MTU Courses - CYBR9006 - Secure Systems Architecture

Module Details

Module Code:	CYBR9006
Title:	Secure Systems Architecture
Long Title:	Secure Systems Architecture
NFQ Level:	Expert
Valid From:	Semester 1 - 2021/22 ( September 2021 )

Duration:	1 Semester

Credits:	5

Field of Study:	4817 - Cyber Skills

Module Delivered in:	1 programme(s)

Module Description:	In this module the student will learn the key concepts and techniques employed in designing secure system architectures. The module will cover key technologies to be aware of, whilst imparting the learner with the ability to keep informed on emerging technologies. This module was developed under the CyberSkills HCI Pillar 3 Project. Please refer to consortium agreement for ownership.

Learning Outcomes
On successful completion of this module the learner will be able to:
#	Learning Outcome Description
LO1	Evaluate the applicability and use of Cybersecurity Architecture Frameworks to support and implement secure systems in an organisation.
LO2	Evaluate factors driving the need for network security and assess how network security techniques are implemented as preventive measures to provide robustness to example points of vulnerability and attacks.
LO3	Appraise and apply cybersecurity controls and techniques in the design of organisation's system architecture to meet confidentiality, integrity and availability (CIA) requirements.
LO4	Critically assess the security of a cloud based virtualized architecture with the aim of protecting data, application and services in a cloud computing architecture.
LO5	Apply cybersecurity controls to achieve defence in depth (DiD) to protect the confidentiality, integrity, and availability of the data within a system.

Dependencies
Module Recommendations This is prior learning (or a practical skill) that is strongly recommended before enrolment in this module. You may enrol in this module if you have not acquired the recommended learning but you will have considerable difficulty in passing (i.e. achieving the learning outcomes of) the module. While the prior learning is expressed as named MTU module(s) it also allows for learning (in another module or modules) which is equivalent to the learning specified in the named module(s).

Incompatible Modules These are modules which have learning outcomes that are too similar to the learning outcomes of this module. You may not earn additional credit for the same learning and therefore you may not enrol in this module if you have successfully completed any modules in the incompatible list.
No incompatible modules listed
Co-requisite Modules
No Co-requisite modules listed
Requirements This is prior learning (or a practical skill) that is mandatory before enrolment in this module is allowed. You may not enrol on this module if you have not acquired the learning specified in this section.
No requirements listed

Indicative Content
Frameworks for Enterprise Security Architecture SABSA - Enterprise Security Architecture. Cross Boundary Enterprise Security Framework (CB ESM). Cybersecurity Operations Centre (CSOC). The Open Group Architecture Framework (TOGAF). Critical review and comparison of different frameworks.
Cloud Computing Security Architecture and Networking Technologies as they apply and are used in the Cloud. Policies, technologies and control to protect cloud resources. Data Centres, Virtualisation, Data Containers, Automation, Micro-segmentation. Cloud-based attacks (Cryptojacking, E-skimming, Unauthorised Access) and security mechanisms (Network, Cloud Instance, DevSecOps, Containerization, Applications, File Storage, Conformity and Governance). The need for security design implementation built-in at the beginning of the design process, so as to guarantee a stronger and less vulnerable system architecture.
Security Controls Access control and authentication mechanisms. Permissions and the role of authentication in access controls. Authentication mechanisms. Cryptography basic's and its various applications.
Security Technologies and Products Firewalls, IPS/IDS, DLP, SIEM, Log Correlation and Management, UTM, User and Entity Behaviour Analytics (UEBA), Honeypots, Network Traffic Analysis, Threat Feeds, Next Generation, Anti-Virus, Patch Management, Change Management, Perimeter Management, Web Security, Email Security, Server Security, Defence in Depth, SOC, NOC, Network Monitoring Devices. Deployment of these to prevent and detect attacks to protect runtime physical, virtual, and cloud systems.
Network Security Concepts Forms of attacks on data networks (Passive and Active), Potential Network Vulnerabilities, Connection and Connectionless transmission, Transmission medium, Data Packet concepts - Frame Check Sequence, Encryption (where it can be used), Message Integrity Codes, Forward Error Correction, DSSS, FHSS, CDMA. The associated performance metrics and restrictions that may apply to the use of such security concepts such as small packet size, low bandwidth, high transmission costs, limited processing and storage resources and real-time constraints. Policies, processes and practices that are adopted to secure a network by detecting, preventing and monitoring attacks.
Product Security Architecture Designing software with security in mind. Where security controls fit into software design and development. Secure Software Development Lifecycle, including CICD pipelines. Privacy by Design. Protecting IP in software products. Managing third party and technology partner ecosystem risks. Chip-to-Cloud Security. Secure product support, OWASP Top 10, Web App Firewalls, Security of containers

Assessment Breakdown	%
Module Content & Assessment
Coursework	100.00%

Assessments

Coursework

Assessment Type	Project	% of Total Mark	40
Timing	Week 8	Learning Outcomes	1,2
Assessment Description Students are presented with a case study referring to a hypothetical or actual attack on an organisation's IT system are expected to consider the impact of the attack in violating its security requirements at a business, regulatory and customer level, in addition to how proper governance could have been used to protect the confidentiality, integrity and availability of the system.

Assessment Type	Project	% of Total Mark	60
Timing	Sem End	Learning Outcomes	3,4,5
Assessment Description Student assess and design a range of security controls to achieve defence in depth (DiD) to protect information confidentiality, integrity and availability (CIA) for a system which includes cloud based virtualized infrastructure. Students present their findings and designs through a written report or oral presentation.

No End of Module Formal Examination

Reassessment Requirement
Coursework Only This module is reassessed solely on the basis of re-submitted coursework. There is no repeat written examination.

The University reserves the right to alter the nature and timings of assessment

Module Workload

Workload: Full Time
Workload Type	Contact Type	Workload Description	Frequency	Average Weekly Learner Workload	Hours
Lecture	Contact	Lectures covering the theoretical concepts underpinning the subject.	Every Week	2.00	2
Lab	Contact	Labs to apply techniques learned to realistic case studies.	Every Week	2.00	2
Independent & Directed Learning (Non-contact)	Non Contact	Independent learning by the student including preparing project deliverables and reading resource materials..	Every Week	3.00	3
Total Hours					7.00
Total Weekly Learner Workload					7.00
Total Weekly Contact Hours					4.00

Workload: Part Time
Workload Type	Contact Type	Workload Description	Frequency	Average Weekly Learner Workload	Hours
Lecture	Contact	Lectures covering the theoretical concepts underpinning the subject.	Every Week	2.00	2
Lab	Contact	Labs to apply techniques learned to realistic case studies.	Every Week	2.00	2
Independent & Directed Learning (Non-contact)	Non Contact	Independent learning by the student including preparing project deliverables and reading resource materials..	Every Week	3.00	3
Total Hours					7.00
Total Weekly Learner Workload					7.00
Total Weekly Contact Hours					4.00

Recommended Book Resources
Module Resources
Neil Rerup and Milad Aslaner. (2018), Hands-On Cybersecurity for Architects : Plan and Design Robust Security Architectures, Packt Publishing, [ISBN: 9781788830263].
Supplementary Book Resources
C. P. Gupta and K. K. Goyal. (2020), Cybersecurity: A Self-Teaching Introduction, Mercury Learning & Information, [ISBN: 9781683924982]. Charles J. Brooks, Christopher Grow, Philip Craig, and Donald Short. Cybersecurity Essentials, Wiley, [ISBN: 9781119362395]. Eric Cole. (2009), Network Security Bible, 2nd. Wiley, [ISBN: 9780470502495]. Yuri Diogenes and Erdal Ozkaya. (2018), Cybersecurity – Attack and Defense Strategies: Infrastructure security with Red Team and Blue Team tactics, Packt Publishing, [ISBN: 9781788475297].
Recommended Article/Paper Resources
NIST. (2014), SP 800-162 Guide to Attribute Based Access Control (ABAC), NIST, https://csrc.nist.gov/publications/detai l/sp/800-162/final Defense in Depth (DiD), https://www.sans.org/reading-room/whitep apers/basics/defense-in-depth-525
Supplementary Article/Paper Resources
NIST. (2016), Systems Security Engineering, Special Publication 800-160, Vol.1, https://nvlpubs.nist.gov/nistpubs/Specia lPublications/NIST.SP.800-160v1.pdf
Other Resources
Website, SANS Institute Network Security Resources, https://www.sans.org/network-security/ Website, SANS Reading Room, https://www.sans.org/reading-room/?msc=m ain-nav Website, The Exploit Database – ultimate archive of Exploits, Shellcode, and Security Papers, https://www.exploit-db.com/

Programme Code	Programme	Semester	Delivery
Module Delivered in
CR_KSSAR_9	Certificate in Secure Systems Architecture	2	Mandatory