CSMDE: Data Security and Ethics
Module code: CSMDE
Module provider: Computer Science; School of Mathematical, Physical and Computational Sciences
Credits: 20
Level: Postgraduate Masters
When you'll be taught: Semester 2
Module convenor: Dr Martin Lester, email: m.lester@reading.ac.uk
Pre-requisite module(s):
Co-requisite module(s):
Pre-requisite or Co-requisite module(s):
Module(s) excluded:
Placement information: NA
Academic year: 2024/5
Available to visiting students: No
Talis reading list: Yes
Last updated: 21 May 2024
Overview
Module aims and purpose
Information security and the legal and ethical handling of data are matters of increasing concern in society. Professional bodies have rules of ethical conduct which help define how professionals in the industry should behave. As professionals it is important to understand the law, including how laws differ across national boundaries. Beyond the law, however, ethics help us to understand how to behave at an individual level, as well as how to formulate suitable policies at a company or institutional level.
The security part of the module looks first at some theoretical frameworks for understanding what security means, then a range of common security threats and possible countermeasures. The ethics part of the module looks first at some theoretical frameworks for understanding what acting ethically means and how law is created and enforced, then a range of Computer Science case studies with significant legal and ethical issues.
Module learning outcomes
By the end of the module, it is expected that students will be able to:
- Identify deontological, virtue based and utilitarian policies and discriminate between ethical and unethical practices in the context of a case study involving software or computer systems;
- Apply ethical and legal reasoning to risk analysis of a project involving development or application of software or computer systems;
- Use a theoretical framework, such as the Saltzer-Schroeder Principles or the Confidentiality/Integrity/Availability model of information security, to explain in what ways a computer system may be secure or insecure;
- Apply a small range of security controls and countermeasures to make a computer system more secure against certain attacks.
Module content
The module covers the following topics:
Ethics and law:
- Knowledge of the legal system – how laws are made and interpreted
- Awareness of Deontological, virtue based and Utilitarian ethics
- Data: the definitions and concepts, including what ‘processing’ means
- Knowledge of the legal aspects when processing data
- Ethics and legality of processing data with and without automatic decisions
- Copyright and Data Protection legislation (DPA, GDPR, etc.)
- Risk analysis for projects and products using data
Data security:
- Confidentiality/Integrity/Availability (CIA) model of information security
- Saltzer-Schroeder Principles of secure design
- Common threats and controls at the network and operating system level
- OWASP Top 10 as a tool for evaluating and responding to common threats
There is some interplay between the security and ethics/law. For example, security is often only necessary because of arguably unethical behaviour, such as cutting corners during software development or hacking. Furthermore, technologies developed for security, such as encryption and network scanning, can be used for both legal and illegal purposes, and their legality may vary between jurisdictions.
The exact topics covered may change from year to year, depending on what is timely. But to give an indication, ethics and law might include case studies involving self-driving cars, encrypted messaging applications, AI chatbots, social media censorship and commercial business software development. Meanwhile, security might include firewalls, encryption libraries, fuzzing tools, program static analysis tools and Unix permissions.
Structure
Teaching and learning methods
Ethics and law will be covered in seminars, while security will be covered in practicals. Both parts of the module will require students to complete some preliminary reading or watch some short video lectures in advance of the taught sessions.
Ethics and law seminars will mainly take the form of group discussions, where students are encouraged to present their perspectives on a range of relevant issues and case studies, bearing in mind that one’s view of what is ethical or unethical depends highly on one’s ethical framework. Similarly, while questions of what is legal or illegal can ultimately be settled by the courts, this can change between jurisdictions and over time, and decisions about law are often informed by ethics.
Security practicals will require students to complete a series of exercises involving use of different security controls or technologies to secure information or a computer system in some way. The technologies considered will serve as countermeasures to some of the most common kinds of security vulnerability.
Study hours
At least 48 hours of scheduled teaching and learning activities will be delivered in person, with the remaining hours for scheduled and self-scheduled teaching and learning activities delivered either in person or online. You will receive further details about how these hours will be delivered before the start of the module.
| Scheduled teaching and learning activities | Semester 1 | Semester 2 | Summer |
|---|---|---|---|
| Lectures | |||
| Seminars | 24 | ||
| Tutorials | |||
| Project Supervision | |||
| Demonstrations | |||
| Practical classes and workshops | 24 | ||
| Supervised time in studio / workshop | |||
| Scheduled revision sessions | |||
| Feedback meetings with staff | |||
| Fieldwork | |||
| External visits | |||
| Work-based learning | |||
| Self-scheduled teaching and learning activities | Semester 1 | Semester 2 | Summer |
|---|---|---|---|
| Directed viewing of video materials/screencasts | 12 | ||
| Participation in discussion boards/other discussions | |||
| Feedback meetings with staff | |||
| Other | |||
| Other (details) | |||
| Placement and study abroad | Semester 1 | Semester 2 | Summer |
|---|---|---|---|
| Placement | |||
| Study abroad | |||
| Independent study hours | Semester 1 | Semester 2 | Summer |
|---|---|---|---|
| Independent study hours | 140 |
Please note the independent study hours above are notional numbers of hours; each student will approach studying in different ways. We would advise you to reflect on your learning and the number of hours you are allocating to these tasks.
Semester 1 The hours in this column may include hours during the Christmas holiday period.
Semester 2 The hours in this column may include hours during the Easter holiday period.
Summer The hours in this column will take place during the summer holidays and may be at the start and/or end of the module.
Assessment
Requirements for a pass
Students need to achieve an overall module mark of 50% to pass this module.
Summative assessment
| Type of assessment | Detail of assessment | % contribution towards module mark | Size of assessment | Submission date | Additional information |
|---|---|---|---|---|---|
| Set exercise | Practical computer task | 50 | 5-7 pages. 20 hours | Semester 2, Teaching Week 11 | |
| Online written examination | Exam | 50 | 2 hours | Semester 2 Assessment Period | Answer 3 out of 4 questions. Ethics will be assessment via exam. |
Penalties for late submission of summative assessment
The Support Centres will apply the following penalties for work submitted late:
Assessments with numerical marks
- where the piece of work is submitted after the original deadline (or any formally agreed extension to the deadline): 10% of the total marks available for that piece of work will be deducted from the mark for each working day (or part thereof) following the deadline up to a total of three working days;
- the mark awarded due to the imposition of the penalty shall not fall below the threshold pass mark, namely 40% in the case of modules at Levels 4-6 (i.e. undergraduate modules for Parts 1-3) and 50% in the case of Level 7 modules offered as part of an Integrated Masters or taught postgraduate degree programme;
- where the piece of work is awarded a mark below the threshold pass mark prior to any penalty being imposed, and is submitted up to three working days after the original deadline (or any formally agreed extension to the deadline), no penalty shall be imposed;
- where the piece of work is submitted more than three working days after the original deadline (or any formally agreed extension to the deadline): a mark of zero will be recorded.
Assessments marked Pass/Fail
- where the piece of work is submitted within three working days of the deadline (or any formally agreed extension of the deadline): no penalty will be applied;
- where the piece of work is submitted more than three working days after the original deadline (or any formally agreed extension of the deadline): a grade of Fail will be awarded.
The University policy statement on penalties for late submission can be found at: https://www.reading.ac.uk/cqsd/-/media/project/functions/cqsd/documents/qap/penaltiesforlatesubmission.pdf
You are strongly advised to ensure that coursework is submitted by the relevant deadline. You should note that it is advisable to submit work in an unfinished state rather than to fail to submit any work.
Formative assessment
Formative assessment is any task or activity which creates feedback (or feedforward) for you about your learning, but which does not contribute towards your overall module mark.
Reassessment
| Type of reassessment | Detail of reassessment | % contribution towards module mark | Size of reassessment | Submission date | Additional information |
|---|---|---|---|---|---|
| Online written examination | Exam | 100 | 3 hours | During the University resit period | Answer 4 out of 6 questions |
Additional costs
| Item | Additional information | Cost |
|---|---|---|
| Computers and devices with a particular specification | ||
| Required textbooks | Security Engineering, 3rd edition, by Ross Anderson. Cyber Security Body of Knowledge (CyBoK) | Free online |
| Specialist equipment or materials | ||
| Specialist clothing, footwear, or headgear | ||
| Printing and binding | ||
| Travel, accommodation, and subsistence |
THE INFORMATION CONTAINED IN THIS MODULE DESCRIPTION DOES NOT FORM ANY PART OF A STUDENT'S CONTRACT.