°ÄÃÅÁùºÏ²Ê¿ª½±¼Ç¼

Internal

CSMDE21 - Data Security and Ethics

°ÄÃÅÁùºÏ²Ê¿ª½±¼Ç¼

CSMDE21-Data Security and Ethics

Module Provider: Computer Science
Number of credits: 10 [5 ECTS credits]
Level:7
Terms in which taught: Spring term module
Pre-requisites:
Non-modular pre-requisites:
Co-requisites:
Modules excluded:
Current from: 2022/3

Module Convenor: Dr Pat Parslow
Email: p.parslow@reading.ac.uk

Type of module:

Summary module description:

Information security and the legal and ethical handling of data are matters of increasing concern in society.Ìý Professional bodies have rules of ethical conduct which help define how professionals in the industry should behave.Ìý As professionals it is important to understand the law, including how laws differ across national boundaries.Ìý Beyond the law, however, ethics help us to understand how to behave at an individual level, as well as how to formulate suitable policies at a company or institutional level.ÌýÌý


Aims:

As such, the module explores ideas such as:




  • Knowledge of the legal aspects when processing data.

  • Knowledge of the legal system – how laws are made and interpreted

  • Awareness of Deontological ethics and Utilitarian ethics

  • Data; the definitions and concepts, including what ‘processing’ means.

  • Ethics and legality of processing data with and without automatic decisions.

  • Copyright and Data Protection legislation (DPA, GDPR, etc.).

  • Storage mechanisms for data (in broad terms), and security methods.

  • Understanding Information security, Network security and Data security

  • Risk analysis for projects and products using data



This module also encourages students to develop a set of professional skills, such as team discussion, and critical problem solving.


Assessable learning outcomes:


  • Identifying deontological and utilitarian policies and discriminating between ethical and unethical practices

  • Applying ethical and legal reasoning to risk analysis

  • Identifying legal and ethical security approaches for data-based projects and products

  • Application of data security methods to different types of project

  • Analysis of attack surface and attack vectors


Additional outcomes:

Outline content:

Overview of information security

This part of the module provides an overview of the issues involved in information security in general, focusing on cryptography, the theories underlying computer security, authentication and access control.



Network Security

This part of the module focuses on the role the network plays in computer security, including its vulnerabilities, and the techniques that can be used to make the network secure. The part covers security issues related to general networks (e.g. port scanning, Denial of Service, etc.), the Web (e.g. SQL injection, XSS, CSRF, directory traversal attacks, etc.), and system threats in general, such as viruses, worms and Trojan horses. It also covers security controls such as firewalls, secure network protocols such as SSL and IPSec, and Intrusion Detection Systems.



Data Security

This part of the module focuses on the security of structured data (i.e. data stored in file storage systems or in databases) and unstructured data (i.e. data outside of a storage system that is manually used and transformed, and which is frequently in various states of rest, transit and use). The part covers the techniques that should be used to secure access to structured data, to prevent its accidental loss and to prevent it from being read by intruders; it also covers the techniques used to secure unstructureddata, with particular emphasis made on Web applications, one of the most commonly used sources of unstructured data, yet one of the most notoriously difficult systems to secure. This part brings together the previous two parts, and shows how the theories and techniques used in Computer and Network Security can be applied to ensure the security of structured and unstructured data.



Law and Ethics

The underlying drivers to motivate good data security and integrity, founded on an understanding ofÌý the relevant laws, and two of the main moral philosophies.Ìý Understanding the risks and potential mitigations, and the nature of humans-in-the-loop as risk factors with e.g. phishing attacks.


Global context:

Laws vary between regions, and ethics vary between communities; the topic is covered from a UK and EU centred perspective.


Brief description of teaching and learning methods:

Lecturers led discussions, with practical classes in data security implementations, supported by independent study and task focused independent desk study.


Contact hours:
Ìý Autumn Spring Summer
Lectures 10
Practicals classes and workshops 10
Guided independent study: Ìý Ìý Ìý
Ìý Ìý Wider reading (independent) 20
Ìý Ìý Exam revision/preparation 10
Ìý Ìý Advance preparation for classes 20
Ìý Ìý Essay preparation 20
Ìý Ìý Reflection 10
Ìý Ìý Ìý Ìý
Total hours by term 0 100 0
Ìý Ìý Ìý Ìý
Total hours for module 100

Summative Assessment Methods:
Method Percentage
Written exam 50
Set exercise 50

Summative assessment- Examinations:

One 1.5-hour examination paper in May/June.


Summative assessment- Coursework and in-class tests:

One piece of coursework.


Formative assessment methods:

Online tests to promote independent research and testing understanding of legal and ethical aspects.


Penalties for late submission:

The below information applies to students on taught programmes except those on Postgraduate Flexible programmes. Penalties for late submission, and the associated procedures, which apply to Postgraduate Flexible programmes are specified in the policy £Penalties for late submission for Postgraduate Flexible programmes£, which can be found here: /cqsd/-/media/project/functions/cqsd/documents/cqsd-old-site-documents/penaltiesforlatesubmissionpgflexible.pdf
The Support Centres will apply the following penalties for work submitted late:

  • where the piece of work is submitted after the original deadline (or any formally agreed extension to the deadline): 10% of the total marks available for that piece of work will be deducted from the mark for each working day (or part thereof) following the deadline up to a total of five working days;
  • where the piece of work is submitted more than five working days after the original deadline (or any formally agreed extension to the deadline): a mark of zero will be recorded.
The University policy statement on penalties for late submission can be found at: /cqsd/-/media/project/functions/cqsd/documents/cqsd-old-site-documents/penaltiesforlatesubmission.pdf
You are strongly advised to ensure that coursework is submitted by the relevant deadline. You should note that it is advisable to submit work in an unfinished state rather than to fail to submit any work.

Assessment requirements for a pass:

A mark of 50% overall


Reassessment arrangements:

One 2-hour examination paper in August/September.ÌýNote that the resit module mark, used to determine progression, will be the higher of (a) the mark from this resit exam and (b) an average of this resit exam mark and previous coursework marks, weighted as per the first attempt (50% exam, 50% coursework).


Additional Costs (specified where applicable):

1) Required text books:ÌýÌý

2) Specialist equipment or materials:ÌýÌý

3) Specialist clothing, footwear or headgear:ÌýÌý

4) Printing and binding:ÌýÌý

5) Computers and devices with a particular specification:ÌýÌý

6) Travel, accommodation and subsistence:ÌýÌý


Last updated: 22 September 2022

THE INFORMATION CONTAINED IN THIS MODULE DESCRIPTION DOES NOT FORM ANY PART OF A STUDENT'S CONTRACT.

Things to do now