CSMDE21-Data Security and Ethics
Module Provider: Computer Science
Number of credits: 10 [5 ECTS credits]
Level:7
Terms in which taught: Spring term module
Pre-requisites:
Non-modular pre-requisites:
Co-requisites:
Modules excluded:
Current from: 2023/4
Module Convenor: Dr Pat Parslow
Email: p.parslow@reading.ac.uk
Type of module:
Summary module description:
Information security and the legal and ethical handling of data are matters of increasing concern in society. Professional bodies have rules of ethical conduct which help define how professionals in the industry should behave. As professionals it is important to understand the law, including how laws differ across national boundaries. Beyond the law, however, ethics help us to understand how to behave at an individual level, as well as how to formulate suitable policies at a company or institutional level.
Aims:
As such, the module explores ideas such as:
- Knowledge of the legal aspects when processing data.
- Knowledge of the legal system – how laws are made and interpreted
- Awareness of Deontological ethics and Utilitarian ethics
- Data; the definitions and concepts, including what ‘processing’ means.
- Ethics and legality of processing data with and without automatic decisions.
- Copyright and Data Protection legislation (DPA, GDPR, etc.).
- Storage mechanisms for data (in broad terms), and security methods.
- Understanding Information security, Network security and Data security
- Risk analysis for projects and products using data
This module also encourages students to develop a set of professional skills, such as team discussion, and critical problem solving.
Assessable learning outcomes:
- Identifying deontological and utilitarian policies and discriminating between ethical and unethical practices
- Applying ethical and legal reasoning to risk analysis
- Identifying legal and ethical security approaches for data-based projects and products
- Application of data security methods to different types of project
- Analysis of attack surface and attack vectors
Additional outcomes:
Outline content:
Overview of information security
This part of the module provides an overview of the issues involved in information security in general, focusing on cryptography, the theories underlying computer security, authentication and access control.
Network Security
This part of the module focuses on the role the network plays in computer security, including its vulnerabilities, and the techniques that can be used to make the network secure. The part covers security issues related to general networks (e.g. port scanning, Denial of Service, etc.), the Web (e.g. SQL injection, XSS, CSRF, directory traversal attacks, etc.), and system threats in general, such as viruses, worms and Trojan horses. It also covers security controls such as firewalls, secure network protocols such as SSL and IPSec, and Intrusion Detection Systems.
Data Security
This part of the module focuses on the security of structured data (i.e. data stored in file storage systems or in databases) and unstructured data (i.e. data outside of a storage system that is manually used and transformed, and which is frequently in various states of rest, transit and use). The part covers the techniques that should be used to secure access to structured data, to prevent its accidental loss and to prevent it from being read by intruders; it also covers the techniques used to secure unstructureddata, with particular emphasis made on Web applications, one of the most commonly used sources of unstructured data, yet one of the most notoriously difficult systems to secure. This part brings together the previous two parts, and shows how the theories and techniques used in Computer and Network Security can be applied to ensure the security of structured and unstructured data.
Law and Ethics
The underlying drivers to motivate good data security and integrity, founded on an understanding of the relevant laws, and two of the main moral philosophies. Understanding the risks and potential mitigations, and the nature of humans-in-the-loop as risk factors with e.g. phishing attacks.
Global context:
Laws vary between regions, and ethics vary between communities; the topic is covered from a UK and EU centred perspective.
Brief description of teaching and learning methods:
Lecturers led discussions, with practical classes in data security implementations, supported by independent study and task focused independent desk study.
Autumn | Spring | Summer | |
Lectures | 10 | ||
Practicals classes and workshops | 10 | ||
Guided independent study: | |||
Wider reading (independent) | 20 | ||
Exam revision/preparation | 10 | ||
Advance preparation for classes | 20 | ||
Essay preparation | 20 | ||
Reflection | 10 | ||
Total hours by term | 0 | 100 | 0 |
Total hours for module | 100 |
Method | Percentage |
Written exam | 50 |
Set exercise | 50 |
Summative assessment- Examinations:
One 1.5-hour examination paper in May/June.
Summative assessment- Coursework and in-class tests:
One piece of coursework.
Formative assessment methods:
Online tests to promote independent research and testing understanding of legal and ethical aspects.
Penalties for late submission:
The below information applies to students on taught programmes except those on Postgraduate Flexible programmes. Penalties for late submission, and the associated procedures, which apply to Postgraduate Flexible programmes are specified in the policy 'Penalties for late submission for Postgraduate Flexible programmes', which can be found here: https://www.reading.ac.uk/cqsd/-/media/project/functions/cqsd/documents/cqsd-old-site-documents/penaltiesforlatesubmissionpgflexible.pdf
The Support Centres will apply the following penalties for work submitted late:
- where the piece of work is submitted after the original deadline (or any formally agreed extension to the deadline): 10% of the total marks available for that piece of work will be deducted from the mark for each working day (or part thereof) following the deadline up to a total of five working days;
- where the piece of work is submitted more than five working days after the original deadline (or any formally agreed extension to the deadline): a mark of zero will be recorded.
You are strongly advised to ensure that coursework is submitted by the relevant deadline. You should note that it is advisable to submit work in an unfinished state rather than to fail to submit any work.
Assessment requirements for a pass:
A mark of 50% overall
Reassessment arrangements:
One 2-hour examination paper in August/September. Note that the resit module mark, used to determine progression, will be the higher of (a) the mark from this resit exam and (b) an average of this resit exam mark and previous coursework marks, weighted as per the first attempt (50% exam, 50% coursework).
Additional Costs (specified where applicable):
1) Required text books:
2) Specialist equipment or materials:
3) Specialist clothing, footwear or headgear:
4) Printing and binding:
5) Computers and devices with a particular specification:
6) Travel, accommodation and subsistence:
Last updated: 30 March 2023
THE INFORMATION CONTAINED IN THIS MODULE DESCRIPTION DOES NOT FORM ANY PART OF A STUDENT'S CONTRACT.