Internal

CSMDENU: Data Security and Ethics

CSMDENU: Data Security and Ethics

Module code: CSMDENU

Module provider: Computer Science; School of Mathematical, Physical and Computational Sciences

Credits: 20

Level: Postgraduate Masters

When you'll be taught: Semester 2

Module convenor: Dr Martin Lester, email: m.lester@reading.ac.uk

NUIST module lead: Xiaohe Zhang, email: xiaohe.zhang@nuist.edu.cn

Pre-requisite module(s):

Co-requisite module(s):

Pre-requisite or Co-requisite module(s):

Module(s) excluded:

Placement information: NA

Academic year: 2024/5

Available to visiting students: No

Talis reading list: No

Last updated: 21 May 2024

Overview

Module aims and purpose

Information security and the legal and ethical handling of data are matters of increasing concern in society. Professional bodies have rules of ethical conduct which help define how professionals in the industry should behave. As professionals it is important to understand the law, including how laws differ across national boundaries. Beyond the law, however, ethics help us to understand how to behave at an individual level, as well as how to formulate suitable policies at a company or institutional level. 

The security part of the module looks first at some theoretical frameworks for understanding what security means, then a range of common security threats and possible countermeasures. The ethics part of the module looks first at some theoretical frameworks for understanding what acting ethically means and how law is created and enforced, then a range of Computer Science case studies with significant legal and ethical issues. 

Module learning outcomes

By the end of the module, it is expected that students will be able to:

  1. Identify deontological and utilitarian policies and discriminate between ethical and unethical practices in the context of a case study involving software or computer systems;
  2. Apply ethical and legal reasoning to risk analysis of a project involving development or application of software or computer systems;
  3. Use a theoretical framework, such as the Saltzer-Schroeder Principles or the Confidentiality/Integrity/Availability model of information security, to explain in what ways a computer system may be secure or insecure;
  4. Apply a small range of security controls and countermeasures to make a computer system more secure against certain attacks.

Module content

The module covers the following topics:

Ethics and law:

  • Knowledge of the legal system – how laws are made and interpreted
  • Awareness of Deontological ethics and Utilitarian ethics
  • Data: the definitions and concepts, including what ‘processing’ means
  • Knowledge of the legal aspects when processing data
  • Ethics and legality of processing data with and without automatic decisions
  • Copyright and Data Protection legislation (DPA, GDPR, etc.)
  • Risk analysis for projects and products using data

Data security:

  • Confidentiality/Integrity/Availability (CIA) model of information security
  • Saltzer-Schroeder Principles of secure design
  • Common threats and controls at the network and operating system level
  • OWASP Top 10 as a tool for evaluating and responding to common threats

There is some interplay between the security and ethics/law. For example, security is often only necessary because of arguably unethical behaviour, such as cutting corners during software development or hacking. Furthermore, technologies developed for security, such as encryption and network scanning, can be used for both legal and illegal purposes, and their legality may vary between jurisdictions.

The exact topics covered may change from year to year, depending on what is timely. But to give an indication, ethics and law might include case studies involving self-driving cars, encrypted messaging applications, AI chatbots, social media censorship and commercial business software development. Meanwhile, security might include firewalls, encryption libraries, fuzzing tools, program static analysis tools and Unix permissions.

Structure

Teaching and learning methods

Ethics and law will be covered in seminars, while security will be covered in practicals. Both parts of the module will require students to complete some preliminary reading or watch some short video lectures in advance of the taught sessions. 

Ethics and law seminars will mainly take the form of group discussions, where students are encouraged to present their perspectives on a range of relevant issues and case studies, bearing in mind that one’s view of what is ethical or unethical depends highly on one’s ethical framework. Similarly, while questions of what is legal or illegal can ultimately be settled by the courts, this can change between jurisdictions and over time, and decisions about law are often informed by ethics. 

Security practicals will require students to complete a series of exercises involving use of different security controls or technologies to secure information or a computer system in some way. The technologies considered will serve as countermeasures to some of the most common kinds of security vulnerability. 

Study hours

At least 48 hours of scheduled teaching and learning activities will be delivered in person, with the remaining hours for scheduled and self-scheduled teaching and learning activities delivered either in person or online. You will receive further details about how these hours will be delivered before the start of the module.


 Scheduled teaching and learning activities  Semester 1  Semester 2  Summer
Lectures
Seminars 24
Tutorials
Project Supervision
Demonstrations
Practical classes and workshops 24
Supervised time in studio / workshop
Scheduled revision sessions
Feedback meetings with staff
Fieldwork
External visits
Work-based learning


 Self-scheduled teaching and learning activities  Semester 1  Semester 2  Summer
Directed viewing of video materials/screencasts 12
Participation in discussion boards/other discussions
Feedback meetings with staff
Other
Other (details)


 Placement and study abroad  Semester 1  Semester 2  Summer
Placement
Study abroad

Please note that the hours listed above are for guidance purposes only.

 Independent study hours  Semester 1  Semester 2  Summer
Independent study hours 140

Please note the independent study hours above are notional numbers of hours; each student will approach studying in different ways. We would advise you to reflect on your learning and the number of hours you are allocating to these tasks.

Semester 1 The hours in this column may include hours during the Christmas holiday period.

Semester 2 The hours in this column may include hours during the Easter holiday period.

Summer The hours in this column will take place during the summer holidays and may be at the start and/or end of the module.

Assessment

Requirements for a pass

Students need to achieve an overall module mark of 50% to pass this module.

Summative assessment

Type of assessment Detail of assessment % contribution towards module mark Size of assessment Submission date Additional information
Set exercise Practical computer task 50 5-7 pages. 20 hours. Semester 2, Week 11
In-person written examination Exam 50 2 hours Semester 2, Weeks 17-19 Answer 3 out of 4 questions. Ethics will be assessment via exam.

Penalties for late submission of summative assessment

The Support Centres will apply the following penalties for work submitted late:

Assessments with numerical marks

  • where the piece of work is submitted after the original deadline (or any formally agreed extension to the deadline): 10% of the total marks available for that piece of work will be deducted from the mark for each working day (or part thereof) following the deadline up to a total of three working days;
  • the mark awarded due to the imposition of the penalty shall not fall below the threshold pass mark, namely 40% in the case of modules at Levels 4-6 (i.e. undergraduate modules for Parts 1-3) and 50% in the case of Level 7 modules offered as part of an Integrated Masters or taught postgraduate degree programme;
  • where the piece of work is awarded a mark below the threshold pass mark prior to any penalty being imposed, and is submitted up to three working days after the original deadline (or any formally agreed extension to the deadline), no penalty shall be imposed;
  • where the piece of work is submitted more than three working days after the original deadline (or any formally agreed extension to the deadline): a mark of zero will be recorded.

Assessments marked Pass/Fail

  • where the piece of work is submitted within three working days of the deadline (or any formally agreed extension of the deadline): no penalty will be applied;
  • where the piece of work is submitted more than three working days after the original deadline (or any formally agreed extension of the deadline): a grade of Fail will be awarded.

The University policy statement on penalties for late submission can be found at: https://www.reading.ac.uk/cqsd/-/media/project/functions/cqsd/documents/qap/penaltiesforlatesubmission.pdf

You are strongly advised to ensure that coursework is submitted by the relevant deadline. You should note that it is advisable to submit work in an unfinished state rather than to fail to submit any work.

Formative assessment

Formative assessment is any task or activity which creates feedback (or feedforward) for you about your learning, but which does not contribute towards your overall module mark.

Reassessment

Type of reassessment Detail of reassessment % contribution towards module mark Size of reassessment Submission date Additional information
In-person written examination Exam 100 3 hours During the NUIST resit period Answer 4 out of 6 questions

Additional costs

Item Additional information Cost
Computers and devices with a particular specification
Required textbooks Security Engineering, 3rd edition, by Ross Anderson. Cyber Security Body of Knowledge (CyBoK) Free online
Specialist equipment or materials
Specialist clothing, footwear, or headgear
Printing and binding
Travel, accommodation, and subsistence

THE INFORMATION CONTAINED IN THIS MODULE DESCRIPTION DOES NOT FORM ANY PART OF A STUDENT'S CONTRACT.

Things to do now