As computing systems become more essential to our daily lives, it becomes ever more necessary that the services they give area unit out there whenever we'd like them. We should additionally be ready to admit the integrity of the systems, and thus the info that they hold and supply. What is more, our society and our economy depend upon bound items of data being control in confidence.
We wish to be assured that they're going to work precisely for sure, and that they're going to keep working – even within the face of disasters, accidents, or deliberate attempts to interfere with or stop their perform.
Achieving and maintaining security is a complex, interdisciplinary challenge. We should take into account not solely the code and hardware elements of a system, but additionally the method in that these relate to the human processes and physical constraints of the $64000 world. A modern security skilled must perceive principles of design, design, management, interoperability, and evolution, and to apply them effectively during a world of rapidly-changing technologies and expectations.
The Software and Systems Security Programme at the University of Oxford teaches these principles and their application. It offers a flexible programme of short courses to those operating full time in business or within the public sector. It addresses a wide range of subjects – from service architectures to forensics, from trusted platforms to risk analysis, and from human factors to incident management. It is accessible to anyone with the proper combination of previous education and practical expertise.
The courses on the Programme can be used as individual programmes of skilled coaching in specific subjects, or as credit towards a Master of Science (MSc) degree in Software and Systems Security from the University of Oxford. Students on the MSc take between 2 and four years to complete a minimum of 10 courses, typically at a rate of 3 courses per year, earning a degree while in full time skilled employment. The courses may be taken in any order and combination, depending upon previous expertise and education.
Each short course is primarily based around per week of intensive teaching in Oxford, with some initial reading to consider beforehand, and a six-week assignment to complete afterwards. The teaching week allows you the likelihood to explore a subject matter exhaustive, with expert teaching and supervising, away from the strain of labor and family. The reading gives you the chance to organize yourselves; the assignment, an chance to deepen and to demonstrate your understanding.
Security Principles (SPR)
This course teaches the fundamental principles of data and systems security, associated is often used as an introduction to the Programme. It explores a wide range of security technologies, examines security standards and expectations, and explains techniques for the evaluation of security needs and solutions. It places theoretical work on protocol design, cryptography, and information flow firmly within the context of existing and rising apply, with an stress upon integration and value.
Secure Programming (SCP)
Many failures and vulnerabilities arise at the programming level. These are typically due to inadequate handling of outstanding things, poor understanding of the details of the programing language in use, and incomplete descriptions of the interfaces between components. This course aims to improve the practitioner's capability in writing and reviewing code, through a thorough understanding of static analysis, run- time assertion checking, and compile-time verification.
Participants should have a basic understanding of topics in security, as provided by the Security Principles (SPR) course.
Trusted Computing Infrastructure (TCI)
A secure system is the product of various layers that operate together to supply in-depth protection. This course looks at the varied platforms upon that a secure system operates, with an stress on sensible and repeatable means that of implementing these platforms firmly. It examines roots and chains of trust, operating systems security, trusted platforms, and virtualisation for security. It shows how these area unit applied to secure networking, remote working, trusted storage, and remote computation in grids and clouds.
Participants should have a basic understanding of topics in security, as provided by the Security Principles (SPR) course.
Design for Security (DES)
Security is a system-level property, and emerges from the coordinated design of elements and processes. This course shows how a vary of things, from architectural patterns to elaborated technical controls, can be thought-about along within the production of cost-efficient solutions. It addresses the challenge of providing security, through a combination of infrastructure, mechanisms, and procedures, while satisfying needs for practicality and usability.
Participants should have a basic understanding of topics in security, as provided by the Security Principles (SPR) course.
Security Risk Analysis and Management (RIS)
The concept of risk is central to code and systems security. An understanding of the {ways|ways that|ways in that} in which systems area unit exposed to totally different forms of threat, and an applicable assessment of probability and impact, can inform the choice and prioritisation of security measures. This course teaches a principled approach to risk analysis, explores the techniques and practices of risk management, and demonstrates their application through a realistic set of examples and case studies.
Participants should have a basic understanding of topics in security, as provided by the Security Principles (SPR) course.
People and Security (PAS)
Many failures in security will be attributed to human weakness, misunderstanding, misinformation, misdirection, or failure to grasp the importance of prescribed processes and procedures. The interaction between people and technology typically presents a important challenge to secure operation. This course teaches techniques drawn from human-computer interaction and psychology, addressing this challenge within the context of onerous, technical implementation decisions.
Familiarity with basic security principles and standard mechanisms, as covered in Security Principles (SPR), is assumed.
Network Security (NES)
Networks are a potential vector for several varieties of attack, associated are an ideal location for threat mitigation and isolation technologies. This course teaches approaches to the prevention, detection, mitigation, and remediation of security issues in the network at every layer, as well as observing cross-cutting concerns across an entire networking stack. It examines the strengths and weaknesses of boundary protections, intrusion detection and prevention, and privacy-preserving routing.
Participants should have a basic understanding of topics in security, as provided by the Security Principles (SPR) course.
Cloud Security (CLS)
The provision of automated self-managed services – for code, platforms, and infrastructure –relieves local administration of several security issues, yet additionally removes from them several of the tools and controls they expect to use, while introducing new threats and adversaries. This course reviews the architectural principles of cloud computing, describes the threats and security controls possible at every level of abstraction, and addresses cloud management services for trustworthy, secure, and resilient operation with minimal intervention.
Forensics (FOR)
The investigation of computer crime is a delicate, involved method that needs a deep understanding of the evidentiary standards expected in circumstances wherever electronic rhetorical information is to be used. This course describes the current best practice in understanding associated deconstructing an attack while protective proof, and explores how to style and measure systems so as to facilitate rhetorical examination. It combines a strong summary of principles with some illustrative sensible work, recovering information exploitation essentially low-level tools.
Participants should have a basic understanding of topics in security, as provided by the Security Principles (SPR) course.
Data Security and Privacy (DAS)
New technologies make it potential to capture progressively elaborated, personal information: about customers, patients, and citizens. As new ways of linking and exploitation this info emerge, so too do issues concerning the security of the corresponding information. This course explores the potential impact of existing and future legislation upon data storage and process, and presents practical approaches to the secure management of personal and different info in databases and applications.
Participants ought to have a basic understanding of laptop security to the extent provided by the safety Principles (SPR) course; participants should even have a basic understanding of relative databases to the level provided by the info style (DAT) course.
Security and Incident Management (SIM)
A key ingredient of successful security and risk programmes is effective management of security- connected incidents. Incidents range from the little and inevitable, which will be eliminated through operation controls, to the large and unpredictable, where commonplace management controls and mechanisms could not work. This course teaches the principles of incident management in practice and identifies key themes for effective response to the vary of events and triggers that impact upon businesses, governments, and individuals.
Building Information Governance (BIG)
To govern information currently needs mastery of a various, often international, portfolio of legal rules, technology standards, business policies and technology, all applied across increasingly advanced, distributed systems and repositories. The increase scrutiny and needs of official agencies and business partners impose new requirements for compliance documentation and transparency. This course introduces a structured design approach that permits robust, responsive, and resilient information governance to be incorporated into the style and management of digital assets.
Mobile Systems Security (MSS)
Mobile devices present distinctive challenges for security, including issues of device association, power constraints, and restricted interfaces. Mobile applications often incorporate each native and remote services, complicating the management and enforcement of security policies. This course presents a range of techniques for the look and implementation of secure mobile applications, balancing the needs of practicality, security, resource utilisation, and privacy.
Security in Wireless Networks (SWN)
Wireless and mobile networks are acquainted from everyday life, but gift a distinctive mixture of security challenges, as a result of trade-offs between power, cost, physical propagation characteristics, interfaces, modes of use, and management. Moreover, as they often area unit associated with the individual,they are typically of central importance in issues of privacy. The purpose of this course is to familiarise participants with threats, vulnerabilities,and security countermeasures of core technologies such as WLAN, Bluetooth, GSM, and UMTS, as well as new and emerging wireless technologies, such as ZigBee, wireless mesh networks, and RFIDs...
