institution’s letter of support · web view60% the coursework presents students with a real-world...
TRANSCRIPT
Issue 2.023 June 2021
Certification of Postgraduate Master’s Degrees in Cyber Security
Application Template
Certification A: Master’s Degrees Providing a General Foundation in Cyber Security
Certification B: Master’s Degrees Focusing on a Specialised Area of Cyber Security
This document provides an application template for an HEI to have its Master’s degree in Cyber Security considered for certification. It is an HEI’s sole responsibility to ensure that its application is compliant and provides the information required.
Every application must be submitted on a separate template. Every template should clearly state whether the application is for Certification A or Certification B. Multiple applications on the same template will not be accepted.
Applications that do not use the template will not be considered for assessment.
Please feel free to delete this page from your completed application.
© Crown Copyright 2021, The National Cyber Security Centre
Page 1 of 100
Issue 2.023 June 2021
Instructions on how to use the template1. Text in purple describes what is required in each section of the application.
The places in the template where applicants have to insert text, tables and figures are denoted by ‘<<< … >>>’
Please do not delete the text in purple. It does not contribute to an application’s page count.
2. Text, table entries and figures in brown are provided to help guide applicants on what may be an appropriate response to some sections of the application and are provided by way of example only. They should be deleted from the completed application.
3. Text in red describes the criteria for a section as well as providing a grading framework for assessors.
Please do not delete the text in red. It does not contribute to an application’s page count.
4. A black font colour should be used for applications with a minimum font size of 10pt. However, it is recognised that to help fit some tables into the space available the text in some tables can be made smaller than 10pt, but no smaller than 8pt.
5. To help assessors with their assessment of applications, all applications should have a table of contents and make use of headers, footers and hyperlinks.
6. CVs, Table 4.3, module descriptions, assessment materials, external examiners’ reports (full certifications only), response to external examiners (full certifications only), and information on dissertations (full certifications only) should be included in the word template as Appendices A to F.
7. Anonymised copies of dissertations (full certification only) should be submitted as three separate PDF files.
Document HistoryIssue Date Comment
Issue 1.0 25 June 2020 First issue of application template for general Master’s degreesIssue 1.1 21 July 2020 Additional clarification of Indicative Material in Section 3.3b. Minor
updates to example tables 3.2b, 3.2c, 3.3 and 4.1. Minor updates to appendices B and C. Minor typos fixed.
Issue 2.0 23 June 2021 Second issue.
Please feel free to delete this page from your completed application.
Page 2 of 100
Issue 2.023 June 2021
Key Changes from Issue 1.1 of Template dated 21 July 2020Section Change
Overall ‘general’ and ‘specialised’ Master’s templates have been combined Certification A – now ‘general foundation in cyber security’; the descriptor ‘broad’ has
been removed applications must now be submitted using the template
Throughout document text in purple describes what is required in each section of the application the places in the template where applicants have to provide text are denoted by ‘<<<
APPLICANTS … >>>’
Throughout document text in brown is to help guide applicants on what may be an appropriate response to some sections of the application and is provided by way of example only
Throughout document text in red describes the criteria and provides a grading framework for assessors assessors make comments directly into the template
Section 2.3.1 new section requiring applicants to map the team’s knowledge and expertise to CyBOK
Section 2.4 new section requiring applicants to describe the team’s operating model
Section 2.7 section on review and update process has been updated
Section 2.8 section on facilities has been updated
Sections 3 and 4 the original Section 3 has been split into two: new Section 3 covering high level description of the Master’s; new Section 4 covering the taught component of the Master’s degree
Section 3 is now more table based with applicants required to complete entries in tables
Section 4.2 clarification that it is not a requirement that every CyBOK KA has to have credits allocated to it; rather, across the CyBOK KAs as a whole there must be a minimum number (84) of taught credits
Section 4.3.1 Table 4.3 (previously 3.3) showing detailed coverage of KAs to be placed in Appendix B clarification about associated assessments
Section 4.3.2 new section requiring applicants to provide a summary table of the credit allocation across the KAs
Section 5.1 requires description of assessment types being used on taught modules
Section 5.4 new table (Table 5.1) to be completed covering rigour of assessments
Section 5.6 new section covering the process for setting assessments
Section 5.7 new section covering the process for marking assessments
Section 5.8 new section covering plagiarism
Please feel free to delete this page from your completed application.
Page 3 of 100
Issue 2.023 June 2021
Key Changes from Issue 1.0 of Template dated 21 July 2020 (continued)Section Change
Section 5.10 section dealing with external examiners’ reports has been updated
Section 6 renamed ‘Research Dissertations’ rather than ‘Original Research Dissertations’
Section 6.1 new section covering the timeline for research dissertations
Section 6.2 new section covering the governance of the research dissertation process
Section 6.4 new section covering allocation of students to supervisors
Section 6.5 new section covering legal and ethical issues in dissertations
Section 6.7 new section covering plagiarism
Section 6.10 dissertations must now be supplied as three separate PDF files
Section 7.1 entry data required for UK and non-UK students only entry data required for students with 2/2 or above in STEM, relevant experience or
demonstration of aptitude criteria updated
Section 7.2 criteria updated
Appendix A staff CVs (as previous issue)
Appendix B Table 4.3, credit allocation across the CyBOK Knowledge Areas Table 4.3 minor updates to: AAA, Law and Regulation, Privacy and Online Rights, Risk
Management and Governance, Secure Software Lifecycle, Security Operations and Incident Management
Table 4.3 major update to Network Security Table 4.3 new KAs: Formal Methods for Security, Applied Cryptography
Appendix C module descriptions
Appendix D assessment materials
Appendix E external examiners’ reports
Appendix F information on dissertations
Please feel free to delete this page from your completed application.
Page 4 of 100
Issue 2.023 June 2021
University of X
Application for Provisional/Full Certification of a Master’s Degree Providinga General Foundation in Cyber Security – Certification A1
or
Application for Provisional/Full Certification of a Master’s Degree Focusing on a Specialised Area of Cyber Security – Certification B2
1 Please delete if not applying for Certification A. Also please delete ‘full’ or ‘provisional’ as appropriate.2 Please delete if not applying for Certification B. Also please delete ‘full’ or ‘provisional’ as appropriate.
Page 5 of 100
Issue 2.023 June 2021
Table of contents1. Institution’s Letter of Support............................................................................................................................................11
1.1 Signed letter of support for both full and provisional applications...........................................................................11
1.2 For provisional applications......................................................................................................................................11
1.3 Assessment criteria...................................................................................................................................................11
2. Description of the Applicant..............................................................................................................................................12
2.1 Organisational structure............................................................................................................................................12
2.1.1 Assessment criteria...............................................................................................................................................12
2.2 Team structure..........................................................................................................................................................12
2.2.1 Assessment criteria...............................................................................................................................................14
2.3 Team knowledge and expertise.................................................................................................................................15
2.3.1 Mapping of team to CyBOK...................................................................................................................................15
2.3.2 Staff CVs................................................................................................................................................................17
2.3.3 Assessment criteria...............................................................................................................................................17
2.4 Team operation.........................................................................................................................................................17
2.4.1 Assessment criteria...............................................................................................................................................18
2.5 Recent investments...................................................................................................................................................18
2.5.1 Assessment criteria...............................................................................................................................................18
2.6 External linkages.......................................................................................................................................................19
2.6.1 Assessment criteria...............................................................................................................................................19
2.7 Review and update process.......................................................................................................................................19
2.7.1 Assessment criteria...............................................................................................................................................20
2.8 Facilities.................................................................................................................................................................... 20
2.8.1 Assessment criterion.............................................................................................................................................20
2.9 Overall assessment of section 2................................................................................................................................20
3. High Level Description of the Master’s Degree in Cyber Security......................................................................................21
3.1 Key characteristics of the Master’s...........................................................................................................................21
3.1.1 Assessment criteria...............................................................................................................................................21
3.2 Full and provisional certification applications...........................................................................................................22
3.2.1 Full applications....................................................................................................................................................22
3.2.2 Provisional applications........................................................................................................................................22
3.2.3 Assessment criterion.............................................................................................................................................22
3.3 Delivery of the degree...............................................................................................................................................23
3.3.1 Assessment criteria...............................................................................................................................................23
3.4 Aims of the Master’s degree.....................................................................................................................................23
3.4.1 Assessment criteria...............................................................................................................................................23
Page of
TABLE OF CONTENTS
Issue 2.023 June 2021
3.5 Overall assessment of section 3................................................................................................................................24
4. The Taught Component of the Master’s Degree in Cyber Security....................................................................................25
4.1 Compulsory and optional taught modules................................................................................................................25
4.1.1 Assessment criterion.............................................................................................................................................25
4.2 Number of taught credits that can be mapped to CyBOK Knowledge Areas (KAs)....................................................26
4.2.1 Compulsory modules............................................................................................................................................26
4.2.2 Optional modules..................................................................................................................................................26
4.2.3 Pathways...............................................................................................................................................................27
4.2.4 Assessment criteria...............................................................................................................................................27
4.3 Detailed coverage of KA Topics.................................................................................................................................28
4.3.1 Completion of Table 4.3 in Appendix B.................................................................................................................28
4.3.2 Summary table of credit allocation across the KAs...............................................................................................29
4.3.3 Visual representation of credit allocation across the KAs.....................................................................................29
4.3.4 Assessment criteria...............................................................................................................................................33
4.4 Justification of KA coverage......................................................................................................................................33
4.4.1 Master’s degree providing a general foundation in cyber security – Certification A.............................................33
4.4.2 Master’s degree focusing on a specialised area of cyber security – Certification B..............................................33
4.5 Module descriptions..................................................................................................................................................34
4.5.1 Assessment criterion.............................................................................................................................................34
4.6 Professional knowledge and skills.............................................................................................................................34
4.6.1 Assessment criterion.............................................................................................................................................35
4.7 Overall assessment of section 4................................................................................................................................35
5. Assessment Materials........................................................................................................................................................36
5.1 Overall approach to assessment...............................................................................................................................36
5.1.1 Assessment criteria...............................................................................................................................................36
5.2 Marking scheme........................................................................................................................................................36
5.2.1 Assessment criterion.............................................................................................................................................36
5.3 Overall grade for the Master’s..................................................................................................................................36
5.3.1 Assessment criterion.............................................................................................................................................37
5.4 Rigour of assessment................................................................................................................................................37
5.4.1 Assessment criteria...............................................................................................................................................40
5.5 Justification of 40% pass mark..................................................................................................................................40
5.5.1 Assessment criterion.............................................................................................................................................40
5.6 Setting assessments..................................................................................................................................................40
5.6.1 Assessment criteria...............................................................................................................................................40
5.7 Marking assessments................................................................................................................................................41
Page of
TABLE OF CONTENTS
Issue 2.023 June 2021
5.7.1 Assessment criteria...............................................................................................................................................41
5.8 Detecting and dealing with plagiarism......................................................................................................................41
5.8.1 Assessment criterion.............................................................................................................................................41
5.9 Examination papers...................................................................................................................................................41
5.9.1 Provisional application..........................................................................................................................................41
5.9.2 Full application......................................................................................................................................................42
5.10 External examiners’ reports – full application only...................................................................................................42
5.10.1 Assessment criteria...........................................................................................................................................43
5.11 Overall assessment of section 5................................................................................................................................43
6. Research Dissertations.......................................................................................................................................................44
6.1 Timeline.................................................................................................................................................................... 44
6.1.1 Assessment criterion.............................................................................................................................................44
6.2 Governance of the research dissertation process.....................................................................................................44
6.2.1 Assessment criterion.............................................................................................................................................45
6.3 Guidance to students................................................................................................................................................45
6.3.1 Assessment criterion.............................................................................................................................................45
6.4 Identification of dissertation topics...........................................................................................................................45
6.4.1 Assessment criteria...............................................................................................................................................46
6.5 Allocation of students to supervisors........................................................................................................................46
6.5.1 Assessment criterion.............................................................................................................................................46
6.6 Legal and ethical issues.............................................................................................................................................46
6.6.1 Assessment criterion.............................................................................................................................................46
6.7 Monitoring of students’ progress..............................................................................................................................46
6.7.1 Assessment criterion.............................................................................................................................................46
6.8 Detecting and dealing with plagiarism......................................................................................................................47
6.8.1 Assessment criterion.............................................................................................................................................47
6.9 Research dissertations contributing fewer than 40 credits.......................................................................................47
6.9.1 Assessment criterion.............................................................................................................................................47
6.10 Assessment of dissertations......................................................................................................................................47
6.10.1 Assessment criterion........................................................................................................................................48
6.11 For full certification only...........................................................................................................................................48
6.11.1 List of dissertation topics..................................................................................................................................48
6.11.2 Example dissertations.......................................................................................................................................49
6.12 Overall assessment of section 6................................................................................................................................50
7. Student Numbers and Grades Achieved – Applications for Full Certification Only............................................................51
7.1 Student entry data....................................................................................................................................................51
Page of
TABLE OF CONTENTS
Issue 2.023 June 2021
7.1.1 Assessment criteria...............................................................................................................................................52
7.2 Student exit data.......................................................................................................................................................54
7.2.1 Assessment criteria...............................................................................................................................................54
7.3 Student satisfaction...................................................................................................................................................55
7.3.1 Assessment criteria...............................................................................................................................................55
7.4 Overall assessment of section 7................................................................................................................................56
8. Appendix A: Staff CVs (Appendix to Section 2 of Application)...........................................................................................57
8.1 CV for Dr E. F.............................................................................................................................................................57
8.1.1 Personal statement of experience and expertise in cyber security.......................................................................57
8.1.2 Academic background...........................................................................................................................................57
8.1.3 Professional employment.....................................................................................................................................57
8.1.4 Contribution to cyber security at the University of X............................................................................................57
8.1.5 Esteem indicators.................................................................................................................................................57
8.1.6 Cyber security knowledge and expertise indicators..............................................................................................57
8.1.7 Any other information..........................................................................................................................................57
8.2 CV for Dr G. H............................................................................................................................................................58
8.2.1 Personal statement of experience and expertise in cyber security.......................................................................58
8.2.2 Academic background...........................................................................................................................................58
8.2.3 Professional employment.....................................................................................................................................58
8.2.4 Contribution to cyber security at the University of X............................................................................................58
8.2.5 Esteem indicators.................................................................................................................................................58
8.2.6 Cyber security knowledge and expertise indicators..............................................................................................58
8.2.7 Any other information..........................................................................................................................................58
8.3 CV for I. J...................................................................................................................................................................59
8.3.1 Personal statement of experience and expertise in cyber security.......................................................................59
8.3.2 Academic background...........................................................................................................................................59
8.3.3 Professional employment.....................................................................................................................................59
8.3.4 Contribution to cyber security at the University of X............................................................................................59
8.3.5 Esteem indicators.................................................................................................................................................59
8.3.6 Cyber security knowledge and expertise indicators..............................................................................................59
8.3.7 Any other information..........................................................................................................................................59
8.4 CV for K. L..................................................................................................................................................................60
8.4.1 Personal statement of experience and expertise in cyber security.......................................................................60
8.4.2 Academic background...........................................................................................................................................60
8.4.3 Professional employment.....................................................................................................................................60
8.4.4 Contribution to cyber security at the University of X............................................................................................60
Page of
TABLE OF CONTENTS
Issue 2.023 June 2021
8.4.5 Esteem indicators.................................................................................................................................................60
8.4.6 Cyber security knowledge and expertise indicators..............................................................................................60
8.4.7 Any other information..........................................................................................................................................60
9. Appendix B: Table 4.3 – Credit Allocation Across the CyBOK Knowledge Areas (Appendix to Section 4 of Application). . .61
10. Appendix C: Module Descriptions (Appendix to Section 4 of Application).........................................................................94
10.1 Risk Management module........................................................................................................................................94
10.2 Adversarial Behaviour module..................................................................................................................................94
10.3 Cryptography module...............................................................................................................................................94
10.4 Network Security module..........................................................................................................................................94
10.5 Malware module.......................................................................................................................................................94
10.6 Human Factors module.............................................................................................................................................94
10.7 Research Methods module.......................................................................................................................................94
10.8 Cloud Computing module..........................................................................................................................................94
10.9 Forensics module......................................................................................................................................................94
10.10 Machine Learning module.........................................................................................................................................95
10.11 Project Management module...................................................................................................................................95
11. Appendix D: Assessment materials (Appendix to section 5 of application).......................................................................96
11.1 Risk Management assessments.................................................................................................................................96
11.2 Adversarial Behaviour assessments..........................................................................................................................96
11.3 Cryptography assessments........................................................................................................................................96
11.4 Network Security assessments..................................................................................................................................96
11.5 Malware assessments...............................................................................................................................................96
11.6 Human Factors assessments.....................................................................................................................................96
11.7 Research Methods assessments................................................................................................................................96
11.8 Cloud Computing assessments..................................................................................................................................96
11.9 Forensics assessments..............................................................................................................................................96
11.10 Machine Learning assessments.................................................................................................................................96
11.11 Project Management assessments............................................................................................................................97
12. Appendix E: External Examiners’ Reports (Appendix to Section 5 of Application).............................................................98
12.1 External examiners’ reports......................................................................................................................................98
12.2 HEI’s response to external examiners’ reports..........................................................................................................98
13. Appendix F: Research Dissertations Information (Appendix to Section 6 of Application)..................................................99
13.1 Distinction dissertation information..........................................................................................................................99
13.2 Merit dissertation information..................................................................................................................................99
13.3 Pass dissertation information....................................................................................................................................99
Page of
TABLE OF CONTENTS
Issue 2.023 June 2021
1. Institution’s Letter of SupportUp to two sides of A4, excluding explanatory text and assessment criteria.
1.1 Signed letter of support for both full and provisional applicationsPlease provide a signed and dated letter from the Vice Chancellor (or equivalent) showing support for the HEI’s application to have a Master’s degree in Cyber Security considered for certification by the NCSC.
The letter of support must state whether Certification A or Certification B is being applied for. If the application is for Certification B, then then the letter must clearly identify the specialised area of cyber security in the Master’s.
The letter of support is not graded but must be present. Its purpose is to show that the senior management of the HEI is fully supportive of the application. The letter should make it clear which degree is being submitted for certification and against which certification standard.
Please note that a letter from the Head of Department submitting the application is not acceptable.
The letter should be viewed as an opportunity for the HEI’s senior management to:
demonstrate commitment to the Master’s programme specifically and cyber security more generally highlight recent HEI investment in the area and any future planned investment describe the importance of the area in the HEI’s future strategy, etc. outline how Covid-19 is impacting the HEI generally and the Master’s degree specifically along with the steps being
taken by the HEI to deal with the issues being raised
1.2 For provisional applicationsFor those Master’s degrees that have not yet started, it is important that the HEI confirms the start date for the Master’s degree and that the degree will start by (up to and including) October 2023.
For those Master’s degrees that meet the requirements for full certification to be applied for, but the HEI has only chosen to submit a provisional application, it is important that the HEI confirms both that choice and its reasons for doing so.
<<< APPLICANTS INSERT VC’s LETTER DIRECTLY BELOW >>>
1.3 Assessment criteriai. A letter of support from the Vice Chancellor or equivalent must be provided.
ii. The letter must state whether Certification A or Certification B is being applied for.iii. If the application is for Certification B, then the letter must clearly identify the specialised area of cyber security in
the Master’s.iv. If applicable, the Master’s will start by (up to and including) October 2023.v. If applicable, a provisional application has been justified where a full application could have been made.
For Assessors onlyCriteria Achieved Not Achieved Unclear Not Applicable
i. ☐ ☐ ☐ii. ☐ ☐ ☐iii. ☐ ☐ ☐ ☐iv. ☐ ☐ ☐ ☐v. ☐ ☐ ☐ ☐Comments (if applicable). <insert text here>
Page 11 of 100
INSTITUTION’S LETTER OF SUPPORT
Issue 2.023 June 2021
2. Description of the ApplicantUp to seven sides of A4, excluding explanatory text, assessment criteria, mapping of team to CyBOK and CVs.
2.1 Organisational structurePlease state the name of the lead group(s) / department(s) responsible for delivering the Master’s degree. Provide an organisational diagram (Figure 2.1) that shows where the lead(s) are situated within the overall structure of the HEI.
<<< APPLICANTS INSERT TEXT AND DIAGRAM DIRECTLY BELOW >>>
The text and figure in brown below are by way of example only.
The Cyber Security Group is responsible for delivering the Master’s. The Group is led by Dr E. F. and is situated within the Department of Computing which is part of the Faculty of Science, Engineering and Mathematics.
Figure 2.1: HEI organisational structure.
2.1.1 Assessment criteriai. The lead group(s) / department(s) responsible for the Master’s appear(s) to be appropriate.
ii. The organisational structure must make it clear where the lead for the Master’s resides within the HEI.
For assessors onlyCriteria Achieved Not Achieved Unclear
i. ☐ ☐ ☐ii. ☐ ☐ ☐Comments (if applicable). <insert text here>
2.2 Team structurePlease complete Table 2.1 that gives the names, roles and responsibilities of the members of staff responsible for delivering the degree content, setting and marking examinations, supervising dissertations, etc. The relevant expertise column should highlight how staff members have the knowledge and experience to successfully carry out their responsibilities. It is highly recommended to provide hyperlinks to the staff CVs shown in Appendix A so that assessors can quickly cross check the information in Table 2.1 with the information provided in the CVs.
Page 12 of 100
DESCRIPTION OF THE APPLICANT
Issue 2.023 June 2021
When there is a core team delivering the Master’s, it may be helpful to separate the core team from ‘associate’ members of the team.
When a significant activity (e.g., delivery of a module) is undertaken by a third party, which is not directly employed by the HEI, the contractual relationship with the party should be made clear.
<<< APPLICANTS COMPLETE TABLE 2.1 BELOW AND SUPPLY ADDITIONAL TEXT IF APPLICABLE >>>
The text in brown is by way of example only.Name of Staff
MemberRole Responsibilities Relevant Expertise
CV for Dr E. F. Reader and Master’s Course Director
ensures overall coherence and quality of Master’s
delivers module on Risk and Governance
delivers module on Research Methods oversees Master’s research projects
broad knowledge of cyber security as evidenced by publication record
successfully managed and delivered academic programmes over past 10 years
CV for Dr G. H.Error: Reference source not found
Senior Lecturer delivers Network Security module supervises research projects
keynote presenter at recent network security conferences
has successfully supervised 10 PhD students through to completion
CV for I. J. Lecturer delivers Software Security module supervises research projects
extensive experience of building mission-critical systems in industry
has successfully supervised 10 cyber security Master’s projects over the past 5 years
Other staff members
…. …. ….
CV for K. L. Error: Reference source not found
External consultant with 3-year contract October 2020 – September 2023
delivers Forensics module supervises research projects in forensics
runs successful forensics company provides forensics advice to
government and industry to date, has successfully supervised
6 Master’s forensics projects drawing on real-world problems
Table 2.1: The team responsible for delivering the Master’s.
All team members listed in Table 2.1 are part of the ‘core team’ for delivery of the Master’s. As noted in Table 2.1, K. L. is employed under a (second) three-year contract with the HEI to deliver the Forensics module, to set and mark forensics assessments, and supervise students undertaking research projects in forensics.
Page 13 of 100
DESCRIPTION OF THE APPLICANT
Issue 2.023 June 2021
2.2.1 Assessment criteriaiii. Team roles and responsibilities must be appropriate and clear.iv. If applicable, the separation between the core team and associate team must be clear.v. If applicable, the contractual relationship with third parties must be clear and appropriate.
For assessors onlyCriteria Achieved Not Achieved Unclear Not Applicable
iii. ☐ ☐ ☐iv. ☐ ☐ ☐ ☐v. ☐ ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
Page 14 of 100
DESCRIPTION OF THE APPLICANT
Issue 2.023 June 2021
2.3 Team knowledge and expertise
2.3.1 Mapping of team to CyBOKPlease complete Table 2.2 that shows the expertise of the team as a whole mapped to CyBOK. Use colour coding to indicate an individual’s level of knowledge and expertise 3. Use ‘T’ to indicate that an individual teaches a module that includes a significant amount of a particular Knowledge Area. Use ‘S’ to indicate that an individual is able to supervise projects in this Knowledge Area. Please ensure that the name of every member of staff is hyperlinked to their CV.
<<< APPLICANTS COMPLETE TABLE 2.2 BELOW >>>
3 The colours used in Table 2.2 are based on palette 2 from https://medium.com/cafe-pixo/inclusive-color-palettes-for-the-web-bbfe8cf2410e. However, applicants can use any suitable colour-blind friendly palette they think appropriate.
Page 15 of 100
DESCRIPTION OF THE APPLICANT
Issue 2.023 June 2021
The entries in the table are by way of example only.
StaffKnowledge Areas
INT RMG HF POR LR MAL ADV FOR SOIM CRY OS DSS FMS AAA SS WM SSL NS HWS ACRY CPS PL
Error: Reference source not found
T
CV for Dr G. H.Error: Reference source not found
S S S T S S
CV for I. J. Error: Reference source not found
S S T S T S
Error: Reference source not found…
…
CV for K. L. S T S
Key Description
Page 16 of 100
DESCRIPTION OF THE APPLICANT
Issue 2.023 June 2021
#BDD9BF No Knowledge
#929084 Basic Awareness
#FFCF57 Good Knowledge. For example, able to teach material from this KA and supervise Master’s students.
#A997DF Expert. For example, publishes research in the field and/or advises government, industry, academia on the KA.
Table 2.2: Expertise of team mapped to CyBOK.
Page 17 of 100
DESCRIPTION OF THE APPLICANT
Issue 2.023 June 2021
2.3.2 Staff CVsFor every member of staff named in Table 2.1, please provide a tailored CV (up to 2 sides of A4 in length). This should contain:
a personal statement of experience and expertise in cyber security using the CyBOK KAs as a framework details of academic background details of cyber-security related employment contribution to cyber security at the HEI cyber-security related and other esteem indicators – e.g., editorships, invited talks, membership of national and
international advisory groups cyber-security knowledge and expertise indicators, such as recent publications, work with industry/government,
research activities any other information that might be relevant in demonstrating cyber security expertise
CVs should be placed in Appendix A.
<<< APPLICANTS INSERT TEXT AND LINK TO CVs DIRECTLY BELOW >>>
By way of example only. Please see Appendix A: Staff CVs (Appendix to Section 2 of Application)
2.3.3 Assessment criteriavi. The CVs must show that staff members have the relevant expertise to carry out their roles and responsibilities
shown in Table 2.1.vii. The levels of knowledge and expertise shown in Table 2.2 must be consistent with the CVs.viii. Table 2.2 should be consistent with the table and histogram(s) of credit allocation across the KAs shown in sections
4.3.2 and 4.3.3 and must show that the team as a whole has the expertise to deliver:either a Master’s providing a general foundation in cyber security – Certification Aor a Master’s focusing on a specialised area of cyber security – Certification B
For assessors onlyCriteria Achieved Not Achieved Unclear
vi. ☐ ☐ ☐vii. ☐ ☐ ☐viii. ☐ ☐ ☐Comments (if applicable). <insert text here>
2.4 Team operationPlease describe the operating model adopted by the team for the successful delivery of the Master’s. As a minimum, this should include:
team meetings: for example, the chair, regularity, standing agenda items, tracking actions, etc. team communication allocation of workload across staff members progress monitoring of teaching and research dissertations planning assessments and liaising with external examiners planning marking of dissertations and liaising with external examiners dealing with issues raised by students dealing with urgent and important events that affect the delivery of the Master’s such as Covid-19, staff sickness or
staff departures
Page 18 of 100
DESCRIPTION OF THE APPLICANT
Issue 2.023 June 2021
<<< APPLICANTS INSERT TEXT DIRECTLY BELOW >>>
2.4.1 Assessment criteriaix. It must be clear that the team operates effectively as a cohesive unit.x. It must be clear that the team has a process in place to deal with urgent and important events.
For assessors onlyCriteria Achieved Not Achieved Unclear
ix. ☐ ☐ ☐x. ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
2.5 Recent investmentsPlease complete Table 2.3 that shows recent investments from the HEI, government, industry etc. in the groups running the Master’s degree programme. Please highlight the benefits to the academic team delivering the Master’s as well as students undertaking the Master’s.
<<< APPLICANTS COMPLETE TABLE 2.3 BELOW >>>
The text in brown is by way of example only.Value of
InvestmentSource of
InvestmentFinancial Year Nature of Investment Benefit to Academic
TeamBenefit to Master’s
Programme
£50K HEI 2019 - 2020 Refurbishment of Cyber Security Group’s forensics laboratory including equipment and software.
Improved facilities for research and teaching.
Master’s students use the upgraded forensics laboratory.
£100K Manufacturer X 2018 – 20192019 - 2020
Networking equipment to Department of Computing for Department’s networking laboratory.
Improved facilities for research and teaching.
Master’s students use upgraded networking laboratory.
£200K HEI 2018 – 2019 New PCs, laptops and peripherals to Department of Computing.
Master’s students have access to more modern devices.
£20K HEI 2017 - 2018 Members of staff in Cyber Security Group able to gain professional cyber security qualifications (e.g., pen tester, risk analyst, etc.).
Improved knowledge and expertise of staff members.
Master’s students benefit from being taught by staff with recognised industry qualifications.
Table 2.3: Recent investments.
2.5.1 Assessment criteriaxi. It must be clear that the academic team responsible for the Master’s has benefitted from recent investments.
xii. It must be clear that the Master’s programme has also benefitted from investments.
For assessors onlyCriteria Achieved Not Achieved Unclear
Page 19 of 100
DESCRIPTION OF THE APPLICANT
Issue 2.023 June 2021
xi. ☐ ☐ ☐xii. ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
2.6 External linkagesPlease complete Table 2.4 that shows external linkages benefitting the academic team and the Master’s programme. For example, visiting lecturers with specialist knowledge from other academic departments, government or industry; projects suggested, and monitored, by industry; etc.
<<< APPLICANTS COMPLETE TABLE 2.4 BELOW >>>
The text in brown is by way of example only.Nature of External Linkage Benefit to Academic Team Benefit to Master’s Programme
External Advisory Board. Meets twice yearly, membership from industry, government and academia. Membership has strong cyber security representation.
Provides advice on cyber security issues affecting external organisations, employment opportunities for graduates, and curriculum development.
Helps ensure Master’s is kept up to date and relevant.
Company X provides series of invited lectures on forensics and suggests topics for research dissertations
Opportunity to network with external companies and gain insight into issues of concern to industry.
Master’s students provided with a set of interesting and relevant topics for their dissertations.
Company Y has donated equipment for joint projects
Opportunity to carry out collaborative research with industry.
Master’s students can make use of equipment in their research.
Membership of the CISSE UK network4. CISSE UK provides external speakers, course materials and cyber security challenges for students
Opportunity for academic staff to meet with colleagues in other universities and to develop ‘best practice’ educational materials.
Master’s students engage in cyber security challenges with students from other universities.
Table 2.4: External linkages.
2.6.1 Assessment criteriaxiii. It must be clear that the team has a range of external linkages that adds value to the academic team.xiv. It must be clear that the team has a range of external linkages that adds value to the Master’s.
For assessors onlyCriteria Achieved Not Achieved Unclear
xiii. ☐ ☐ ☐xiv. ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
2.7 Review and update processPlease describe the process used to review and renew the course content to keep it up to date. As a minimum, this should include:
how often are changes to the Master’s considered who is involved in the decision-making process what inputs are considered: e.g., input from academic staff, student feedback, industrial advisory group input,
industrial trends, government strategy, etc what criteria are used to evaluate potential changes who is responsible for signing off changes
<<< APPLICANTS INSERT TEXT BELOW >>>
4 https://cisseuk.org/
Page 20 of 100
DESCRIPTION OF THE APPLICANT
Issue 2.023 June 2021
2.7.1 Assessment criteriaxv. There must be a clear and appropriate process for reviewing and updating the Master’s programme.
xvi. The frequency of reviewing and updating must be appropriate to ensure that the Master’s in cyber security is kept up to date and relevant.
For assessors onlyCriteria Achieved Not Achieved Unclear
xv. ☐ ☐ ☐xvi. ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
2.8 FacilitiesPlease describe the facilities available to students undertaking the Master’s degree. For each facility, please include a brief justification that it is of sufficient quality and quantity to meet the needs of Master’s students. As a minimum please include:
computer laboratories dedicated equipment and software library on-line journal subscriptions for research dissertations
<<< APPLICANTS INSERT TEXT BELOW >>>
2.8.1 Assessment criterionxvii. Students undertaking the Master’s should have access to a sufficient number of well-equipped modern computer
laboratories with easy access to information on the latest developments in cyber security.
For assessors onlyCriterion Achieved Not Achieved Unclear
xvii. ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
2.9 Overall assessment of section 2For assessors only
Overall Grade Overall Comments
<assessors insert grade here> <if applicable, assessors insert text here>
Page 21 of 100
DESCRIPTION OF THE APPLICANT
Issue 2.023 June 2021
3. High Level Description of the Master’s Degree in Cyber SecurityUp to ten sides of A4, excluding explanatory text and assessment criteria.
3.1 Key characteristics of the Master’sPlease complete Table 3.1.
<<< APPLICANTS COMPLETE TABLE 3.1 BELOW >>>
The text in brown is by way of example only.Confirm that degree meets the characteristics of a Category 2, Specialised or Advanced Study Master’s5
Yes ☒ No ☐
Confirm that the degree is not categorised as a Master’s by Research or Integrated Master’s6
Yes ☒ No ☐
Confirm that one credit equates to a nominal 10 hours of work by a student
Yes ☒ No ☐
Name of degree Master’s in Cyber Security
Degree awarded MSc
Total number of credits required for Master’s. If different from 180, please provide brief justification.
180
Number of taught credits. If different from 120, please provide brief justification.
120
Number of credits for research dissertation. If more than 80, please justify that there are a sufficient number of credits to cover the taught content.
60
Provisional or Full certification being applied for.
Provisional ☒ Full ☐
Which certification is being applied for. Certification A ☒ Certification B ☐
Table 3.1: High level characteristics of the Master’s.
3.1.1 Assessment criteriai. Confirmation that the Master’s is classified as a Category 2 Master’s.
ii. Confirmation that the Master’s is not an Integrated Master’s or Master’s by Research.iii. One credit must equate to a nominal 10 hours of work by a student.iv. If the total number of credits is different from 180 this must be justified.v. If the number of taught credits is different from 120 this must be justified.
vi. If the number of credits associated with the research dissertation is more than 80 then the applicant will need to justify that there are still a sufficient number of credits in the taught modules of the degree to cover the CyBOK Knowledge Areas in sufficient breadth and depth.
vii. It must be clear whether full or provisional certification is being applied for.
5 https://www.qaa.ac.uk/docs/qaa/quality-code/master's-degree-characteristics-statement8019abbe03dc611ba4caff140043ed24.pdf?sfvrsn=86c5ca81_12, page 56 Master’s by Research (MRes) and Integrated Master’s are both out of scope for this certification.
Page 22 of 100
HIGH LEVEL DESCRIPTION OF THE MASTER’S DEGREE
Issue 2.023 June 2021
viii. It must be clear whether Certification A or Certification B is being applied for.
For assessors onlyCriteria Achieved Not Achieved Unclear Not Applicable
i. ☐ ☐ ☐ii. ☐ ☐ ☐iii. ☐ ☐ ☐iv. ☐ ☐ ☐ ☐v. ☐ ☐ ☐ ☐vi. ☐ ☐ ☐ ☐vii. ☐ ☐ ☐viii. ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
3.2 Full and provisional certification applicationsPlease complete either section 3.2.1 or section 3.2.2.
3.2.1 Full applications<<< APPLICANTS COMPLETE TABLE 3.2a BELOW >>>
Confirm that the degree had a cohort of students successfully complete the degree in academic year 2020 – 2021.
Yes ☐ No ☐
Confirm that the Master’s is running in academic year 2021 – 2022. Yes ☐ No ☐
Table 3.2a: Full certification application.
3.2.1.1 Assessment criterionix. The degree must have had a cohort of students successfully complete the degree in academic year 2020 – 2021 and
it must be currently running in academic year 2021 – 2022.
For assessors onlyCriterion Achieved Not Achieved Unclear
ix. ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
3.2.2 Provisional applications<<< APPLICANTS COMPLETE TABLE 3.2b BELOW >>>
If applicable, confirm that if the Master’s degree has not yet started it will start by (up to and including) October 2023.
Yes ☐ No: ☐ Not applicable ☐
Table 3.2b: Provisional certification application.
3.2.3 Assessment criterionx. Master’s degrees that have not yet started must start by (up to and including) October 2023.
For assessors onlyCriterion Achieved Not Achieved Unclear Not Applicable
x. ☐ ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
3.3 Delivery of the degreePlease state the UK campus(es) at which the Master’s is delivered.
Please describe the use of online learning, particularly in relation to Covid-19.Page 23 of 100
HIGH LEVEL DESCRIPTION OF THE MASTER’S DEGREE
Issue 2.023 June 2021
If applicable, please state whether the degree is offered on a part-time basis and provide a description of how the degree is structured to accommodate part-time students.
<<< APPLICANTS INSERT TEXT BELOW >>>
3.3.1 Assessment criteriaxi. It must be clear at which UK campus(es) the Master’s is delivered.
xii. It should be clear that on-line learning is being used effectively, in particular for dealing with Covid-19.xiii. If offered as a part-time Master’s, part-time students should cover the same breadth and depth of content as one-
year, full time students.
For assessors onlyCriteria Achieved Not Achieved Unclear Not Applicable
xi. ☐ ☐ ☐xii. ☐ ☐ ☐xiii. ☐ ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
3.4 Aims of the Master’s degreePlease provide a description of the overall aims of the degree, in particular how the degree:
either
provides a general foundation in cyber security – Certification A
or
is focused on a specialised area of cyber security – Certification B
Please describe how the Master’s is of value to students, employers and the academic community.
<<< APPLICANTS INSERT TEXT BELOW >>>
3.4.1 Assessment criteriaxiv. The overall aims of the degree must be clearly articulated, coherent and appropriate for a Master’s
either
providing a general foundation in cyber security
or
focusing on a specialised area of cyber security
xv. The Master’s must be of value to students, employers, and the academic community.
For assessors onlyCriteria Achieved Not Achieved Unclear
xiv. ☐ ☐ ☐xv. ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
3.5 Overall assessment of section 3For assessors only
Overall Grade Overall Comments
Page 24 of 100
HIGH LEVEL DESCRIPTION OF THE MASTER’S DEGREE
Issue 2.023 June 2021
<assessors insert grade here> <if applicable, assessors insert text here>
Page 25 of 100
HIGH LEVEL DESCRIPTION OF THE MASTER’S DEGREE
Issue 2.023 June 2021
4. The Taught Component of the Master’s Degree in Cyber SecurityUp to fifteen sides of A4, excluding explanatory text, assessment criteria, Table 4.3 and module descriptions.
4.1 Compulsory and optional taught modulesPlease complete Table 4.1a and Table 4.1b showing the number of credits associated with compulsory and optional taught modules (if applicable).
Please do not include credits belonging to the research project and dissertation in the tables.
To help assessors, please use short meaningful names (e.g., NetSec) rather than course codes (e.g., XYZ123) for module names.
<<< APPLICANTS COMPLETE TABLES 4.1a and 4.1b BELOW >>>
The text in brown is by way of example only.Name of compulsory module Member(s) of staff delivering module Number of credits
RiskMgt M. N. 15
AdvBehav P. Q. 15
Crypt R. S. 15
NetSec T. U. 15
Malware V. W. 15
HumFact X. Y. 15
ResMethods E. F. 15
Total number of compulsory credits
105
Table 4.1a: Compulsory taught modules.
The text in brown is by way of example only.Name of optional module Member(s) of staff delivering module Number of credits
Cloud A. B. 15
Forensics C. D. 15
MachLearn E. F. 15
ProjMgt G. H. 15
Total number of optional credits required to be taken
15
Table 4.1b: Optional taught modules.
4.1.1 Assessment criterioni. The overall structure of the taught component of the degree must be clear: namely, the set of taught modules,
which modules are compulsory and which are optional, and the number of credits awarded for each module.
For assessors onlyCriterion Achieved Not Achieved Unclear
i. ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
Page 26 of 100
TAUGHT COMPONENT OF THE MASTER’S DEGREE
Issue 2.023 June 2021
4.2 Number of taught credits that can be mapped to CyBOK Knowledge Areas (KAs)Notes:
1. Please note that it is not a requirement that every CyBOK KA has credits allocated to it. Rather, across the CyBOK KAs as a whole there must be a minimum number (84) of taught credits.
2. In the fictitious entries in Table 4.2a, it is worth noting that 5 credits have been mapped to the CyBOK KAs for the Research Methods module. In this fictitious example, every student has to produce a research paper that forms the basis of their dissertation. Although it is not known in advance onto which KA(s) a paper might map, it will map onto one or more KAs. This is deemed to be an acceptable approach for Research Methods style modules when counting the number of taught credits that can be mapped to the CyBOK KAs.
4.2.1 Compulsory modules. Please complete Table 4.2a that shows for each compulsory taught module:
to which CyBOK KA(s) the module can be mapped – if it does not map to a KA please state NONE the number of credits in the module the number of credits in the module that can be considered to be addressing the KA(s)
Please ensure that hyperlinks to the module descriptions are provided.
<<< APPLICANTS COMPLETE TABLE 4.2a BELOW >>>
The text in brown is by way of example only.Name of compulsory
moduleCyBOK KA(s) addressed Number of credits in
moduleEstimated number of
credits in module addressing KA(s)
below Risk Mgt and Governance 15 15
below Adversarial Behaviours and Legal
15 10
below Cryptography and Applied Cryptography
15 15
below Network Security 15 15
below Malware 15 15
below Human Factors 15 10
below Potentially any KA 15 5
Total number of compulsory module credits addressing KAs
85
Table 4.2a: Compulsory taught modules addressing the KAs.
4.2.2 Optional modulesIf applicable, please complete Table 4.2b that shows the same information as Table 4.2a for each optional taught module.
Please ensure that hyperlinks to the module descriptions are provided.
<<< APPLICANTS COMPLETE TABLE 4.2b BELOW IF APPLICABLE >>>
Page 27 of 100
TAUGHT COMPONENT OF THE MASTER’S DEGREE
Issue 2.023 June 2021
The text in brown is by way of example only.Name of optional module CyBOK KA(s) addressed Number of credits in
moduleEstimated number of
credits in module addressing KA(s)
below Distributed Systems 15 5
below Forensics 15 15
below CyBOK Introduction 15 5
below NONE 15 0
Table 4.2b: Optional taught modules addressing the KAs.
4.2.3 PathwaysIf applicable, please complete Table 4.2c that identifies the pathways that students could take through the degree. For each pathway, please provide an estimate of the total number of credits addressing the KAs.
<<< APPLICANTS COMPLETE TABLE 4.2c BELOW IF APPLICABLE >>>
The text in brown is by way of example only.Pathway Optional modules included in
pathwayEstimated total number of credits in pathway
addressing KAs (including compulsory and optional module credits)
Pathway 1 Cloud 90
Pathway 2 Forensics 100
Pathway 3 MachLearn 90
Pathway 4 ProjMgt 85
Table 4.2c: Pathways that students could take through the taught component of the Master’s that meet the requirement for a minimum of 84 taught credits that can be mapped to KAs 0 to 21.
If the Master’s has a large number of flexible pathways, provide a description of which pathways through the Master’s meet the requirement for at least 84 taught credits that can be mapped to the KAs.
<<< APPLICANTS INSERT TEXT HERE IF APPLICABLE >>>
4.2.4 Assessment criteriaii. The credit allocation to the CyBOK KAs shown in Tables 4.2a, b must be appropriate and consistent with the module
descriptions.iii. The completed Tables 4.2a, b, c must show that there is at least one set of modules that students can choose in
which a minimum of 84 taught credits can be mapped to KAs 0 to 21.iv. If applicable, if a Master’s has several possible pathways that students could choose that meet the 84-credit
requirement then these pathways must be clearly identified.v. If applicable, if a Master’s has a large number of possible pathways from which students can choose then the
pathways that meet the 84-credit requirement must be clearly identified.
For assessors onlyCriteria Achieved Not Achieved Unclear Not Applicable
ii. ☐ ☐ ☐iii. ☐ ☐ ☐
Page 28 of 100
TAUGHT COMPONENT OF THE MASTER’S DEGREE
Issue 2.023 June 2021
iv. ☐ ☐ ☐ ☐v. ☐ ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
4.3 Detailed coverage of KA Topics
4.3.1 Completion of Table 4.3 in Appendix BFor each pathway through the taught component of the degree, please complete below following the example rows provided.
<<< APPLICANTS COMPLETE TABLE 4.3 IN APPENDIX B >>>
Notes:
1. Please use KA 0 to record those modules that are of an underpinning or foundational nature and provide a short narrative noting that this has been done.
2. It is recognised that the number of credits assigned to a KA Topic is an estimate only. Overall, however, the credit allocation across the KAs should be a fair, reasonable and justifiable representation.
3. As noted at the beginning of section 4.2, it is not a requirement that every CyBOK KA has credits allocated to it. Rather, across the CyBOK KAs as a whole there must be a minimum number (84) of taught credits.
4. Applications should not be recording fewer than 0.5 credits in a KA.
5. The purpose of Table 4.3 is for applicants to demonstrate how the KA Topics are covered and assessed. To adequately cover a KA Topic, it needs to be clear that a good breadth and depth of the Indicative Material is covered though it should be noted that not all the Indicative Material would be required to be explicitly covered. Moreover, additional Indicative Material rows can be added to Table 4.3 when it is felt that the Indicative Material does not adequately represent coverage of the KA Topic in the Master’s degree. Applications must clearly signpost when this has been done and provide a brief justification.
6. Where there are a large number of (flexible) pathways please complete Table 4.3 for a few representative pathways only along with an explanatory narrative.
7. Where a KA Topic and its Indicative Material are covered in good breadth and depth it would be expected that there should be an associated assessment. However, it is recognised that this will not be applicable in all cases especially where the number of credits allocated to a KA Topic is relatively low.
Page 29 of 100
TAUGHT COMPONENT OF THE MASTER’S DEGREE
Issue 2.023 June 2021
4.3.2 Summary table of credit allocation across the KAsPlease complete Table 4.4 for each pathway.
<<< APPLICANTS PLEASE COMPLETE TABLE 4.4 BELOW >>>
Pathways
Number of Credits Across Knowledge Areas Total No. of Credits in Path
way
INT RMG HF POR LR MAL ADV FOR SOIM CRY OS DSS FMS AAA SS WM SSL NS HWS ACRY CPS PL
#1
#2 S
…
…
#n
Table 4.4: Summary of credit allocation across the KAs
4.3.3 Visual representation of credit allocation across the KAsFor each pathway, please provide a visual representation (Figure 4.1) of the credit allocation across the KAs for the taught component of the degree – please see Figures 4.1a, b, c as examples. Where there are a large number of (flexible) pathways please provide Figure 4.1 for a few representative pathways only along with an explanatory narrative.
<<< APPLICANTS INSERT FIGURE 4.1 BELOW >>>
Page 30 of 100
TAUGHT COMPONENT OF THE MASTER’S DEGREE
Issue 2.023 June 2021
Figure 4.1a: An example for illustrative purposes only of credit allocation across the KAs for a Master’s providing a general foundation in cyber security– Certification A. Please delete this figure from your application.
Page 31 of 100
TAUGHT COMPONENT OF THE MASTER’S DEGREE
Issue 2.023 June 2021
Figure 4.1b: An example for illustrative purposes only of credit allocation across the KAs for a computer network and Internet security specialised Master’s – Certification B. Please delete this figure from your application.
Page 32 of 100
TAUGHT COMPONENT OF THE MASTER’S DEGREE
Issue 2.023 June 2021
Figure 4.1c: An example for illustrative purposes only of credit allocation across the KAs for a digital forensics specialised Master’s – Certification B. Please delete this figure from your application.
Page 33 of 100
TAUGHT COMPONENT OF THE MASTER’S DEGREE
Issue 2.023 June 2021
4.3.4 Assessment criteriavi. Table 4.3 must show which KA Topics are covered in the Master’s.
vii. In Table 4.3 where a KA Topic and its Indicative Material are covered in good breadth and depth it would be expected that there should be an associated assessment. However, it is recognised that this will not be applicable in all cases especially where the number of credits allocated to a KA Topic is relatively low. The assessments identified should be consistent with the information on assessments shown in section 5 of the application.
viii. Each Pathway in Table 4.4 must have a minimum of 84 taught credits that can be mapped to the KAs. ix. A visual representation must be provided that clearly shows the distribution of credits across the KAs for the
Master’s degree.
For assessors onlyCriteria Achieved Not Achieved Unclear
vi. ☐ ☐ ☐vii. ☐ ☐ ☐viii. ☐ ☐ ☐ix. ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
4.4 Justification of KA coveragePlease complete either section 4.4.1 or section 4.4.2 as appropriate.
4.4.1 Master’s degree providing a general foundation in cyber security – Certification APlease describe how the overall distribution of credits is consistent with the aims of the degree described in section 3.4. It would be expected that the general foundational nature of the Master’s should be clearly reflected in the distribution of credits.
Please describe and justify how the distribution of credits: provides a coherent body of work for students ensures that students are gaining knowledge about key areas of cyber security
<<< APPLICANTS INSERT TEXT BELOW IF APPLYING FOR CERTIFICATION A >>>
4.4.1.1 Assessment criteria – Certification Ax. The distribution of credits in the taught component of the Master’s must be consistent with the overall aims of a
Master’s degree providing a general foundation in cyber security.xi. The overall distribution of credits across the KAs must be appropriate and coherent, ensuring that students are
gaining knowledge about key areas of cyber security.
For assessors onlyCriteria Achieved Not Achieved Unclear
x. ☐ ☐ ☐xi. ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
4.4.2 Master’s degree focusing on a specialised area of cyber security – Certification BPlease describe how the overall distribution of credits is consistent with the aims of the of the degree described in section 3.4. It would be expected that the specialised area of cyber security should be clearly reflected in the distribution of credits with substantial coverage of the relevant KA(s) along with appropriate coverage of other relevant KAs.
Please describe and justify how the distribution of credits: provides a coherent body of work for students
Page 34 of 100
TAUGHT COMPONENT OF THE MASTER’S DEGREE
Issue 2.023 June 2021
ensures that students are gaining deep knowledge and understanding about the specialised area of cyber security
<<< APPLICANTS INSERT TEXT BELOW IF APPLYING FOR CERTIFICATION B >>>
4.4.2.1 Assessment criteria – Certification Bxii. The distribution of credits in the taught component of the Master’s must be consistent with the overall aims of a
Master’s degree focusing on the specialised area of cyber security.xiii. The overall distribution of credits across the KAs must be appropriate and coherent, ensuring that students are
gaining deep knowledge and understanding about the specialised area of cyber security along with other relevant CyBOK KAs.
For assessors onlyCriteria Achieved Not Achieved Unclear
xii. ☐ ☐ ☐xiii. ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
4.5 Module descriptionsIn an appendix to this section (Appendix C), please include a module description for each module that addresses a KA Topic in Table 4.3.
At the beginning of each module description, please provide a table that lists the KA Topics that the module covers along with a brief justification for why this is the case.
The module descriptions should provide good evidence of the KA Topics and Indicative Material coverage claimed in Table 4.3.
<<< APPLICANTS INSERT TEXT AND LINK TO APPENDIX C BELOW >>>
By way of example only, please see: Appendix C: Module Descriptions (Appendix to Section 4 of Application)
4.5.1 Assessment criterionxiv. The module descriptions must be consistent with the KA Topic coverage shown in Table 4.3.
For assessors onlyCriterion Achieved Not Achieved Unclear
xiv. ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
4.6 Professional knowledge and skillsPlease describe how areas in professional knowledge and skills shown below are addressed in the Master’s degree. It is not a requirement to have a separate dedicated module covering professional knowledge and skills.
Professional Knowledge and Skills
Written and oral communication
Working in teams
Legal and ethical issues for the cyber security professional
Understanding intellectual property
Page 35 of 100
TAUGHT COMPONENT OF THE MASTER’S DEGREE
Issue 2.023 June 2021
<<< APPLICANTS INSERT TEXT BELOW >>>
4.6.1 Assessment criterionxv. Professional knowledge and skills should be addressed in the Master’s degree.
For assessors onlyCriterion Achieved Not Achieved Unclear
xv. ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
4.7 Overall assessment of section 4For assessors only
Overall Grade Overall Comments
<assessors insert grade here> <if applicable, assessors insert text here>
Page 36 of 100
TAUGHT COMPONENT OF THE MASTER’S DEGREE
Issue 2.023 June 2021
5. Assessment MaterialsUp to seven sides of A4, excluding explanatory text, assessment criteria and copies of assessments.
5.1 Overall approach to assessmentPlease describe the overall approach to assessment of the taught modules on the Master’s degree. This should include:
the range of assessment types used – e.g., traditional examinations, online examinations, coursework, practicals, literature reviews, multiple choice questions, group work, presentations, etc.
a justification of why these assessment types are appropriate a description of the process involved in deciding the assessment types to use for individual taught modules
<<< APPLICANTS INSERT TEXT BELOW >>>
5.1.1 Assessment criteriai. The range of assessment types used is clear and appropriate – it would be desirable to see a mix of assessment
types being used across the taught modules.ii. There is a clear and appropriate process for deciding which assessment types to use for individual taught modules.
For assessors onlyCriteria Achieved Not Achieved Unclear
i. ☐ ☐ ☐ii. ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
5.2 Marking schemeIf available, please provide an overall marking scheme that shows what a student must demonstrate to be awarded a particular mark on a taught module.
<<< APPLICANTS INSERT MARKING SCHEME BELOW >>>
5.2.1 Assessment criterioniii. If available, the marking scheme must clear, appropriate and consistent.
For assessors onlyCriterion Achieved Not Achieved Unclear Not Applicable
iii. ☐ ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
5.3 Overall grade for the Master’sPlease describe how the overall mark for the Master’s is determined from the marks for the taught modules and the mark for the research dissertation.
Please describe the how the overall grade (e.g., pass, merit, distinction) for the Master’s is determined.
Please describe the process for compensation, if applicable.
<<< APPLICANTS INSERT TEXT BELOW >>>
Page 37 of 100
ASSESSMENT MATERIALS
Issue 2.023 June 2021
5.3.1 Assessment criterioniv. The process to determine the overall grade awarded for the Master’s from the individual modules and research
dissertation must be clear and appropriate.
For assessors onlyCriterion Achieved Not Achieved Unclear
iv. ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
5.4 Rigour of assessmentPlease complete Table 5.1 for each assessed taught module.
Please include hyperlinks to the assessments in Appendix D.
If the average ratio of bookwork to critical analysis / application across all the taught modules is greater than 60:40, please provide a clear justification for this value.
<<< APPLICANTS COMPLETE TABLE 5.1 BELOW >>>
Page 38 of 100
ASSESSMENT MATERIALS
Issue 2.023 June 2021
The text in brown is by way of example only.Module Pass mark Assessment types and relative
weightingsEstimate for % of bookwork
in assessmentsEstimate for % of critical analysis / application
in assessmentsJustification for assessment types and ratio of bookwork to critical analysis
below (C) 50% CWK-1 (50%), CWK-2 (50%) 40% 60% Both courseworks present students with novel real-world scenarios in which they have to apply knowledge, understanding and critical analysis.
below (C)
below (C) 50% CWK (30%), Exam (70%) 40% 60% The coursework presents students with a real-world scenario for which they have to develop cryptographic solutions. The exam tests both knowledge and application.
below (C) 50% CWK (30%), Practical (30%), Exam (40%)
30% 70% The coursework presents students with a real-world scenario for which they have to develop a secure network solution. The practical tests a student’s ability to construct and test networks. The exam tests both knowledge and application.
below (C)
below (C)
below (C)
below (O)
below (O)
below (O)
below (O)
Page 39 of 100
ASSESSMENT MATERIALS
Issue 2.023 June 2021
Average ratio of bookwork to critical analysis / application across all the taught modules: <<< APPLICANTS INSERT VALUE BELOW >>>
Table 5.1: The assessments used for compulsory and optional taught modules.
Page 40 of 100
ASSESSMENT MATERIALS
Issue 2.023 June 2021
5.4.1 Assessment criteriav. For each taught module, the assessment types and their relative weightings must be clear and appropriate.
vi. For each taught module, the ratio of bookwork to critical analysis / application must be clear and justified.vii. Where the overall, average ratio of bookwork to critical analysis / application is greater than 60:40 this must be
clearly justified.
For assessors onlyCriteria Achieved Not Achieved Unclear Not Applicable
v. ☐ ☐ ☐vi. ☐ ☐ ☐vii. ☐ ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
5.5 Justification of 40% pass markWhere the pass mark for taught modules, dissertation and/or the degree overall is set at, or close to, 40% please provide a justification that students achieving this pass mark have achieved and demonstrated sufficient knowledge and understanding at Master’s level.
<<< APPLICANTS INSERT TEXT BELOW IF APPLICABLE >>>
By way of example, it may be appropriate here to refer to the marking scheme that shows what a student has to be able to demonstrate in order to achieve a pass mark of 40%.
5.5.1 Assessment criterionviii. Where the pass mark for taught modules, dissertation and/or the degree overall is set at, or close to, 40% it should
be clear that students attaining this pass mark will have sufficiently demonstrated their knowledge, understanding and application at Master’s level.
For assessors onlyCriterion Achieved Not Achieved Unclear Not Applicable
viii. ☐ ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
5.6 Setting assessmentsPlease describe the process for setting assessments. As a minimum, this should include:
who is responsible for setting the assessments and marking criteria for a taught module who is responsible for verifying the suitability of the assessments and marking criteria for a taught module who oversees assessment setting across all taught modules to ensure consistency how and when are the external examiners engaged to ensure appropriate standards are maintained for Master’s
assessments
<<< APPLICANTS INSERT TEXT BELOW >>>
5.6.1 Assessment criteriaix. The process for setting, verifying and overseeing assessments must be clear and appropriate.x. The process for engaging with the external examiners regarding assessment setting must be clear and appropriate.
For assessors onlyCriteria Achieved Not Achieved Unclear
ix. ☐ ☐ ☐Page 41 of 100
ASSESSMENT MATERIALS
Issue 2.023 June 2021
x. ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
5.7 Marking assessmentsPlease describe the process for marking assessments. As a minimum, this should include:
who is responsible for marking the assessments for a taught module which assessments have both first and second markers who oversees marking across all assessments and modules to ensure consistency how and when are the external examiners engaged to ensure appropriate standards are maintained for the marking
of Master’s assessments
<<< APPLICANTS INSERT TEXT BELOW >>>
5.7.1 Assessment criteriaxi. The process for marking assessments must be clear and appropriate.
xii. The process for engaging with the external examiners regarding assessment marking must be clear and appropriate.
For assessors onlyCriteria Achieved Not Achieved Unclear
xi. ☐ ☐ ☐xii. ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
5.8 Detecting and dealing with plagiarism7
Please describe the processes and procedures that are in place to detect and deal with plagiarism on the taught component of the Master’s, particularly for coursework and on-line examinations.
<<< APPLICANTS INSERT TEXT BELOW >>>
5.8.1 Assessment criterionxiii. There must be a robust and effective system in place to detect and deal with plagiarism by students on the taught
component of the Master’s degree.
For assessors onlyCriterion Achieved Not Achieved Unclear
xiii. ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
5.9 Examination papersPlease complete either section 5.9.1 or section 5.9.2.
5.9.1 Provisional applicationFor each of the modules listed in Table 5.1 please provide a copy of examination paper(s) that students have sat or specimen paper(s) of the examinations they will sit. For assessed coursework, please provide copies of all assignments (to be) provided to students. For each assessed coursework also provide a specific, tailored, marking scheme, or a narrative explaining what the marker would expect a student to provide in a good response. This information should be placed in Appendix D.
<<< APPLICANTS INSERT TEXT AND LINK TO APPENDIX D BELOW >>>
7 A useful discussion of plagiarism and the forms of plagiarism can be found at: https://www.ox.ac.uk/students/academic/guidance/skills/plagiarism#:~:text=Plagiarism%20is%20presenting%20someone%20else's,is%20covered%20under%20this%20definition
Page 42 of 100
ASSESSMENT MATERIALS
Issue 2.023 June 2021
By way of example only, please see Appendix D: Assessment materials (Appendix to section 5 of application)
5.9.1.1 Assessment criterionxiv. The assessments must rigorously test students’ understanding and critical analysis of the KA Topics being studied.
For assessors onlyCriterion Achieved Not Achieved Unclear
xiv. ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
5.9.2 Full applicationFor academic year 2021 – 2022, for each of the modules listed in Table 5.1, please provide a copy of the examination paper(s) that students sat. For assessed coursework, provide copies of all assignments provided to students. For each assessed coursework also provide a specific, tailored, marking scheme, or a narrative explaining what the marker would expect a student to provide in a good response. This information should be placed in Appendix D.
<<< APPLICANTS INSERT TEXT AND LINK TO APPENDIX D BELOW >>>
By way of example only, please see: Appendix D: Assessment materials (Appendix to section 5 of application)
5.9.2.1 Assessment criterionxv. The assessments must rigorously test students’ understanding and critical analysis of the KA Topics being studied.
For assessors onlyCriterion Achieved Not Achieved Unclear
xv. ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
5.10 External examiners’ reports – full application onlyPlease describe the process for engagement with the external examiners. As a minimum, this should include:
the points during the academic year at which engagement with the external examiners happens reviewing of assessment materials by the external examiners reviewing of assessment marks by the external examiners and moderation of results reviewing of research dissertations by the external examiners and moderation of results
Please describe the technical background and experience of the external examiners.
For academic year 2020 – 2021, please provide a copy of the external examiners’ reports8 - these should be placed in Appendix E.
For academic year 2020 – 2021, please provide a copy of the HEI’s response to the external examiners’ reports and any follow-up actions that have been undertaken in response to the reports. These should be placed in Appendix E.
<<< APPLICANTS INSERT TEXT AND LINK TO APPENDIX E BELOW >>>
By way of example only, please see: Appendix E: External Examiners’ Reports (Appendix to Section 5 of Application)
8 Where the external examiners’ reports for 2020-21 are not available by the submission deadline, please provide the most recent reports and the HEI’s response. Please state when the 2020 21 reports and response will be available and submit them as soon as they are available.
Page 43 of 100
ASSESSMENT MATERIALS
Issue 2.023 June 2021
5.10.1 Assessment criteriaxvi. The process for engaging with the external examiners should be clear and appropriate.
xvii. The external examiners should have the appropriate technical background.xviii. The external examiners’ reports must provide a positive picture of the Master’s degree under assessment.
xix. The progress to any follow-on actions suggested by the external examiners should be made clear.
For assessors onlyCriteria Achieved Not Achieved Unclear
xvi. ☐ ☐ ☐xvii. ☐ ☐ ☐xviii. ☐ ☐ ☐xix. ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
5.11 Overall assessment of section 5For assessors only
Overall Grade Overall Comments
<assessors insert grade here> <if applicable, assessors insert text here>
Page 44 of 100
ASSESSMENT MATERIALS
Issue 2.023 June 2021
6. Research DissertationsUp to seven sides of A4, excluding explanatory text, assessment criteria and list of dissertation topics.
Applications for full certification should provide anonymised copies of dissertations in three separate PDF files.
6.1 TimelinePlease complete Table 6.1 that shows the key events and decision points during the academic year leading to the submission and marking of research dissertations. Please adapt Table 6.1 as appropriate if your HEI does not use a semester model.
<<< APPLICANTS COMPLETE TABLE 6.1 BELOW >>>
Text in brown is by way of example only.Semester Activities
01 October to 31 January November – Research Methods module starts December – staff present / make available their ideas for research projects January – external companies present their ideas for research projects January – students encouraged to have informal discussions with staff regarding
research projects
01 February to 31 May February – students submit an outline of their proposed research as part of a paper for the Research Methods module
March – staff assess Research Methods papers and supervisors are allocated to students April – students submit a project plan for their research dissertations to their supervisors April / May – students receive feedback on project plans from supervisors
01 June to 30 September June – students start work on their projects June to September – students meet regularly with supervisors to report progress End-September – students submit their dissertations
October onwards vivas held marking of dissertations by supervisors and second markers moderation of dissertation marks across all dissertations
Table 6.1: Research dissertation timeline.
6.1.1 Assessment criterioni. The activities involved in the identification of potential research topics as well as the initiation, production and
marking of research dissertations must be clearly laid out, appropriate and timely.
For assessors onlyCriterion Achieved Not Achieved Unclear
i. ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
6.2 Governance of the research dissertation processPlease describe the governance of the research dissertation process. As a minimum, this should include:
who has overall responsibility for ensuring the process is properly coordinated and carried out which members of staff are involved in the research dissertation process what happens in the case that a student proposes a research topic for which there is no suitable supervisor what happens in the case that two or more students apply to carry out the same research topic with the same
supervisor what happens in the case that a student is unable to find a suitable area of research for their dissertation what happens in the case that a student is failing to make satisfactory progress in their research
Page 45 of 100
RESEARCH DISSERTATIONS
Issue 2.023 June 2021
how is the situation resolved when first and second markers differ significantly in their marks awarded
<<< APPLICANTS INSERT TEXT BELOW >>>
6.2.1 Assessment criterionii. There must be a robust governance process in place for research dissertations.
For assessors onlyCriterion Achieved Not Achieved Unclear
ii. ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
6.3 Guidance to studentsPlease describe the guidance the HEI provides, or will provide, to Master’s students before they embark on their dissertations, for example:
research methods what makes a good dissertation topic how to formulate a research question the structure of dissertations best practice for undertaking a research dissertation carrying out literature reviews presentations from members of staff / external companies on possible research topics, etc.
Although including extracts from a student handbook (within the overall page limits) is acceptable, please do not include a student handbook with the application.
<<< APPLICANTS INSERT TEXT BELOW >>>
6.3.1 Assessment criterioniii. Students receive suitable background guidance on undertaking research dissertations.
For assessors onlyCriterion Achieved Not Achieved Unclear
iii. ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
6.4 Identification of dissertation topicsPlease describe the process whereby students choose their dissertation topics, for example:
is it up to students to come up with topic ideas do members of staff identify possible topics does the HEI have links with industry partners who might suggest topics once a student has a potential topic, what do they have to do to get it formally approved how it is ensured that dissertations will be within the scope of the CyBOK KAs
<<< APPLICANTS INSERT TEXT BELOW >>>
Page 46 of 100
RESEARCH DISSERTATIONS
Issue 2.023 June 2021
6.4.1 Assessment criteriaiv. There must be a clear and appropriate process that supports students to identify research topics for their
dissertations.v. There must be a clear and appropriate process to ensure that dissertations will be within the scope of the CyBOK
KAs.
For assessors onlyCriteria Achieved Not Achieved Unclear
iv. ☐ ☐ ☐v. ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
6.5 Allocation of students to supervisorsPlease describe the process whereby students are allocated to suitably knowledgeable supervisors.
<<< APPLICANTS INSERT TEXT BELOW >>>
6.5.1 Assessment criterionvi. There must be a clear and appropriate process for allocation of students to suitably knowledgeable supervisors.
For assessors onlyCriterion Achieved Not Achieved Unclear
vi. ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
6.6 Legal and ethical issuesPlease describe how it is ensured that before a student embarks on their dissertation any legal and ethical issues have been considered and addressed and the student has been given approval to proceed.
<<< APPLICANTS INSERT TEXT BELOW >>>
6.6.1 Assessment criterionvii. There must be a clear and appropriate process in place to ensure that students have properly considered and
addressed any legal and ethical issues that may arise in their dissertations and have been given approval to proceed.
For assessors onlyCriterion Achieved Not Achieved Unclear
vii. ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
6.7 Monitoring of students’ progressPlease describe the process for monitoring the progress of students on their dissertations. Please describe what action is taken when a student is not making satisfactory progress.
<<< APPLICANTS INSERT TEXT BELOW >>>
6.7.1 Assessment criterionviii. There needs to be a well-defined and suitable process for monitoring the progress of students to ensure that
students are making appropriate progress and when this is not happening suitable corrective action is taken.
Page 47 of 100
RESEARCH DISSERTATIONS
Issue 2.023 June 2021
For assessors onlyCriterion Achieved Not Achieved Unclear
viii. ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
6.8 Detecting and dealing with plagiarism9
Please describe the processes and procedures that are in place to detect and deal with plagiarism for the research dissertation. In the case where there is no viva as part of the assessment process, please describe how it is guaranteed that a dissertation is a student’s own work.
<<< APPLICANTS INSERT TEXT BELOW >>>
6.8.1 Assessment criterionix. There must be a robust and effective system in place to detect and deal with plagiarism by students undertaking
their research dissertations.
For assessors onlyCriterion Achieved Not Achieved Unclear
ix. ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
6.9 Research dissertations contributing fewer than 40 creditsFor Master’s degrees in which the research dissertation accounts for fewer than 40 credits, please describe how students are able to gain sufficient understanding and experience of undertaking a research project.
<<< APPLICANTS INSERT TEXT BELOW IF APPLICABLE>>>
6.9.1 Assessment criterionx. For Master’s degrees in which the research dissertation accounts for fewer than 40 credits, it should be clear that
students are still able to gain sufficient understanding and experience of undertaking a research project.
For Assessors onlyCriterion Achieved Not Achieved Unclear Not Applicable
x. ☐ ☐ ☐ ☐Comments (if applicable). <insert text here>
6.10 Assessment of dissertationsPlease describe the process for assessing dissertations. As a minimum, this should include:
the role of first and second markers the process when the first and second markers differ significantly on the marks they award the marks awarded to the dissertation, the viva and any other component of the dissertation process
In addition, please provide a specific, tailored marking scheme for dissertations clearly showing how grades are determined and what would be necessary for each of a distinction, merit or pass10. Please indicate whether this or other similar guidance is provided to students.
<<< APPLICANTS INSERT TEXT AND MARKING SCHEME BELOW >>>9 A useful discussion of plagiarism and the forms of plagiarism can be found at: https://www.ox.ac.uk/students/academic/guidance/skills/plagiarism#:~:text=Plagiarism%20is%20presenting%20someone%20else's,is%20covered%20under%20this%20definition10 When the classifications of distinction / merit / pass are not used, please refer to the grades that are used by the HEI.
Page 48 of 100
RESEARCH DISSERTATIONS
Issue 2.023 June 2021
6.10.1 Assessment criterionxi. There needs to be a well-defined and rigorous process for the assessment of dissertations.
For assessors onlyCriterion Achieved Not Achieved Unclear
xi. ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
6.11 For full certification only
6.11.1 List of dissertation topicsFor each of academic years 2020 – 2021 and 2019 – 2020 (if any), provide a list of Master’s dissertations undertaken by students – please complete Tables 6.2a, b.
When there were more than 20 students undertaking dissertations in an academic year, provide information for a representative sample of 20 dissertations only.
<<< APPLICANTS COMPLETE TABLES 6.2a AND 6.2b BELOW >>>
Dissertation title Synopsis of dissertation CyBOK KA(s) addressed External involvement (if applicable)
…
…
…
…
Table 6.2a: List of dissertations for 2020 – 2021.
Dissertation title Synopsis of dissertation CyBOK KA(s) addressed External involvement (if applicable)
…
…
…
…
Table 6.2b: List of dissertations for 2019 – 2020 (if any).
6.11.1.1 Assessment criterionxii. The list of dissertation topics must show that dissertations are within the scope of the CyBOK KAs.
For assessors only
Page 49 of 100
RESEARCH DISSERTATIONS
Issue 2.023 June 2021
Criterion Achieved Not Achieved Unclearxii. ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
6.11.2 Example dissertationsPlease include with your application three separate PDF files as follows11:
1. an anonymised and representative dissertation that achieved a distinction in 2020 – 20212. an anonymised and representative dissertation that achieved a merit in 2020 – 20213. an anonymised and representative dissertation that achieved a pass in 2020 - 2021
If there was not a dissertation in 2020 – 2021 for any of the categories, please use a dissertation from 2019 – 2020. If there was not a dissertation in 2019 – 2020, please contact the NCSC ahead of the deadline for applications.
In Appendix F, for each of the three dissertations please provide:
a. the overall mark awarded
b. the components of the overall mark, for example marks awarded to: viva (including any demonstration) dissertation plan dissertation
c. key comments from the internal examiners
d. any additional information that you feel would help the assessment panel as part of its job to determine whether the grade awarded to each dissertation is appropriate.
<<< APPLICANTS PROVIDE LINKS TO APPENDIX F BELOW >>>
By way of example only:
Please see: Distinction dissertation information
Please see: Merit dissertation information
Please see: Return to Research Dissertations.
6.11.2.1 Assessment criterionxiii. The award of distinction, merit or pass for the representative dissertations must be appropriate and show no
evidence of regular over-grading.
For assessors onlyCriterion Achieved Not Achieved Unclear
xiii. ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
6.12 Overall assessment of section 6For assessors only
Overall Grade Overall Comments
<assessors insert grade here> <if applicable, assessors insert text here>
11 When the classifications of distinction / merit / pass are not used, please provide representative dissertations for each of the classifications that are used by the HEI.
Page 50 of 100
RESEARCH DISSERTATIONS
Issue 2.023 June 2021
Page 51 of 100
RESEARCH DISSERTATIONS
Issue 2.023 June 2021
7. Student Numbers and Grades Achieved – Applications for Full Certification OnlyUp to seven sides of A4, excluding explanatory text and assessment criteria.
7.1 Student entry dataWhere the data are available, for each of academic years 2020 – 2021 and 2019 – 2020 please complete Tables 7.1a, b.
<<< APPLICANTS COMPLETE TABLES 7.1a, b >>>
The text in brown is by way of example only.Entry Requirements Number of full-time
studentsNumber of part-time
studentsNumber with 2/2 (or
equivalent) or above in STEM subject
Number without 2/2 or above in STEM subject but
who have relevant experience or
demonstrated aptitude
Number without 2/2 or above in STEM subject, relevant experience or
demonstration of aptitude
Students with UK nationality
In general, 2/2 in STEM subject, relevant experience or demonstration of aptitude – though some discretion allowed
10 2 7 5 0
Students without UK nationality
As above 4 0 1 3 0
Table 7.1a: Student entry data for 2020 – 2021.
Please add explanatory text when, for example, there is a lower than expected proportion of students who have 2/2or above in STEM subject, relevant experience or demonstration of aptitude.
<<< APPLICANTS INSERT EXPLANATORY TEXT BELOW IF REQUIRED >>>
Page 52 of 100
STUDENT NUMBERS AND GRADES ACHIEVED
Issue 2.023 June 2021
Entry Requirements Number of full-time students
Number of part-time students
Number with 2/2 (or equivalent) or above in
STEM subject
Number without 2/2 or above in STEM subject but
who have relevant experience or
demonstrated aptitude
Number without 2/2 or above in STEM subject, relevant experience or
demonstration of aptitude
Students with UK nationality
In general, 2/2 in STEM subject, relevant experience or demonstration of aptitude – though some discretion allowed
8 0 4 4 0
Students without UK nationality
As above 2 0 1 1 0
Table 7.1b: Student entry data for 2019 – 2020.
Please add explanatory text when, for example, there is a lower than expected proportion of students who have the equivalent of a 2/2 or above in STEM subject, relevant experience or demonstration of aptitude.
<<< APPLICANTS INSERT EXPLANATORY TEXT BELOW IF REQUIRED >>>
7.1.1 Assessment criteriai. It would be expected that the majority of UK students should have one or more of the following:
a 2/2 degree or above in a STEM subject relevant experience a clear demonstration of aptitude for cyber security
When this is not the case a clear justification should be provided.
ii. It would be expected that the majority of non-UK students should have one or more of the following: the equivalent of a 2/2 degree or above in a STEM subject equivalent experience a clear demonstration of aptitude for cyber security
Page 53 of 100
STUDENT NUMBERS AND GRADES ACHIEVED
Issue 2.023 June 2021
When this is not the case a clear justification should be provided.
For assessors onlyNot applicable applies if there were not any UK students or non-UK students.
Criterion Achieved Not Achieved Unclear Not Applicablei. ☐ ☐ ☐ ☐ii. ☐ ☐ ☐ ☐Comments (if applicable). <insert text here>
7.2
Page 54 of 100
STUDENT NUMBERS AND GRADES ACHIEVED
Issue 2.023 June 2021
7.2 Student exit dataPlease complete Table 7.2 for academic years 2020 – 2021 and 2019 – 2020.
<<< APPLICANTS COMPLETE TABLE 7.2 BELOW >>>
The text in brown is by way of example only.Academic
yearNumber of students
scheduled to complete Master’s
Number achieving distinction overall
Number achieving merit overall
Number achieving pass overall
Number failing Master’s
Number deferring for additional
year(s)
Number opting to graduate with postgraduate certificate (or equivalent)
Number with other outcomes
(if applicable)
2020 – 2021 14 3 7 3 1 0 0 0
2019 – 2020 10 2 5 2 0 0 1 0
Table 7.2: Student exit data for 2020 – 2021 and 2019 – 2020
Please add explanatory text below when:
there appears to be a higher than expected proportion of students achieving the higher grades there appears to be a higher than expected proportion of students achieving the lower grades there appears to be a higher than expected proportion of students, failing, deferring, accepting lower qualifications or with other outcomes
<<< APPLICANTS INSERT EXPLANATORY TEXT BELOW IF REQUIRED >>>
7.2.1 Assessment criteriaiii. It would be expected that the distribution of pass, merit and distinction grades should be broadly consistent with the experience and entry qualifications of the student intake.iv. When there appears to be a higher than expected proportion of students achieving the higher grades this should be justified and the external examiners should not have raised
any concerns. v. When there appears to be a higher than expected proportion of students achieving the lower grades this should be justified and the external examiners should not have raised
any concerns.
Page 55 of 100
STUDENT NUMBERS AND GRADES ACHIEVED
Issue 2.023 June 2021
vi. It would be expected that the proportion of students failing, deferring or accepting a lesser qualification should be low. When the proportion is higher than would be expected, a clear justification should be provided and the external examiners should not have raised any concerns.
For Assessors only
Criteria Achieved Not Achieved Unclear Not Applicableiii. ☐ ☐ ☐iv. ☐ ☐ ☐ ☐v. ☐ ☐ ☐ ☐vi. ☐ ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
7.3 Student satisfactionPlease describe how the HEI encourages Master’s students to participate in the feedback process.
Please provide the results of student satisfaction from activities such as:
PTES12
collated feedback from students on the Master’s modules collated feedback from staff-student liaison committees results
Please describe any actions taken by the HEI as a result of student feedback.
<<< APPLICANTS INSERT TEXT BELOW >>>
7.3.1 Assessment criteriavii. The HEI should encourage students to provide feedback on the Master’s.viii. The results of student satisfaction surveys should paint a largely positive picture of students’ learning experience on the Master’s.
ix. The HEI should be able to demonstrate progress on any key issues raised by such surveys.
For Assessors onlyCriteria Achieved Not Achieved Unclear
vii. ☐ ☐ ☐
12 https://www.advance-he.ac.uk/reports-publications-and-resources/postgraduate-taught-experience-survey-ptes
Page 56 of 100
STUDENT NUMBERS AND GRADES ACHIEVED
Issue 2.023 June 2021
viii. ☐ ☐ ☐ix. ☐ ☐ ☐Comments (if applicable). <assessors insert text here>
7.4 Overall assessment of section 7For assessors only
Overall Grade Overall Comments
<assessors insert grade here> <if applicable, assessors insert text here>
Page 57 of 100
STUDENT NUMBERS AND GRADES ACHIEVED
Issue 2.023 June 2021
8. Appendix A: Staff CVs (Appendix to Section 2 of Application)Up to two sides of A4 per CV
Please follow the structure below for each CV. For each CV, it is important to get across the person’s knowledge, experience and skills in cyber security.
Return to above
By way of example only:
8.1 CV for Dr E. F.
8.1.1 Personal statement of experience and expertise in cyber securityProvide a succinct summary of the person’s experience and expertise in cyber security using the CyBOK KAs13 as a framework.
8.1.2 Academic backgroundInclude here items such as qualifications obtained, subjects, year, institution, a few key publications.
8.1.3 Professional employmentDescribe professional positions of employment, highlighting those relevant to cyber security.
8.1.4 Contribution to cyber security at the University of XDescribe what the person does at the HEI that is relevant to cyber security.
8.1.5 Esteem indicatorsFor example, editorships, invited talks, membership of national and international advisory groups. Highlight those relevant to cyber security.
8.1.6 Cyber security knowledge and expertise indicatorsFor example, recent publications, work with industry/government, research activities.
8.1.7 Any other informationInclude any other information that might be relevant in demonstrating the person’s cyber security expertise.
Return to above
13 https://www/cybok.org.
Page 58 of 100
APPENDIX A: STAFF CVs
Issue 2.023 June 2021
8.2 CV for Dr G. H.
8.2.1 Personal statement of experience and expertise in cyber securityProvide a succinct summary of the person’s experience and expertise in cyber security using the CyBOK KAs as a framework.
8.2.2 Academic backgroundInclude here items such as qualifications obtained, subjects, year, institution, a few key publications.
8.2.3 Professional employmentDescribe professional positions of employment, highlighting those relevant to cyber security.
8.2.4 Contribution to cyber security at the University of XDescribe what the person does at the HEI that is relevant to cyber security.
8.2.5 Esteem indicatorsFor example, editorships, invited talks, membership of national and international advisory groups. Highlight those relevant to cyber security.
8.2.6 Cyber security knowledge and expertise indicatorsFor example, recent publications, work with industry/government, research activities.
8.2.7 Any other informationInclude any other information that might be relevant in demonstrating the person’s cyber security expertise.
Return to above
Page 59 of 100
APPENDIX A: STAFF CVs
Issue 2.023 June 2021
8.3 CV for I. J.
8.3.1 Personal statement of experience and expertise in cyber securityProvide a succinct summary of the person’s experience and expertise in cyber security using the CyBOK KAs as a framework.
8.3.2 Academic backgroundInclude here items such as qualifications obtained, subjects, year, institution, a few key publications.
8.3.3 Professional employmentDescribe professional positions of employment, highlighting those relevant to cyber security.
8.3.4 Contribution to cyber security at the University of XDescribe what the person does at the HEI that is relevant to cyber security.
8.3.5 Esteem indicatorsFor example, editorships, invited talks, membership of national and international advisory groups. Highlight those relevant to cyber security.
8.3.6 Cyber security knowledge and expertise indicatorsFor example, recent publications, work with industry/government, research activities.
8.3.7 Any other informationInclude any other information that might be relevant in demonstrating the person’s cyber security expertise.
Return to above
Page 60 of 100
APPENDIX A: STAFF CVs
Issue 2.023 June 2021
8.4 CV for K. L.
8.4.1 Personal statement of experience and expertise in cyber securityProvide a succinct summary of the person’s experience and expertise in cyber security using the CyBOK KAs as a framework.
8.4.2 Academic backgroundInclude here items such as qualifications obtained, subjects, year, institution, a few key publications.
8.4.3 Professional employmentDescribe professional positions of employment, highlighting those relevant to cyber security.
8.4.4 Contribution to cyber security at the University of XDescribe what the person does at the HEI that is relevant to cyber security.
8.4.5 Esteem indicatorsFor example, editorships, invited talks, membership of national and international advisory groups. Highlight those relevant to cyber security.
8.4.6 Cyber security knowledge and expertise indicatorsFor example, recent publications, work with industry/government, research activities.
8.4.7 Any other informationInclude any other information that might be relevant in demonstrating the person’s cyber security expertise.
Return to above
Page 61 of 100
APPENDIX A: STAFF CVs
Issue 2.023 June 2021
9. Appendix B: Table 4.3 – Credit Allocation Across the CyBOK Knowledge Areas (Appendix to Section 4 of Application)Please complete Table 4.3 below.
The examples for the Risk Management and Governance KA are provided here for guidance only.
Return to section 4 of the application.
Exam
ple
Onl
y
Broad Category Knowledge Area Topics Indicative Material Modules providing significant coverage
Modules providing partial
coverage
Assessment Approximate number of
credits
A. Human, Organisational and Regulatory Aspects
1. Risk Management and Governance
Risk Definitions
risk assessment RiskMgt Error: Reference source not found Erro r: Reference source not found
2risk management RiskMgt
levels of perceived risk RiskMgt
Risk Governance
governance models RiskMgt
Error: Reference source not found
4
risk perception factors RiskMgt
human factors and risk communication
RiskMgt, HumFact
security culture HumFact
enacting security policy RiskMgt
An example for illustrative purposes only of how the first two topics in Risk Management and Governance are covered by modules in the Master’s degree.
Page 62 of 100
APPENDIX B: TABLE 4.3
Issue 2.023 June 2021
Exam
ple
Onl
y
Broad Category Knowledge Area Topics Indicative Material Modules providing significant coverage
Modules providing partial
coverage
Assessment Approximate number of
credits
A. Human, Organisational and Regulatory Aspects
1. Risk Management and Governance
Risk Assessment and Management Principles
component versus systems perspectives
RiskMgt
Error: Reference source not found
4
elements of risk RiskMgt
risk assessment and management methods
RiskMgt
risk assessment and management in cyber physical systems
Vulnerability management
security metrics
Business Continuity: Incident Response and Recovery Planning
ISO/IEC 27035 RiskMgt
2
NCSC guidance RiskMgt
other guidance RiskMgt
An example for illustrative purposes only of how the third and fourth topics in Risk Management and Governance are covered by modules in the Master’s degree.Please note that in this example an additional row of Indicative Material has been added to reflect other guidance for Business Continuity and Planning that is partially covered in the RiskMgt module.
Page 63 of 100
APPENDIX B: TABLE 4.3
Issue 2.023 June 2021
<<<. APPLICANTS COMPLETE TABLE 4.3 BELOW WHICH CONTINUES OVER A NUMBER OF PAGES >>>
Table 4.3Broad
CategoryKnowledge
AreaTopics Indicative Material Modules providing
significant coverageModules providing partial
coverageAssessments Approximate
number of credits
NA0. CyBOK Introduction
Foundational Concepts
objectives of cyber security
definition of cyber security
failures and incidents
risk management
Principles
Saltzer and Schroeder principles
NIST principles
latent design conditions
Precautionary Principle
Cross-cutting Themes
security economics
security architecture and lifecycle
verification and formal methods
Page 64 of 100
APPENDIX B: TABLE 4.3
Issue 2.023 June 2021
Broad Category
Knowledge Area
Topics Indicative Material Modules providing significant coverage
Modules providing partial coverage
Assessments Approximate number of
credits
A. Human, Organisational and Regulatory Aspects
1. Risk Management and Governance
Risk Definitionsrisk assessment
risk management
levels of perceived risk
Risk Governance
governance models
risk perception factors
human factors and risk communication
security culture
enacting security policy
Risk Assessment and Management Principles
component versus systems perspectives
elements of risk
risk assessment and management methods
risk assessment and management in cyber-physical systemsrisk assessment and management in cyber physical systemsvulnerability management
security metrics
Business Continuity: Incident Response and Recovery Planning
ISO/IEC 27035
NCSC guidance
Page 65 of 100
APPENDIX B: TABLE 4.3
Issue 2.023 June 2021
Broad Category
Knowledge Area
Topics Indicative Material Modules providing significant coverage
Modules providing partial coverage
Assessments Approximate number of
credits
A. Human, Organisational and Regulatory Aspects
2. Human Factors
Usable Security assessment criteria
mental models of security
Fitting the Task to the Human
human capabilities and limitations
short-term memory
long-term memory
human biases
needs of specific groups
goals and tasks
interaction context
device capabilities and limitations
Human Error
latent usability failures in systems-of-systems
thinking fast and slow
shadow security
security hygiene
Awareness and Education
terms
new approaches
mental models of cyber risks and defences
Positive Security fear uncertainty and doubt
people are not the weakest link
Stakeholder Engagement
employees
software developers
Page 66 of 100
APPENDIX B: TABLE 4.3
Issue 2.023 June 2021
Broad Category
Knowledge Area
Topics Indicative Material Modules providing significant coverage
Modules providing partial coverage
Assessments Approximate number of
credits
A. Human, Organisational and Regulatory Aspects
3. Privacy and Online Rights
Confidentiality data confidentiality
metadata confidentiality
Controlprivacy settings configuration
privacy policy negotiation
privacy policy interpretability
Transparency feedback-based transparency
audit-based transparency
Privacy Technologies and Democratic Values
privacy technologies as support to democratic political systemscensorship resistance and freedom of speech
Privacy Engineeringgoals
strategies
privacy evaluation
Page 67 of 100
APPENDIX B: TABLE 4.3
Issue 2.023 June 2021
Broad Category
Knowledge Area
Topics Indicative Material Modules providing significant coverage
Modules providing partial coverage
Assessments Approximate number of
credits
A. Human, Organisational and Regulatory Aspects
4. Law and Regulation
Introductory Principles of Legal Research
nature of law and legal analysis
applying law to cyberspace and information technologiescriminal law
civil law
liability and courts
evidence and proof
holistic approaches to legal risk analysis
Jurisdictionprescriptive jurisdiction
enforcement jurisdiction
data sovereignty
Privacy Laws in General and Electronic Interception
international norms
interception by a state
interception by persons other than state
enforcement of privacy laws
Data Protection
subject matter and regulatory focus
core regulatory principles
investigation and prevention of crime
personal data breach notification
enforcement and penalties
Computer Crime
crimes against information systems
de minimis exceptions to crimes against information systemsthe enforcement of, and penalties for, crimes against information systemswarranted state activity
research and development activities conducted by non-state personsself-help disfavoured: software locks and hack-back
Page 68 of 100
APPENDIX B: TABLE 4.3
Issue 2.023 June 2021
Broad Category
Knowledge Area
Topics Indicative Material Modules providing significant coverage
Modules providing partial coverage
Assessments Approximate number of
credits
A. Human, Organisational and Regulatory Aspects
4. Law and Regulation
Contract
on-line contracts
encouraging security standards via contract
warranties and their exclusion
limitations of liability and exclusions of liability
breach of contract and remedies
effects of contract on non-contracting parties
conflict of law - contracts
Intellectual Property
understanding intellectual property
catalogue of intellectual property rights
enforcement – remedies
reverse engineering
international treatment and conflict of law
Internet Intermediaries
shields from liability
take-down protection
Dematerialisation of Documents and Electronic Trust Services
admission into evidence of electronic documentsrequirements of form and the threat of unenforceabilityelectronic signatures and identity trust services conflict of law – electronic signatures and trust services
Page 69 of 100
APPENDIX B: TABLE 4.3
Issue 2.023 June 2021
Broad Category
Knowledge Area
Topics Indicative Material Modules providing significant coverage
Modules providing partial coverage
Assessments Approximate number of
credits
A. Human, Organisational and Regulatory Aspects
4. Law and Regulation
Other Regulatory Matters
industry-specific regulations
restrictions on exporting security technologies
matters classified as secret by a state
Public International Law
attributing action to a state under international lawstate cyber operations in general
cyber espionage in peacetime
cross-border criminal investigation
the law of armed conflict
Ethicsobligations owed to a client
codes of conduct
vulnerability testing
Page 70 of 100
APPENDIX B: TABLE 4.3
Issue 2.023 June 2021
Broad Category
Knowledge Area
Topics Indicative Material Modules providing significant coverage
Modules providing partial coverage
Assessments Approximate number of
credits
B. Attacks and Defences
5. Malware and Attack Technologies
Malware Taxonomydimensions
kinds
potentially unwanted programs
Malicious Activities by Malware
attack on confidentiality, integrity, availability
cyber kill chain
underground eco-system
Malware Analysis
analysis techniques
analysis environments
anti-analysis and evasion techniques
identifying the analysis environment
Malware Detectionidentifying the presence of malware
evasion and countermeasures
attack detection
Malware Response disrupting malware operations
attribution
Page 71 of 100
APPENDIX B: TABLE 4.3
Issue 2.023 June 2021
Broad Category
Knowledge Area
Topics Indicative Material Modules providing significant coverage
Modules providing partial coverage
Assessments Approximate number of
credits
B. Attacks and Defences
6. Adversarial Behaviours
Characterisation of Adversaries
cyber-enabled crime vs cyber-dependent crimeinterpersonal crimes
cyber-enabled organised crime
cyber-dependent organised crime
hacktivists
state actors
Elements of a Malicious Operation
affiliate programmes
infection vectors
infrastructure
specialised services
human services
payment methods
Models
attack trees
kill chains
environmental criminology
flow of capital
attribution
Page 72 of 100
APPENDIX B: TABLE 4.3
Issue 2.023 June 2021
Broad Category
Knowledge Area
Topics Indicative Material Modules providing significant coverage
Modules providing partial coverage
Assessments Approximate number of
credits
B. Attacks and Defences
7. Forensics
Definitions and Conceptual Models
forensic science
cyber domain
digital (forensic) trace
legal concerns and the Daubert Standard
definitions
conceptual models
Operating System Analysis
storage forensics
data acquisition
filesystem analysis
block device analysis
data recovery and file content carving
Main Memory Forensics
process information
file information
network connections
artifacts and fragments
challenges of live forensics
Application Forensics
case study: e.g., web browsers
Cloud Forensicsservices
forensics challenges
SaaS forensics
Artifact Analysis
cryptographic hashing
block-level analysis
approximate analysis
cloud-native artifacts
Broad Knowledge Topics Indicative Material Modules providing Modules providing partial Assessments Approximate
Page 73 of 100
APPENDIX B: TABLE 4.3
Issue 2.023 June 2021
Category Area significant coverage coverage number of credits
B. Attacks and Defences
8. Security Operations and Incident Management
Fundamental Concepts
workflows and vocabulary
architectural principles
Monitor: Data Sources
network traffic
network aggregates: netflow
network infrastructure information
application logs: web server logs and files
system and kernel logs
Syslog
Analyse: Analysis Methods
misuse detection
anomaly detection
machine learning
testing and validating intrusion detection systemsthe base-rate fallacy
contribution of SIEM to analysis and detection
Plan: Security Information and Event Management
data collection
alert correlation
security operations and benchmarking
Execute: Mitigation and Countermeasures
intrusion prevention systems
SIEM platforms and countermeasures
SOAR: impact and risk assessment
site reliability engineering
Knowledge: Intelligence and Analysis
cyber security knowledge management
honeypots and honeynets
cyber-threat intelligence
situational awareness
Human Factors: Incident Management
prepare: incident management planning
handle: actual incident response
follow up: post incident activities
Page 74 of 100
APPENDIX B: TABLE 4.3
Issue 2.023 June 2021
Page 75 of 100
APPENDIX B: TABLE 4.3
Issue 2.023 June 2021
Broad Category
Knowledge Area
Topics Indicative Material Modules providing significant coverage
Modules providing partial coverage
Assessments Approximate number of
credits
C. System Security
9. Cryptography
Schemes
AES
RSA
DES
PKCS
DSA
Kerberos
TLS
Symmetric Cryptography
symmetric primitives
symmetric encryption and authentication
Public-Key Cryptography
public-key encryption
public-key signatures
Cryptographic Security Models
basic security definitions
hard problems
setup assumptions
simulation of cryptographic operations
universal composability
Information-Theoretically Secure Constructions
one-time pad
secret sharing
Standard Protocols authentication protocols
key agreement protocols
Advanced Protocols
oblivious transfer
zero knowledge
Sigma protocols
secure multi-party computation
Public-Key Schemes group signatures
Page 76 of 100
APPENDIX B: TABLE 4.3
Issue 2.023 June 2021
with Special Properties
ring signatures
blind signatures
identity-based encryption
linearly homomorphic encryption
fully homomorphic encryption
Page 77 of 100
APPENDIX B: TABLE 4.3
Issue 2.023 June 2021
Broad Category
Knowledge Area
Topics Indicative Material Modules providing significant coverage
Modules providing partial coverage
Assessments Approximate number of
credits
C. System Security
10. Operating Systems and Virtualisation
Attacker Model attack surface
threats to security for modern OSs
Role of Operating Systems
mediation
design choices
virtual machines
IOT
security domains
isolation
OS Security Principles
security models
newer principles
Saltzer and Schroeder’s principles
Primitives for Isolation and Mediation
protection rings
low-end devices and IOT
Multics
trusted computer system evaluation criteria
memory protection and address spaces
capabilities
physical access and secure deletion
authentication and identification
modern hardware extensions for memory protection
OS Hardening
information hardening
control-flow restrictions
partitioning
code and data integrity checks
anomaly detection
formal verification
Related Areas databases
Page 78 of 100
APPENDIX B: TABLE 4.3
Issue 2.023 June 2021
Embracing Security PaX Team
GRSecurity
Page 79 of 100
APPENDIX B: TABLE 4.3
Issue 2.023 June 2021
Broad Category
Knowledge Area
Topics Indicative Material Modules providing significant coverage
Modules providing partial coverage
Assessments Approximate number of
credits
C. System Security
11. Distributed Systems Security
Classes of Distributed Systems
decentralised point-to-point interactions across distributed entities without a centralised coordination servicecoordinated clustering across distributed resources and services
Classes of Vulnerabilities and Threats
access/admission control and ID management
data transportation
resource management and coordination servicesdata security
Decentralised P2P Models
principles
unstructured P2P protocols
structured P2P protocols
hybrid P2P protocols
hierarchical P2P protocols
Attacking P2P Systems
functional elements
attack types
attacks and their mitigation
Coordinated Resource Clustering
systems coordination styles
reliable and secure group communications
coordination principles
replication management and coordination schema
Coordination Classes and Attackability
classes of disruptions
resource coordination class
services coordination class
Page 80 of 100
APPENDIX B: TABLE 4.3
Issue 2.023 June 2021
Broad Category
Knowledge Area
Topics Indicative Material Modules providing significant coverage
Modules providing partial coverage
Assessment Approximate number of
credits
C. System Security
12. Formal Methods for Security
Motivation
inadequacy of traditional development methodstowards more scientific development methods
limitations
Foundations, Methods and Tools
properties of systems and their execution
logics and specification languages
property checking
Hardwarehardware verification
side channels
API attacks on security hardware
Cryptographic Protocols
symbolic methods
stochastic methods
computational methods
Software and Large Scale Systems
information flow control
cryptographic libraries
low-level code
operating systems
web-based applications
full-stack verification
Configuration policy analysis
specification-based synthesis
Page 81 of 100
APPENDIX B: TABLE 4.3
Issue 2.023 June 2021
Broad Category
Knowledge Area
Topics Indicative Material Modules providing significant coverage
Modules providing partial coverage
Assessments Approximate number of
credits
C. System Security
13. Authentication, Authorisation and Accountability
Authorisationaccess control
enforcing access control
theory
Access Control in Distributed Systems
core concepts
origin-based policies
federated access control
cryptography and access control
Authentication
identity management
user authentication
authentication in distributed systems
facets of authentication
Accountabilitytechnical aspects
privacy and accountability
distributed logs
Page 82 of 100
APPENDIX B: TABLE 4.3
Issue 2.023 June 2021
Broad Category
Knowledge Area
Topics Indicative Material Modules providing significant coverage
Modules providing partial coverage
Assessment Approximate number of
credits
D. Software and Platform Security
14. Software Security
Categories of Vulnerabilities
CVEs and CWEs
memory management vulnerabilities
structured output generation vulnerabilities
race condition vulnerabilities
API vulnerabilities
side channel vulnerabilities
Prevention of Vulnerabilities
API design
coding practices
erroneous execution
language design and type systems
structured output generations mitigations
race condition mitigations
information flow
Mitigating Exploitation
runtime detection of attacks
automated software diversity
limiting privileges
Detection of Vulnerabilities
static detection
dynamic detection
soundness
completeness
Page 83 of 100
APPENDIX B: TABLE 4.3
Issue 2.023 June 2021
Broad Category
Knowledge Area
Topics Indicative Material Modules providing significant coverage
Modules providing partial coverage
Assessment Approximate number of
credits
D. Software and Platform Security
15. Web and Mobile Security
Fundamental Concepts and Approaches
appification
webification
application stores
sandboxing
permission dialog based access control
web PKI and HTTPS
authentication
cookies
passwords and alternatives
frequent software updates
Client-Side Vulnerabilities and Mitigations
phishing
clickjacking
client-side storage
physical attacks
Server-Side Vulnerabilities and Mitigations
injection vulnerabilities
server-side misconfiguration and vulnerable components
Page 84 of 100
APPENDIX B: TABLE 4.3
Issue 2.023 June 2021
Broad Category
Knowledge Area
Topics Indicative Material Modules providing significant coverage
Modules providing partial coverage
Assessment Approximate number of
credits
D. Software and Platform Security
16. Secure Software Lifecycle
Motivations for Secure Software Lifecycle
breaches are costly
vulnerabilities can be exploited without being noticedpatching can introduce vulnerabilities
customers don’t apply patches
trusted computing
Prescriptive Processes
SAFECode
Microsoft SDL
Touchpoints
Adaptations of Secure Software Lifecycle
agile and DevOps
mobile
cloud computing
IOT
road vehicles
ecommerce
Assess the Secure Software Lifecycle
SAMM
BSIMM
common criteria
Page 85 of 100
APPENDIX B: TABLE 4.3
Issue 2.023 June 2021
Broad Category
Knowledge Area
Topics Indicative Material Modules providing significant coverage
Modules providing partial coverage
Assessment Approximate number of
credits
E. Infrastructure Security
17. Network Security
Security Goals and Attacker Models
security goals in networked systems
attacker models
Networking Applications
local area networks (LANs)
connected networks and the Internet
bus networks
wireless networks
fully distributed networks: DHTs and unstructured P2P networkssoftware-defined networking and network function virtualisation
Network Protocols and Their Security
security at the application layer
security at the transport layer
security at the Internet layer
security on link layer
Network Security Tools
firewalling
intrusion detection and prevention systems
network security monitoring
SDN and NFV security
network access control
zero trust networking
DOS countermeasures
Other Network Security Topics
cloud and data centre security
delay tolerant networks and ad-hoc sensors networksnetwork covert channels
payment networks
physical layer security
networking infrastructure security
Page 86 of 100
APPENDIX B: TABLE 4.3
Issue 2.023 June 2021
cross-border regulations
Page 87 of 100
APPENDIX B: TABLE 4.3
Issue 2.023 June 2021
Broad Category
Knowledge Area
Topics Indicative Material Modules providing significant coverage
Modules providing partial coverage
Assessment Approximate number of
credits
E. Infrastructure Security
18. Hardware Security
Hardware Design Cycle
hardware design process
root of trust
threat model
Measuring Hardware Security
FIPS 140-2
common criteria and EMVCo
SESIP
Secure Platformshardware security module (HSM)
secure element and smartcard
trusted platform module (TPM)
Hardware Support for Software Security
IBM 4578 secure coprocessor
ARM Trustzone
protected module architectures
lightweight solutions
objectives
virtual machines
trusted execution environment
Hardware Design for Cryptographic Algorithms
cryptographic algorithms at RTL level
design process
Side Channel Attacks and Fault Attacks
attacks
countermeasures
Entropy Generating Building Blocks
physically unclonable functions (PUFs)
random number generation
Hardware Design Process
time
design and fabrication of silicon integrated circuits
Page 88 of 100
APPENDIX B: TABLE 4.3
Issue 2.023 June 2021
trojan circuits
circuit level techniques
board level security
Page 89 of 100
APPENDIX B: TABLE 4.3
Issue 2.023 June 2021
Broad Category
Knowledge Area
Topics Indicative Material Modules providing significant coverage
Modules providing partial coverage
Assessment Approximate number of
credits
E. Infrastructure Security
19. Applied Cryptography
The Cryptographic Triumvirate
cell left deliberately blank
Algorithms, Schemes and Protocols
hash functions
block ciphers
stream ciphers
message authentication code (MAC) schemes
authenticated encryption (AE) schemes
public key encryption schemes and key encapsulation mechanismsDiffie-Hellman key exchange
digital signatures
cryptographic diversity
the adversary
the role of formal security definitions and proofskey sizes
development of standardised cryptography
post-quantum cryptography
quantum key distribution
from schemes to protocols
Cryptographic Implementation
cryptographic libraries
API design for cryptographic libraries
implementation challenges
defences
random bit generation
Page 90 of 100
APPENDIX B: TABLE 4.3
Issue 2.023 June 2021
Broad Category
Knowledge Area
Topics Indicative Material Modules providing significant coverage
Modules providing partial coverage
Assessment Approximate number of
credits
E. Infrastructure Security
19. Applied Cryptography
Key Management
the key lifecycle
key derivation
password based key derivation
key generation
key storage
key transportation
refreshing keys and forward security
managing public keys and public key infrastructure
Consuming Cryptography
the challenges of consuming cryptography
addressing the challenges
making cryptography invisible
Applied Cryptography in Action
transport layer security
secure messaging
contact tracing à la DP-3T
Future of applied cryptography
cell left deliberately blanks
Page 91 of 100
APPENDIX B: TABLE 4.3
Issue 2.023 June 2021
Broad Category
Knowledge Area
Topics Indicative Material Modules providing significant coverage
Modules providing partial coverage
Assessment Approximate number of
credits
E. Infrastructure Security
20. Cyber Physical Systems Security
Cyber-Physical Systems
characteristics
protection against natural events and accidentssecurity and privacy concerns
Cross Cutting Security
preventing attacks
detecting attacks
mitigating attacks
Cyber-Physical Systems Domains
industrial control systems
electric power grids
transportation systems and autonomous vehiclesrobotics and advanced manufacturing
medical devices
IOT
Policy and Political Aspects
incentives and regulation
cyber conflict
industry practices and standards
Page 92 of 100
APPENDIX B: TABLE 4.3
Issue 2.023 June 2021
Broad Category
Knowledge Area
Topics Indicative Material Modules providing significant coverage
Modules providing partial coverage
Assessment Approximate number of
credits
E. Infrastructure Security
21. Physical Layer and Telecommunications Security
Schemes for Confidentiality, Integrity and Access Control
key establishment based on channel reciprocityMIMO-supported approaches
secrecy capacity
friendly jamming
protecting data integrity
LPI and covert communication
Jamming and Jamming-Resilient Communications
classification of jammers
countermeasures
coordinated spread spectrum techniques
uncoordinated spread spectrum techniques
signal annihilation and overshadowing
Identification
device under identification
identification signals
device fingerprints
attacks on physical layer identification
Distance Bounding and Secure Positioning
distance bounding protocols
distance measurement techniques
physical layer attacks on secure distance measurementsecure positioning
Compromising Emanations and Sensor Spoofing
compromising emanations
sensor compromise
Physical Layer Security of Selected Communications Technologies
NFC
air traffic communications networks
cellular networks
GNSS security and spoofing attacks
Page 93 of 100
APPENDIX B: TABLE 4.3
Issue 2.023 June 2021
Return to The Taught Component of the Master’s Degree in Cyber Security
Page 94 of 100
APPENDIX B: TABLE 4.3
Issue 2.023 June 2021
10. Appendix C: Module Descriptions (Appendix to Section 4 of Application)Please include a table at the beginning of each module description that shows which KA Topics the module covers along with brief justifications for why this is the case.
The module descriptions should provide good evidence of the KA Topics and Indicative Material coverage claimed in Table 4.3.
Return to The Taught Component of the Master’s Degree in Cyber Security.
By way of example only:
10.1 Risk Management module
Return to The Taught Component of the Master’s Degree in Cyber Security .
10.2 Adversarial Behaviour module
Return to The Taught Component of the Master’s Degree in Cyber Security .
10.3 Cryptography module
Return to The Taught Component of the Master’s Degree in Cyber Security .
10.4 Network Security module
Return to The Taught Component of the Master’s Degree in Cyber Security .
10.5 Malware module
Return to The Taught Component of the Master’s Degree in Cyber Security .
10.6 Human Factors module
Return to The Taught Component of the Master’s Degree in Cyber Security .
10.7 Research Methods module
Return to The Taught Component of the Master’s Degree in Cyber Security .
10.8 Cloud Computing module
Return to The Taught Component of the Master’s Degree in Cyber Security .
10.9 Forensics module
Return to The Taught Component of the Master’s Degree in Cyber Security .
Page 95 of 100
APPENDIX C: MODULE DESCRIPTIONS
Issue 2.023 June 2021
10.10 Machine Learning module
Return to The Taught Component of the Master’s Degree in Cyber Security .
10.11 Project Management module
Return to The Taught Component of the Master’s Degree in Cyber Security .
Page 96 of 100
APPENDIX C: MODULE DESCRIPTIONS
Issue 2.023 June 2021
11. Appendix D: Assessment materials (Appendix to section 5 of application)Please include assessment materials for the taught modules on the Master’s structured as in the examples below. This will help assessors navigate the materials supplied.
Return to Assessment Materials .
By way of example only:
11.1 Risk Management assessments
Return to Assessment Materials .
11.2 Adversarial Behaviour assessments
Return to Assessment Materials .
11.3 Cryptography assessments
Return to Assessment Materials .
11.4 Network Security assessments
Return to Assessment Materials .
11.5 Malware assessments
Return to Assessment Materials .
11.6 Human Factors assessments
Return to Assessment Materials .
11.7 Research Methods assessments
Return to Assessment Materials .
11.8 Cloud Computing assessments
Return to Assessment Materials .
11.9 Forensics assessments
Return to Assessment Materials .
11.10 Machine Learning assessments
Page 97 of 100
APPENDIX D: ASSESSMENT MATERIALS
Issue 2.023 June 2021
Return to Assessment Materials .
11.11 Project Management assessments
Return to Assessment Materials .
Page 98 of 100
APPENDIX D: ASSESSMENT MATERIALS
Issue 2.023 June 2021
12. Appendix E: External Examiners’ Reports (Appendix to Section 5 of Application)Please provide copies of the external examiners’ reports and the HEI’s response in the two sections below.
Return to Assessment Materials .
12.1 External examiners’ reports
Return to Assessment Materials .
12.2 HEI’s response to external examiners’ reports
Return to Assessment Materials .
Page 99 of 100
APPENDIX E: EXTERNAL EXAMINERS’ REPORTS
Issue 2.023 June 2021
13. Appendix F: Research Dissertations Information (Appendix to Section 6 of Application)For each of the dissertations, please provide:
a. the overall mark awarded
b. the components of the overall mark, for example marks awarded to: viva (including any demonstration) dissertation plan dissertation
c. key comments from the internal examiners
d. any additional information that you feel would help the assessment panel as part of its job to determine whether the grade awarded to each dissertation is appropriate
13.1 Distinction dissertation information<<< APPLICANTS INSERT TEXT BELOW >>>
Return to Research Dissertations .
13.2 Merit dissertation information <<< APPLICANTS INSERT TEXT BELOW >>>
Return to Research Dissertations .
13.3 Pass dissertation information<<< APPLICANTS INSERT TEXT BELOW >>>
Return to Research Dissertations .
Page 100 of 100
APPENDIX F: RESEARCH DISSERTATIONS