number of Foresight Crime Prevention Panels and task forces concerned with fraud control, security and privacy. He is currently a member of the Board of Trustees for Bletchley Park and the Board of the Institute of Information Security professionals. He is also a member of (ISC)2's European Advisory Board, the steering group of the DTI's Cyber Security KTN, ISSA's advisory panel and the BCS's Information Security Forum.

In 2002, he was awarded an IMA Gold Medal for "services to mathematics" and received an honorary CISSP for "leadership in Information Security". In 2003, Fred received an honorary CISM for "globally recognised leadership" and "contribution to the Information Security Profession".

In 2005 he was elected to the ISSA Hall of Fame. He was named Professional of the Year at the Communications in Business Awards 2005. In 2008 he was elected to be a Fellow of (ISC)2. In 2008 he was the first person to be elected to the InfoSecurity Europe Hall of Fame. In 2008 he was elected to the International Advisory Board of IMPACT (the International Multilateral Programme Against Cyber Threats).

Apply online

Academic Inspiration - MSc Information Security

Richard Martin, Head of Innovation, Payments Council and Guest Lecturer, Royal Holloway, University of London. The question he addresses in this video is how well companies are prepared to fight the ever growing threat of cybercrime.

Alumni Inspiration: MSc Information Security (UK) Andy Smith

Andy Smith, a graduate of the MSc Information Security, speaks about why he chose this degree and how he applied what he learnt to his professional life. (2.27 minutes)

Information Security (MSc and Postgraduate Diploma)