MSc Information and Cyber Security

The MSc has a three-part structure, with a mandatory core element with four modules, an optional element where two modules are selected, and a mandatory project element that demonstrates research capability..

The Core Element

These are mandatory courses which all students must take on the programme.

• Applied Security Management: This applied security management module explores how effective information security management works within organisations and across society. Through a core that engages with established information security management standards and texts, scenario-based investigation, and critical analysis, a foundation is provided to identify the opportunities and challenges of information security management. This is complemented by deep-dives into contemporary topics to explore cutting-edge applications of information security management.
• Introduction to Cryptography and Security Mechanisms: The aim of this module is to introduce the core technologies used to support cybersecurity, including cryptography. The module discusses the precise role of these technologies, as well as how they integrate with wider cybersecurity systems.
• Cyber Entrepreneurship and Practice: Cyber Entrepreneurship and Practice is a practical module designed to equip MSc Information and Cyber Security students with the entrepreneurial mindset, industry awareness, and applied skills needed to thrive in today’s dynamic cybersecurity landscape. This module bridges academic study with real-world application, introducing students to the daily practices, challenges, and innovations within the cybersecurity profession.
• Research Methods: The main goal of this module is to provide students with the tools they need to complete an excellent MSc project. Topics covered include how to use the literature, an introduction to qualitative and quantitative research methods, and guidance on structuring and writing an MSc dissertation.

The Options Element

In the second term, students can select two optional modules. Below are indicative modules, which may change according to resourcing and demand.

• AI Security: This module introduces students to the emerging field of AI Security, covering both how AI can enhance cybersecurity and how AI systems themselves can be secured.
• Cybercrime: The aim of this module is to provide a broad understanding of the cybercrime environment by combining economic, technical, political, legal, psychological, cultural, and behavioural angles of cybercrime.
• Digital Forensics: As digital evidence plays an increasingly vital role in legal and regulatory contexts, the demand for skilled forensic practitioners continues to grow. This module addresses that demand by integrating core forensic principles with contemporary tools and techniques.
• Fundamentals of Computer and Network Security: This module is concerned with technical security mechanisms in digital networks and modern operating systems. A key aspect of the module is its focus on presenting highly technical concepts in an accessible way, enabling students to abstract and distil complex ideas, apply them effectively, and articulate them clearly.
• Legal and Regulatory Aspects of Information Security: This module will consider fundamental legal concepts and rules which apply to the practice of information security. The goal is to prepare the (non-lawyer) cybersecurity practitioner to engage productively in the legal risk management process.
• Secure and Trustworthy Embedded Technologies in Autonomous Systems: This module provides a comprehensive, state-of-the-art exploration of secure and trustworthy embedded technologies within autonomous systems. It equips students with deep technical insight into embedded and cyber-physical devices such as smart cards, secure elements, Trusted Platform Modules (TPMs), Trusted Execution Environments (TEEs), and Internet of Things (IoT) platforms.
• Social Foundations of Security and Privacy: This module is positioned within the social sciences, taking a ground-up approach to understanding and discussing information security and privacy: starting from the perspective of different groups of people, communities, social settings and contexts.
• Usable Security and Privacy: This module aims to bridge between the science and practice of information and system security, and human aspects of cybersecurity and privacy. We will cover different aspects of tackling real-world problems by identifying the gaps caused by the lack of multi/inter-disciplinary approaches across disciplines including computing and social sciences.

The Project Element

The MSc in Information and Cyber Security project is a major individual piece of work that is a compulsory element of the degree. It can be of academic nature and aim at acquiring and demonstrating understanding and the ability to reason about a specific area of information security. Alternatively, the project work may document the ability to deal with a practical aspect of information security.

The delivery modes enable very flexible ways of studying the MSc on our unique campus, with entry each September.

• Full-time (1 year): Students attend the majority of their lectures, seminars and tutorials during the Autumn and Spring terms. Students spend the summer focused on their project.
• Part-time (2 years): A 'typical' part-time student will attend one to two days per week in term over two years. Over this period students attend exactly the same lectures and tutorials as full-time students but with flexibility to balance study with other commitments.
• Block mode (3 to 5 years): This mode is ideal for students in full-time employment who find it easier to take individual weeks away from work instead of attending each week. Each module is taught in a one-week block, so students only have to be on campus for the specific weeks when the module is run.

Please click on the below link to see up to date details on entry requirements (including English language), course fees, and scholarships available.

"The MSc Information & Cyber Security stands out by combining academic rigour with real-world practice, delivering high professional impact for graduates."

The MSc Information and Cyber Security (Year-in-Industry) is a two-year master's programme that combines academic excellence with real-world experience in the world-class UK cyber security industry.

In your first year, you will study alongside students on the standard MSc Information and Cyber Security programme (see information above).

The second year of the programme is where theory meets practice. You will find and take up a full-time, paid cyber security related placement within the UK, offering you the opportunity to apply your academic knowledge in a professional information and cyber security setting. The placement is formally assessed and contributes to the final degree award.

Before starting your placement, you will submit a proposal for your project on a topic that interests you. When you return to campus, you will submit the project, combining academic learning with industry practice.

The Information Security Group (ISG) at Royal Holloway, University of London is internationally recognised and maintains strong links with the UK and international information and cyber security industry. As part of this programme, the ISG organises weekly industry talks that are delivered by leading practitioners, experts and industry leaders. This exposure gives students valuable insight into current market trends and real-world practice.

As students take the lead in securing their industry placement the ISG, with the help of the Royal Holloway Careers Service provides dedicated career support by sharing placement opportunities and offering career-focused workshops. These activities are designed to help students prepare for the industry placement and future employment.

The programme offers you:

• Professional experience through an industry placement, enabling you apply your cybersecurity learning in a real organisational setting.
• Enhanced employability by graduating with an MSc degree and up to a year of UK information and cyber security industry experience (with successful placement).
• Professional competencies like teamwork, communication, and ethical practice, attained through your engagement in the cybersecurity workplace.
• Career Readiness as you will build industry contacts, linkages and gain deeper insight intro professional roles helping you in your transition from a student to an industry professional.

Waleed specialises in AI and cybersecurity, web and network security, malware analysis, and cyber inclusivity. He is highly approachable and enjoys working closely with students, encouraging open discussion and collaboration. As Year in Industry Programme Director, he is strongly committed to supporting students’ academic and professional development and maintains close links with industry to enhance learning and career opportunities.