Internal

CS2DI17 - Databases and Information Security

CS2DI17-Databases and Information Security

Module Provider: Computer Science
Number of credits: 20 [10 ECTS credits]
Level:5
Terms in which taught: Autumn / Spring / Summer module
Pre-requisites: CS1PR16 Programming or CS1PC20 Programming in C/C++ and CS1FC16 Fundamentals of Computer Science
Non-modular pre-requisites:
Co-requisites:
Modules excluded:
Current from: 2021/2

Module Convenor: Dr Martin Lester
Email: m.lester@reading.ac.uk

Type of module:

Summary module description:

The module consists of two parts.



The first part covers  Databases.  An introduction to the basics of relational database design, Structured Query Language (SQL) and some selected advanced database topics.



The second part, covers major threats and risks that affect the security of a network and the systems that rely on it (network security), and the major threats to data in both structured and unstructured form (data security).


Aims:

Databases provides students with the underlying principles and practical experience necessary to design and implement scalable, secure databases.  Information Security aims to build knowledge to counter the threats to a computer system and to minimise risks with technical mechanisms.



This module also encourages students to develop a set of professional skills such as end user awareness, software design and development, creativity, team working and personal development planning.


Assessable learning outcomes:

The student will be able to:




  • Carry out the analysis of a simple problem susceptible to solution using database technology;

  • Produce a well-structured design in terms of the structural elements of a relational database;

  • Design and implement a database application to solve the problem posed;

  • Use the SQL language, including DDL, an in-database procedural language such as PL/SQL, and database triggers;



Information Security:




  • The student will be able to:

  • Identify ways of countering different types of threat;

  • Produce strategies to minimise risks of security breaches in a range of network environments and data storage systems;

  • Critically analyse the shortcomings of a range of security strategies;

  • Describe and apply the techniques used to penetrate a Web application;

  • De velop appropriate security policies and network architectures to minimise the threats from network intrusion;

  • Understand the different types of threat posed by different classes of hacker and by different categories of malware;

  • Describe and apply the principles of key cryptography and message digests in security protocols such as TLS;

  • Apply appropriate access controls and authentication techniques at different levels

  • Critically anal yse the security and privacy issues surrounding structured and unstructured data in a variety of different scenarios, with an in-depth focus on securing such data in Web applications.


Additional outcomes:

Practical experience in design and implementation of a relational database.



Practical experience of network scanning and penetration testing techniques.


Outline content:

Databases:




  • Database Management Systems

  • Relational database model (ER model, relations, attributes, data structures and keys)

  • Normalisation

  • Database definition (SQL - DDL)

  • Transactions, concurrency and consistency (SQL - TCL)

  • Database manipulation (SQL – DML, multipurpose queries, database population, views, stored procedures, trigger


Information security:




  • The CIA (Confidentiality, Integrity, Availability) model of information security

  • The value of information assets and physical assets, and the cost of their loss

  • Motives and capabilities of different attackers

  • Examples of attacks on a networked system at different levels of the OSI network stack

  • Examples of countermeasures for different attacks

  • Passwords a nd other methods of authentication

  • Public/private key cryptography, digital signatures and certificates

  • Multi-level security and access control

  • Non-technical aspects: social engineering and physical security

  • The effect of social, legal and economic incentives on security

  • Responsible and ethical use of technical skills and knowledge by organisations and individuals


Brief description of teaching and learning methods:

Lectures supported by laboratory practicals, seminars and a number of assignments.


Contact hours:
  Autumn Spring Summer
Lectures 10 16 1
Practicals classes and workshops 10 4
Guided independent study: 79.5 79.5
       
Total hours by term 99.5 99.5 1
       
Total hours for module 200

Summative Assessment Methods:
Method Percentage
Written exam 50
Set exercise 50

Summative assessment- Examinations:

One 2-hour examination paper in May/June.


Summative assessment- Coursework and in-class tests:

There are two pieces of coursework:




  • Database development (including design, implementation and testing (25%)

  • Information Security assessment on penetration testing (25%)


Formative assessment methods:

Students receive formative feedback through the weekly practical exercises.


Penalties for late submission:

The Support Centres will apply the following penalties for work submitted late:

  • where the piece of work is submitted after the original deadline (or any formally agreed extension to the deadline): 10% of the total marks available for that piece of work will be deducted from the mark for each working day (or part thereof) following the deadline up to a total of five working days;
  • where the piece of work is submitted more than five working days after the original deadline (or any formally agreed extension to the deadline): a mark of zero will be recorded.
The University policy statement on penalties for late submission can be found at: http://www.reading.ac.uk/web/FILES/qualitysupport/penaltiesforlatesubmission.pdf
You are strongly advised to ensure that coursework is submitted by the relevant deadline. You should note that it is advisable to submit work in an unfinished state rather than to fail to submit any work.

Assessment requirements for a pass:

A mark of 40% overall.


Reassessment arrangements:

One 3-hour examination paper in August/September.  Note that the resit module mark will be the higher of (a) the mark from this resit exam and (b) an average of this resit exam mark and previous coursework marks, weighted as per the first attempt (50% exam, 50% coursework).


Additional Costs (specified where applicable):

1) Required text books:  None

2) Specialist equipment or materials:  None

3) Specialist clothing, footwear or headgear:  None

4) Printing and binding:  None

5) Computers and devices with a particular specification:  None

6) Travel, accommodation and subsistence:  None


Last updated: 10 August 2021

THE INFORMATION CONTAINED IN THIS MODULE DESCRIPTION DOES NOT FORM ANY PART OF A STUDENT'S CONTRACT.

Things to do now