We use cookies on this site. By browsing our site you agree to our use of cookies. Close this message Find out more

Home > Information Security home > Information Security (MSc)
More in this section Course finder

Information Security (MSc)

Back to course search results

Course overview

The electronic handling of information is one of the defining technologies of our age. Enormous volumes of information are routinely stored and transmitted worldwide and most aspects of our daily lives would come to a halt should the information infrastructure fail. 

However, with the benefits deriving from the ability to automatically manage so much information, come major threats to businesses, governments and individuals. These threats include possible fraud through information manipulation, deliberate damage to stored and transmitted information, and blackmail associated with the threat of damage.

The field of Information Security, namely the study of countermeasures to these real and serious threats, has grown up very rapidly in recent years. The subject embraces a range of technologies such as cryptography, computer security, and fraud detection, and also includes the study of how security can best be managed.

This advanced course is taught by the Information Security Group (ISG), and security experts from industry. It is designed to produce a comprehensive education in the technical, legal and commercial aspects of Information Security.

Key facts

Key facts about the course
Qualification Master of Science
Duration 1 year full-time, 2 years part-time, 3-7 seven years CPD, 2-4 years Distance Learning
Department and Faculty ISG, Faculty of Science
Partner institution(s) --
Course director

Chez Ciechanowicz

Contact for more information

Michelle Gates (campus based-courses)

Claire Hudson (distance learning courses)

Fees / funding

Please visit the Fees and funding pages for the latest information about tuition fees and the different sources of funding which may be available to you. Note that this is for the campus based courses. For distance learning courses fees, please visit the University of London International Programmes webpage.

How to apply

Applications for entry to all our full-time and postgraduate degrees (campus based courses) are made on the Royal Holloway admissions webpages.

Note that If you are interested in our distance learning postgraduate degree, then this is adminstered by University of London International Programmes, applicants must apply via their website.

If you are interested in applying to Royal Holloway, why not arrange a visit to our campus to see for yourself what academic and student life is like here. More information on arranging visits is available on our Open days pages.


Entry requirements

Entry criteria:

UK Lower Second Class Honours degree (2:2) or equivalent.

Students without the required first degree but with appropriate industrial experience will also be considered.

English language requirements:

IELTS 6.5 overall and minimum of 5.5 in each subscore, for equivalencies see here.


Students from overseas should visit the International pages for information on the entry requirements from their country and further information on English language requirements. Royal Holloway offers a Pre-Master’s Diploma for International Students and English language pre-sessional courses, allowing students the opportunity to develop their study skills and English language before starting their postgraduate degree.


Why choose this course?

  • This pioneering course was the first of its kind in the world. Our Information Security Group (ISG) was recognised in 1998 when the College was awarded a Queen’s Anniversary Prize for the ISG’s work. The citation read “This pioneering Group provides a unique national resource for the training of information security specialists and the development of highly secure communications and computer systems. It offers world-leading independent expertise in a field of crucial importance where trust and integrity are paramount.”
  • As this course was the first of its kind, we consulted with more than 20 companies and Government departments to ascertain what they felt such a degree course should contain. Many of these organisations have maintained close links with the department and, in a typical year, you would benefit from lectures or seminars from up to 50 guest speakers.
  • Having an offering that is up to date and relevant to potential employers is a key theme to all our activities. Therefore, in addition to our comprehensive syllabus and accompanying seminars, you will be offered some cutting-edge optional units.
  • You will have access to virtualization software from the ISG Lab in which you can experiment with network security settings and concepts introduced in these units. As well as the general purpose lab, there is also a Penetration Testing Laboratory and the Smart Card Centre where specialist equipment and tools may be accessed for those who may be undertaking a practical project in these areas.
  • The ISG also recognises the standing of the CISSP qualification in the workplace. As a result we have established an arrangement with (ISC)2 whereby you will attend an intensive two-day CISSP revision course at Royal Holloway and then sit the associated exam on campus.
  • Our cryptographers have close links with Bletchley Park and many students visit that historic site during their studies.

Department research and industry highlights

The ISG is an interdisciplinary research group conducting internationally-leading research in all areas of information security: 

  • device and system security (including security of portable devices, smart cards, smart tokens and embedded systems)
  • protection of evolving networks (including wireless, mobile, ad hoc and ubiquitous networks)
  • trusted computing
  • security infrastructure provision (including protection of critical national infrastructure and grid security)
  • socio-technical studies in information security (including both organisational information security research and sociological research in the wider "Information Society" context)
  • application security (including identity management and software security)
  • fundamental security technologies (including cryptography, cryptographic protocols, and authentication technologies).

Our breadth of coverage, coupled with our size, distinguished educational and academic track record, and long-standing and deep engagement with industry, makes the ISG a unique research group in the UK.

Course content and structure

The MSc in Information Security has three main elements:

  •  A: A core element made up of four core modules (4 9ths of the total assessment);
  • B: An options element made up of two optional modules (2 9ths of the total assessment);
  • C: A project element (3 9ths of the total assessment)

The core element has two different forms, the selection of which depends on the interest and the background of the student and their likely future career. Both forms of the core involve four taught courses.

Students may opt to also register for a track, the choice of which will limit their choices with respect to all three elements of the degree programme, i.e. the core, the options, and the project. Successful completion of an MSc track will indicate that the student has achieved a degree in a specialist sub-area within Information Security, and this will be acknowledged on the degree transcript.

Details of the programme structure:


A: Core Element

Students must either follow Core A or Core B

Core A - Students must take the following four modules:

  • IY5501: Security Management
  • IY5502: Introduction to Cryptography and Security Mechanisms
  • IY5511: Network Security
  • IY5512: Computer Security

Core B - Students must take the following four modules:

  • IY5501: Security Management
  • IY5502: Introduction to Cryptography and Security Mechanisms
  • IY5522: Security Technologies
  • IY5523: Secure Business Architectures

B: Options Element

Students must select two of the following modules:

  • IY5521: Legal and Regulatory Aspects of Electronic Commerce
  • IY5603: Advanced Cryptography (subject to availability)
  • IY5604: Database Security
  • IY5605: Cyber Crime
  • IY5606: Smart Cards, RFIDs and Embedded Systems Security
  • IY5607: Software Security
  • IY5609: Digital Forensics
  • IY5610: Security Testing Theory and Practice
  • IY5612: Cyber Security

C: Project Element

Students must take the following compulsory element:

  •  IY5500: Project - the project is a major individual piece of work. It can be of academic nature and aim at acquiring and demonstrating understanding and the ability to reason about some specific area of information security.

D: Tracks

A student may optionally register for one of the following six tracks. These constrain the choices of the student in the following ways:

Core Mandatory Options Project
Cybercrime Core A IY5605 & IY5609 Related to Cybercrime
Smartcards and RFID/NFC Core A IY5606 Related to Smartcards or RFID/NFC
Cyber Security Core A or Core B IY5612 Related to Cyber Security
Security Testing Core A IY5610 Related to Security Testing
Digital Forensics Core A IY5609 Related to Digital Forensics
Secure Digital Business Core B IY5521 Related to Secure Digital Business

On completion of the course graduates will have a solid foundation in:

  • the essential concepts, methods and approaches of information security
  • the main security issues in the development of digital business activities
  • the technical, legal and commercial issues that need to be addressed when assessing the information security needs of an organisation
  • the organisational and personal issues that need to be addressed when implementing information security within an organisation
  • the potential sources of vulnerability within an information system and the possible implications of failing to counter these with adequate security controls
  • the appropriate countermeasures to information security threats and the likely implications of their adoption
  • the relevance and impact of new developments in information security threats, technologies and controls.

Print the full course specification for students first registered from September 2012 for .

Print the full course specification for students first registered in September 2011 for .

Print the full course specification for students first registered prior to September 2011 for .

View the full course specification for Information Security (MSc) in the Programme Specification Repository


Assessment is carried out by written examinations (in the four core and two elective units) and by completing the MSc Project.

Employability & career opportunities

Our graduates are highly employable and, in recent years, have entered many different information security-related areas, including banking, telecommunications, large security consultancies, public utilities, and the retail sector. This taught Masters course also equips postgraduate students with a solid foundation for continued PhD studies.


Comment on this page

Did you find the information you were looking for? Is there a broken link or content that needs updating? Let us know so we can improve the page.

Note: If you need further information or have a question that cannot be satisfied by this page, please call our switchboard on +44 (0)1784 434455.

This window will close when you submit your comment.

Add Your Feedback