Module Title Module JACS Subject ASC

Number Code(s) and % of Category(ies)

each subject
Cyber Security and Cryptography CIS6006 I100 6

Level (3 to Credits ECTS Module Value % Taught Module Type

8) Credit (1=20 credits) in Welsh
6 20 10 1.0 0% Taught

Teaching Period (Term/Semester) Pre-requisites

Term 1 None

Module Leader School(s)

Campus
Chaminda Hewage Cardiff School of Llandaff
Technologies

Assessment Methods
Assessment Code Duration/Length Weighting Threshold Approximate
and Method of Assessment of Date of
Method Assessment Submission
PRES1 -- Group 15 minutes 25% 1 Mid module
Presentation
WRIT1 -- 3,000 word 75% 1 Throughout
Assignment equivalent

Aim(s)

This module aims to encourage students to critically reflect on a range of information security
concepts and topical issues including information security, cryptography, cryptoanalysis and
secure systems. Students will have the opportunity to analyse, assess risk and to evaluate,
design and implement secure cyber systems.

Learning Outcomes

On successful completion of the module, students should be able to:

 Identify and evaluate information security risks in a variety of real world environments.
 Demonstrate an understanding of information security management requirements.
 Demonstrate an understanding of and justify the use of appropriate security and
cryptographic techniques for the design and implementation of secure systems.
 Contextualise the wider legal, socio-technical, professional and ethical dimensions of
cyber security.

Learning and Teaching Delivery Methods

Method Rationale Type of Contact Total
 (scheduled/ guided hours
independent
study/placement)
Lectures To enable core knowledge and Scheduled 24
understanding content to be delivered to
the whole module cohort
Seminars To allow exploration of all aspects of Scheduled 24
and Labs module content (knowledge,
understanding, skills & other attributes) in
an interactive group setting
Independent To enable students to independently Guided Independent Study 152
Study develop their understanding of the
module concepts and to complete
formative & summative assessment
activity
Total 200

Indicative Content

Identification and authentication, confidentially, integrity and availability, access control

techniques. Business continuity planning, disaster recovery planning. Security roles,
procedures and management structures. Risk management. Security models and
evaluation. Physical and environmental security.

Data protection laws, data retention laws, data disclosure laws, computer misuse laws,
intellectual property laws, investigations, ethics, international standards.

Network technologies, network models, network protocols, network attacks and

countermeasures, network encryption, intrusion prevention and detection systems,
malicious software. Technical foundation of cracking and ethical hacking. Aspects of
security, importance of data gathering, foot printing and system hacking evaluation of
computer security.

Encryption and decryption, types of cipher, symmetric and asymmetric key systems,
message digests and signatures. Principle of least privilege, personnel and operations
controls, recording, monitoring and reporting, backup and recovery, automated testing,
penetration testing, media management, due diligence.

Cryptaanalysis, steganaography, quantum cryptography

Required Reading
Keith, M (2017) Everyday Cryptography: Fundamental Principles and Applications, OUP
Oxford; 2nd edition.

Recommended Reading
Vacca, J (2013) Cyber Security and IT Infrastructure Protection, Syngress

Mooney, T, (2015) Information Security: A Practical Guide, IT Governance Publishing

Alexander, D., Finch, A., Sutton, D. and Taylor, A. (2013) Information Security
Management Principles (2nd ed.), BCS

Bruce, S (2015) Applied Cryptography: Protocols, Algorithms and Source Code in C, –

John Wiley & Sons; 20th Anniversary edition.

Access to Specialist Requirements

Cyber security lab
Network security lab
 Cardiff Metropolitan University
B.Sc. (Hons) in Business Information Systems
Assessment Cover Sheet

Student Details ( Student should fill the content)

Name

Student ID

Scheduled unit details

Unit code CIS6006

Unit title Cyber Security and Cryptography

Unit enrolment details Year

Study period 2020

Lecturer

Mode of delivery

Assessment Details

Nature of the Assessment Coursework

Topic of the Case Study Identifying the key components of Cyber security along with what are
the current problems and methodologies that have been followed in real
world.

Learning Outcomes covered LO1, LO2, LO3

Word count 3000

Due date / Time 19th February 2021

Extension granted? Yes No Extension Date

Is this a resubmission? Yes No Resubmission Date

Declaration

I certify that the attached material is my original work. No other person’s work or ideas have been used without
acknowledgement. Except where I have clearly stated that I have used some of this material elsewhere, I have not
presented it for examination / assessment in any other course or unit at this or any other institution
Name/Signature Date

Submission

Return to:

Result

Marks by 1st Name & Signature of the 1st Assessor Agreed Mark
Assessor

Marks by 2nd Name & Signature of the 2nd Assessor

Assessor

Comments on the
Agreed mark
 CMU B.Sc. (HONS) BIS - ASSESMENT FEEDBACK SHEET –ICBT CAMPUS

STUDENT NAME: STUDENT NUMBER:

Module Number & Title: Semester:

Assignment Type & Title:

For student use: Critical feedback on the individual progression towards achieving the assignment outcomes

For the Assessors’ feedback

Indicate the Task number strength and Weaknesses and the marks for each task

Task Strengths
No/Quest
ion No
Task No / Weaknesses
Question
No

Areas for future improvement

Marks

Task Allocated Marks Awarded Marks Remarks

/Question
No

Total
Marks

Name and the Signature of the

Assessor

Date
Scenario
GECH is the newly formed crypto currency and it’s going to be the next booming currency type among
crypto currencies with very high market share. Interested users can hire or purchase online servers and
virtual platforms to mining their currency and save them on their own virtual wallets.
As well GECH company make a platform to their customers to spend this crypto currency on different
platforms to make different payments. Also they allow customers to convert GECH to dollars, euro, yen
like leading currencies if customers want, also again this can save on their personal wallet and use for
any online payments.
Now this company GECH, connected with most of the companies and banks in different countries to
provide this service to customers using advance third party services, APIs and advance different Add-
Ons. Customers can make their own account on web or mobile platform to maintain all these services
with effective manner.

Task 01
You need to consider about the Identity and Access Management (IAM) strategy for this GECH platform.
Conduct a research and propose how do you manage triple-A concept (authentication, authorization
and auditing) of the application by utilization technologies like SSO federation with OpenID and access
controls with OAuth2. Consider how do you provide APIs for this GECH company.
(25 marks)
Task 02
This will be a critical application for all customers as their all crypto currency, converted currency are
stored in this platform. You need to propose a Business continuity plan for the GECH Company. Conduct
a Business Impact Analysis (BIA) by following correct Business Impact Analysis Process with help of Risk
Assessment and identify key services. Then suggest controls and actions to prevent or minimize the
damage to support business continuity. Here you need to consider aspects such as facility recovery and
Hardware and Software recovery.
(20 marks)
Task 03
As this application involves with different users in different countries, confidentiality is a crucial aspect
of the system. Explain how do you achieve CIA (Confidentiality, Integrity and Availability) properties with
this system. You need to consider how to apply them in storage and during transmission or data over
the internet. (25 marks)

Task 04
Managing well standard secure environment is very much important within this platform. Discuss how
ISO 27000 certification provides well defined standards and practices to preserve CIA within the GECH
organization. On the other hand, it will be a good indication for GECH customers who mainly interact
with this platform as they seriously consider about information security integrity. Select few controls
from ISO 27000 which could be applicable for this organization and mention the objectives of those.
Consider about ethical aspect of the system and discuss how do you enforce rules and policies within
GECH? (20 marks)
Task 05
The report must be of properly formatted and adhere to the guidelines. All the sources must be
correctly cited using Harvard referencing method.

(10 Marks)

Guidelines for the report format

• Paper A4
• Margins 1.5” left, 1” right, top and bottom
• Page numbers – bottom, right
• Line spacing 1.5
• Font : Headings 14pt, Bold ; Normal 12pt ; Font face- Times New Roman
• Referencing and in-text citation should be done strictly using Harvard Referencing System.

Learning outcomes coverage

This assignment is not covering the entire unit; it covers following learning outcomes.

Task 01 & 03

• Demonstrate understand of and justify the use of appropriate security and cryptographic techniques
for the design and implementation of secure systems

Task 02

• Identify and evaluate information security risks in a variety of real world environments

Task 04

• Demonstrate an understanding of information security management requirements

Marking scheme

Description of the criteria Marks

Task 1

(0%-39%): No clear understanding on identity and access 0-9

management requirements, concepts and methodologies.

(40%-49%): Basic understanding on identity and access 10-11

management requirements, concepts and methodologies.

(50%-59%): Identity and access management requirements 12-14

are properly defined

(60%-69%): Properly identified current identity and access 15-17

management methodologies which have been followed by
real world organizations

(>=70%): Critical justification on how the above technologies 18-25

can be implemented within the organization

Task 2

(0%-39%): No clear understanding on risk assessment, 0-7

Business Impact analysis, recovery strategies and
Implementation, test and maintenance strategies of BCP and
DRP

(40%-49%): Basic understanding on risk assessment, Business 8-9

Impact analysis, recovery strategies and Implementation, test
and maintenance strategies of BCP and DRP

(50%-59%): Identification of valid risks based on the given 10-11

scenario. Identification of the critical business functions.
Identification of few important recovery strategies.
Suggestion of appropriate implementation strategies

(60%-69%): Assess and rank the identified risks. Analyze 12-13

impact of not having the critical business functions available
to the organization. Provide a range of Recovery strategies
including for facility, hardware, software, personnel and data.
Suggestion of appropriate testing and maintenance strategies
for BCP and DRP.

(>=70%): Assess risks the organization facing in terms of both 14-20

qualitative and quantitative approach. A comprehensive
business impact analysis. A proper justification is provided for
all the selected recovery strategies. Critically justify the
Implementation, test and maintenance strategies of your
proposed BCP and DRP in the chosen organization.

Task 3

(0%-39%): No clear understanding of CIA triad. 0-9

(40%-49%): Basic understanding of the concept of CIA triad. 10-11

(50%-59%): Identify expectations of Confidentiality, Integrity 12-14

and Availability in a security system

(60%-69%): Evaluating current real world problems, intrusion 15-17

techniques and human errors in terms of Confidentiality,
Integrity and Availability.

(>=70%): Propose a strategy to overcome above issues and 18-25

preserve Confidentiality, Integrity and Availability

Task 4

(0%-39%): No clear understanding on ISO 2700 controls and 0-7

objectives.
 (40%-49%): Basic understanding on ISO 2700 controls and 8-9
objectives.

(50%-59%): Identification of ISO 2700 controls and objectives. 10-11

(60%-69%): Justify the selection of the appropriate controls 12-13

for the ISO27001 implementation.

(>=70%): Critically discuss how the ISO 27001 guidelines can 14-20
be effectively implemented in the selected controls

Task 5

(0%-39%): Poor vocabulary and grammar, untidy, unedited 0-4

work, improper no citations or references.

(40%-49%): vocabulary and grammar have minor errors, 4-5

untidy, unedited work, citations can be improved.

(50%-59%): Work is tidy, good standard of vocabulary 5-6

and grammar, satisfactory level citation and referencing.
(60%-69%): Good presentation, high standard of vocabulary 6-7
and grammar. Well formatted and structure, good use of
citations and referencing.

(>=70%): Outstanding presentation with proper formatting 7-10

and structure, excellent command of vocabulary and
grammar, correct use of citations and referencing.

Final Grading criteria for the coursework

Marks Final Grade

>=70 1
69-60 2:1
59-50 2:2
49-40 3
<40 fail