Launching into Cyber Security - Unit Objectives & Reflections

This page contains the objectives, outcomes and reflections of each unit (week) of the module

Unit 1 - Introduction to Cyber Security

Objectives

  • Look at the importance of Cyber Security.
  • Review the skills and professional competencies required as Cyber Security professional.
  • Review the importance of ethics and governance framework within the context of Cyber Security.
  • Cover computing infrastructure including the internet and the world wide web.
  • Explore the types of security attacks and vulnerabilities in systems.
  • Discuss the types of network; their configurations and security measure.

Outcomes

  • Understand the key concepts of Confidentiality, Integrity and Availability (CIA) in Cyber Security.
  • Appreciate of the competencies required to be able to address Cyber Security issues.
  • Gain awareness of the ethical and governance frameworks around information systems security and data protection acts.

Reflection on Unit 1

Unit 1 of the module focused on an introduction into Cybersecurity. A good understanding of the CIA (Confidentiality, Integrity and Availability) triad was gained as well as regulations such as the GDPR (General Data Protection Regulation). These regulations are not enforced in South Africa and therefore it was very new to me. I was particularly amazed by the data presented in the Cyber Security Breaches Survey 2020 which outlined data breaches across organisations in the UK. This was also a week where my ePortfolio structure was researched and developed. Further reading into Cybersecurity concepts was performed as well a refresher on the networking concepts which I had previously learnt. An initial post discussing why Cyber Security is now a global issue and why it is important for companies to invest in Cyber Security was also written. I thoroughly enjoyed reading various research journals which aided in the writing of the initial post.

References

Department for Digital, Culture, Media & Sport (2020) Cyber Security Breaches Survey 2020. Available from: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/893399/Cyber_Security_Breaches_Survey_2020_Statistical_Release_180620.pdf

Unit 2 - Cyber Security Issues and Their Implications for Businesses

Objectives

  • Cover Data Protection legislation and ethical issues for international companies.
  • Explore regulatory and governance frameworks and the standards required.
  • Explore privacy issues and approaches to dealing with them.

Outcomes

  • Developed an awareness of the implications of security breaches.
  • Evaluated available techniques and technologies at database and metadata levels dealing with privacy and data disclosure.

Reflection on Unit 2

Most of the time during Unit 2 was spent reading initial posts posted by students on the topic of cybersecurity being a global issue as well as responding to these in the form of Peer Responses. It was great to study the initial posts of my fellow colleagues and learn from them as well. A total of 3 peer responses was provided by myself. These posts can be viewed by clicking on the links below:

Click here to download the first peer response in a .pdf format

Click here to download the second peer response in a .pdf format

Click here to download the third peer response in a .pdf format

Unit 2 also focused on preparing for the first Seminar where Shell Global as a case study was discussed. Research was performed on Shell Global on the topic of security concerns experienced by the company. I thoroughly enjoyed attending the first seminar as it brought some perspective into the world of Cybersecurity as well as understanding the views of my peers. Knowledge that was gained during Unit 1 & 2 of the Module was applied to the case study as well, this aided in the understanding of various concepts and regulations.

Unit 3 - Approaches to Cyber Security Design

Objectives

  • Learn the core principles to Cyber Security design.
  • Discuss the approaches to Cyber Security design and how to evaluate.
  • Discuss the various types of network security solutions.
  • Discuss approaches to threat and vulnerability identifications in software development.

Outcomes

  • Critically evaluate the implications of vulnerabilities and threats in software and networks.
  • Develop knowledge about approaches to identify vulnerabilities and threats.
  • Apply knowledge to mitigate the identified issues.
  • Develop an awareness of emerging trends in Cyber Security.

Reflection on Unit 3

Unit 3 focused on approaches to cyber security design. Two great books were presented as essential reading materials i.e.

Anderson, R. (2008) Security Engineering: A Guide to Building Dependable Distributed Systems. 2nd ed. Wiley Publishing Inc.

Howard M. and LeBlanc. D. (2003) Writing Secure Code. 2nd ed. Microsoft Press.

The two books really opened my mind on the concept of cybersecurity and its applications. They are great reads and I would recommend them to anyone studying Cyber security or even people in general wanting to know more about the topic.

The lecturecast presented was very information touching on the following areas:

  • Approaches to security,
  • Types of threats,
  • Types of network security,
  • Software security,
  • Threat modelling techniques,
  • Impact assessment of the threat,
  • Security solutions and their implementation considerations,
  • Tips for security design solutions.

This was also the week where a summary post based on the previous units learnings was due. By this time I had become quite proficient in the Harvard referencing style as well.

Unit 4 - Threat Identification and Modelling

Objectives

  • Apply techniques to capture security requirements as part of the software development process.
  • Apply modelling techniques to identify threats and vulnerabilities in networks and software.
  • Employ industry-standard methods to isolate the different types of threats.

Outcomes

  • Develop solutions that will efficiently identify vulnerabilities and threats in software and over networks.
  • Develop security requirement documents to ensure security is embedded in a software development process.
  • Develop the capacity to predict security issues in software and develop appropriate solutions to deal with them.

Reflection on Unit 4

The focus this week involved applying modelling techniques to identify threats and vulnerabilities in networks. Further reading was performed from the following book:

Howard M. and LeBlanc. D. (2003). Writing Secure Code. 2nd ed. Microsoft Press.

The following important points were extracted:

"By secure software, we don’t mean security code or code that implements security features. We mean code that is designed to with- stand attack by malicious attackers. Secure code is also robust code. If you create an application that runs on one or more computers connected to a network or the biggest network of them all, the Internet, your code will be attacked."

Howard & LeBlanc (2003) further mentions the reasons why people choose not to build secure systems are as follows:

  • Security is boring.
  • Security is often seen as a functionality disabler, as something that gets in the way.
  • Security is difficult to measure.
  • Security is usually not the primary skill or interest of the designers and developers creating the product.
  • Security means not doing something exciting and new.

A seminar was held this week as well which focused on working through an example of a web-based information system called PACS (Picture Archiving Communications System). Potential threats were identified using threat modelling techniques such as Abuse cases, Attack tree's and STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service and Elevation of Privilege). Once again, a great learning experience from the seminar.

Unit 5 - Object-oriented Analysis, Design and Programming Techniques for Secure Systems

Objectives

  • Discuss the UML concepts and principles to software analysis and design.
  • Explore the concepts, principles and techniques of programming.

Outcomes

  • Develop the ability to apply concepts and principles of secure object-oriented analysis and design.
  • Develop the knowledge and skills required for programming.
  • Develop the ability to implement a security designed solution.

Reflection on Unit 5

Unit 5 focused on Object-oriented Analysis, Design and Programming Techniques for Secure Systems. This is the first time that I had been exposed to the concept of UML diagrams and the important role it plays in modelling complex systems. An informative lecturecast was held in this week covering the various types of UML diagrams as well as an introduction to Python Programming. I also had an opportunity to get familiar with the UML tools used in the industry such as Visual Paradigm UML tool (https://www.visual-paradigm.com/), this tool was used to reproduce Abuse case diagrams, sequence diagrams and class diagrams provided in the lecturecast.

Unit 6 - Application of UML to Secure Software Design

Objectives

  • Use the UML tool to design of security requirements for software development.
  • Apply UMLs to model the software behaviour.
  • Apply UMLs to model software data structures.

Outcomes

  • Develop the ability to identify the software components and associated threats.
  • Employ the UML modelling techniques to identify software dataflow, storage and security issues.
  • Apply the knowledge and skills to other security issues in software development.

Reflection on Unit 6

This unit focused on the practical application of UML diagrams in designing software that mitigates against threats and vulnerabilities. An initial post was required as part of this unit. The topic of the initial post was to identify and discuss two security technologies and the context in which they can be employed. Majority of the time was spent researching security technologies that exist in the industry today. Further reading was also performed on UML using the following resource:

Ambler, S. W. (2003) The Elements of UML Style. Cambridge, UK: Cambridge University Press

This was in preparation for the Essay outline due at the end of Unit 6. A seminar was also held during this week where UML diagrams were presented and analysed. The seminar was very informative and had closed some gaps in my knowledge on UML.

Unit 7 - Database Design and Implementation

Objectives

  • Explore the concepts and principles that underpin database designs.
  • Discuss approaches to data management.
  • Discuss strategies to implement a secure database management system.

Outcomes

  • Develop the conceptual framework for database design.
  • Apply the principles to implement a database management system.
  • Understand database security issues.

Reflection on Unit 7

The focus for Unit 7 was on database design and implementation. The lecturecast focused on considerations when designing databases, database modelling as well as database security. The take-aways from the lecturecast regarding security is as follows: (Danso, 2021)

  • Physical security is important.
  • Administrative and network access measures must be in place.
  • End-user account/device security must be secure.
  • Encryption technologies can be used to encrypt data transfer between databases over a network.
  • The DBMS must be secure.
  • Application and web servers must have the appropriate security measures in place to ensure maximum security.
  • Backups must equally be protected.

A significant amount of time was spent responding to the initial posts by my peers in the form of peer responses, A total of 6 peer responses was written. These can be viewed by clicking on the link below:

Click here to download the peer responses in a .pdf format

Further reading was also performed using the following two resources:

Downey, A., Elkner, J. & Meyers, C. (2012) How to Think Like a Computer Scientist. Learning with Python. Massachusetts, USA: Green Tea Press.

Connolly, T. & Begg, C. (2005). Database Systems. A practical Approach to Design, Implementation, and Management. Reading. Pearson / Addison Wesley.

These are great resources covering Python and databases.

References

Danso, S. (2021) Launching into cyber security [Lecturecast]. LCYS_PCOM7E August 2021 Launching into Cyber Security. University of Essex Online.

Unit 8 - Introduction to Python programming and MySQL

Objectives

  • Explore the Python data types and structures.
  • Explore the Python syntax and keywords.
  • Discuss Python functions and methods.
  • Implement object-oriented concepts and principles in Python.
  • Explore MySQL data management software package.
  • Integrate MySQL with Python programming environment.

Outcomes

  • Implement basic Python scripts.
  • Develop the ability to troubleshoot syntax and semantic errors in code.
  • Develop the ability to implement a database using MySQL database management package.
  • Develop the capacity to write Python script to accept input and store data in MySQL database.

Reflection on Unit 8

This week was focused around Python programming and MySQL. The exercises on the codio platform was attempted as a recap to python programming. I found this particularly useful as it filled the gaps on my Python knowledge. A seminar was also held during this week which provided in depth analysis to database security as well as security measures when programming in Python. The seminar was a great opportunity to ask questions and get clarity on the end of Module assignment due in Unit 12. Lastly, the latter half of the week was used to research and write a summary post based on peer responses received. Overall a great week of learning and understanding.

Unit 9 - OOP Application of Principles and Concepts

Objectives

  • Look at the implementation of access control as a data security strategy.
  • Explore authentication and authorisation Python-based libraries.
  • Look at the implementation of user identification and authentication.

Outcomes

  • Implement security measures to data.
  • Identify errors in security solution implementation code.
  • Understand validated security requirements.

Reflection on Unit 9

The primary focus of Unit 9 was to complete the individual essay that was due at the end of the week. Numerous hours were spent researching material and reading various books for relevant information. In addition a seminar was held which covered Python and MySQL as well as working through a practical example. The material presented was relevant and vital for the end of module assignment.

Unit 10 - Secure Web development

Objectives

  • Identify different web application components and their functions.
  • Discuss the strengths and weaknesses of the various web programming languages and tools.
  • Discuss the approaches to web development and design frameworks.

Outcomes

  • Understand the concepts and principles of web applications development.
  • Appraise the techniques and frameworks for secure web application development.
  • Develop an awareness and understanding of the industry standards and guidelines for securing web applications.

Reflection on Unit 10

The focus of Unit 10 was secure web development. A lecturecast was completed as part of this unit which focused on the concepts, principles and frameworks of web development. The following book was read during this week as well which focused on web development and programming:

Mandez, M. (2014) The Missing Link: An Introduction to Web Development and Programming. Createspace Independent Publishers.

The latter part of the week was focused on the end of module assignment outline, drawing out flow diagrams and understanding which libraries should be used. Some Codio exercises were also attempted.

Unit 11 - Introduction to Secure Web Programming with DJango

Objectives

  • Explore web development frameworks and libraries.
  • Implement the MVC architecture for web application.
  • Implement security libraries for user access controls, verification and authentications.

Outcomes

  • Apply the concepts and principles of web applications development.
  • Develop the ability to evaluate frameworks for secure web application development.
  • Apply industry standards and guidelines to secure web applications.

Reflection on Unit 11

Unit 11 was focused on updating my ePortfolio as well as completing the end of module assignment. Django was also introduced by means of the essential reading item:

Behrens, M. (2012) The Django Book. Sphinx. Available from https://django-book.readthedocs.io/en/latest/index.html

A very informative seminar was held as well which focused on the introduction to Django. Practical examples were presented which I found very helpful to understand the development framework. Overall a great final seminar.

Unit 12 - A Look into the Future of Cyber Security

Objectives

  • Discuss trends in demand and specialised knowledge that will be required as Cyber Security professional.
  • Discuss the emerging technologies and their impact on Cyber Security.
  • Explore the privacy and data confidentiality implications of emerging technologies.

Outcomes

  • Develop an awareness of emerging trend and future developments in Cyber Security.
  • Engage with research activities in the various areas of Cyber Security.
  • Understand the implications of future developments on privacy and data confidentiality.

Reflection on Unit 12

The focus of this unit was to complete and submit the end of module assignment both in Codio as well as on the VLE. A last and final lecturecast was also presented covering topics such as the future of Cyber security, Cloud computing and manufacturing as well as smart security tools and methods. One could not help feel excited about the field of Cybersecurity going forward.

Special thanks to Dr. Sammy Danso, who has been very helpful during this module. He was always willing to accommodate consultation sessions under short notice. He has provided great support and guidance to achieve the objectives of the Module.