Skip to main content

Information Security with a Year in Industry

Search Royal Holloway

Information Security with a Year in Industry

MSc
  • Option 2 years full time
  • Year of entry 2021
  • Campus Egham

The course

This course has a January 2021 start date available. For more information please see the Flexible learning 2020/21 page.

Our two-year Information Security programme with a year in industry will equip you with the knowledge and skills you need to join the rapidly expanding field of information security. We will prepare you to work at the forefront of some of the most exciting developments in 21st century technology. You will gain first-hand experience of working in professional teams and applying your academic studies to real-world problems and scenarios. The mass creation, transmission and storage of electronic data is one of the defining features of our age. Whilst the associated technologies bring us untold benefits, they also expose us to threats that require the specialist skills and experience of cyber security experts.

Our postgraduate Information Security programmes were the first of their kind in the world. They are certified by GCHQ, the UK Government Communications Headquarters, and led by academics and industrial partners in one of the largest and most established Information Security Groups in the world. Our groundbreaking ISG is a UK Academic Centre of Excellence for research and home to an Engineering and Physical Sciences Research Council (EPSRC) Centre for Doctoral Training in Cyber security.

In year 1 you will learn about cryptography, fraud detection, system security, network security, device security and all the technical, legal and commercial aspects of the industry, including how security itself should be managed. Your second year will include a full-time work placement, which will attract a salary and be assessed towards your final degree. On returning to campus you will complete a supervised dissertation on a topic of your choice. If you decide not to complete the second year you can revert to the standard MSc Information Security (1221) and complete your dissertation a year early to graduate at the end of year 1.

Our academic staff are renowned specialists in the field, with backgrounds in computer science, engineering, mathematics, statistics and social sciences. You will have access to our virtualisation software for experimenting with network security settings and ideas, as well as our Penetration Testing Laboratory and industry-sponsored Smart Card Centre. 

We offer a friendly, supportive learning environment and you will have a dedicated personal advisor to guide you through your studies. The skills you gain will provide a solid foundation if you wish to progress to a PhD. Our graduates are in demand for their cutting-edge grasp of the field, their first-hand work experience, and their transferable skills such as data handling, analysis, problem solving, research, time management, team working, self-motivation and professionalism.

  • You will join a worldwide network as one of over 4,000 alumni information security professionals
  • Equip yourself with the knowledge and skills to work at a high level in the information security industry or pursue further postgraduate research.
  • Benefit from first-hand experience of the world of work during your assessed year in industry.
  • Our strong ties with industry mean we understand the needs of employers and our curriculum will ensure that you are well prepared for employment.

Core Modules

Year 1
  • In this module you will develop an understanding of the need for effective security management. You will look at alternative security strategies and examine methods for responding to security management problems. You will critically evaluate different approaches and consider security management requirements. Sessions will be delivered by a combination of security practitioners, information managers and academics and you will be encouraged to actively discuss the subject matter, engaging in an online discussion forum.

  • In this module you will develop an understanding of the uses of cryptography. You will look at the basic cryptographic mechanisms used to provide core security services and examine differences between them, identifying situations in which they are most usefully employed. You will consider the issues that need to be addressed to secure an application, and evaluate the limitations of cryptography and methods for supporting it within a full security architecture.

  • You will carry out a major individual piece of work. It can be of academic nature focussing on a specific area of information security, or may document the ability to deal with a practical aspect of information security. You will produce a well-structured report of between 10,000 and 20,000 words, with introduction, motivation, analysis and relevant references to existing work.

You will also take Core A:
  • The module is concerned with the protection of data transferred over digital networks, including computer and telecommunications networks. We review networking concepts, particularly the concepts of services and protocols, and study how services are incorporated in network communications by specifying protocols. We extend the discussion of services to address security concerns, considering how cryptographic primitives may be used to provide confidentiality, integrity and authentication services. We illustrate these concepts by considering case studies, including WEP/WPA/WPA2, GSM and UMTS, IPsec and SSL/TLS. We also study non-cryptographic countermeasures, including packet-filtering and intrusion detection.

  • In this module you will develop an understanding of the role of security mechanisms for modern computer systems, including both hardware and software. You will look at the mechanisms that are used to implement security policies, considering core concepts such as security models, subjects and objects, authorisation and access rights. You will examine the use and operation of a range of access and control methods and authentication mechanisms, such as tokens an biometrics. You will also and evaluate the main issues relating to software security and their effect on the security of computer systems, in particular, the practical implementation of access control.

or Core B:
  • In this module you will develop an understanding of the construction of information networks, specifically the architecture and operation of the internet protocol suite. You will look at the construction of a modern computer system, considering hardware and software components which support multiprocessing. You will examine the causes and potential effects of vulnerabilities that affect computer systems and identify appropriate countermeasures, including user authentication and access control mechanisms. You will evaluate authentication and key exchange protocols, such as how SSL and TLS are applied to the internet, and analyse the key security threats faced in network environments.

  • In this module you will develop an understanding of the design and implementation of security architectures in the business environment. You will look at example systems and architectures which focus on delivering security service common to many modern businesses. You will examine the concept of the security lifecycle in relation to specific security architectures, and consider the high-level components of a risk assessment and how to apply these. You will also analyse governance, risk and compliance issues related to business architectures and see how organisations manage their security policies.

Year 2
  • You will spend this year on a work placement. You will be supported by the  Information Security Group and the Royal Holloway Careers and Employability Service to find a suitable placement. This year forms an integral part of the degree programme and you will be asked to complete assessed work. The mark for this work will count towards your final degree classification.

Optional Modules

There are a number of optional course modules available during your degree studies. The following is a selection of optional course modules that are likely to be available. Please note that although the College will keep changes to a minimum, new modules may be offered or existing modules may be withdrawn, for example, in response to a change in staff. Applicants will be informed if any significant changes need to be made.

Year 1
  • In this module you will develop an understanding of legal and regulatory risk management in the field of information security and secure e-commerce. You will look at legal obligations and liabilities between private parties, and the implications of government regulations for corporate risk management. You will examine law regulation and liability, voluntary obligations, legal treatment of dematerialised documents and problems of form, involuntary obligations such as negligence, understanding and managing multi-jurisdiction legal and regulatory risk where the laws of several countries apply simultaneously, and the legal treatment of electronic and digital signature systems. You will also consider intellectual property and associated risks, and the basics of data protection and privacy law.

  • In this module you will develop an understanding of computer crime and its history, looking at legal measures such as computer misuse, data protection, criminal damage, software piracy, forgery, and investigative powers. You will examine case studies with emphasis on investigations into hacking, computer misuse and forensics, considering malware such as computer viruses, denial of service attacks and trojan horses. You will also gain an insight into issues that may arise in the future for example, the expansion of the internet, pornography, unsuitable material, and social engineering.

  • In this module you will develop an understanding of the applications of smart cards and security tokens and their use as assets in cyber security. You will look at the constituent components of common systems, analysing strengths and weaknesses in their manufacture and potential risks and security safeguards. You will consider the range of campabilities of SIM cards in smartphones and the main standards and applications of smarts cards for banking and finance. You will also examine the role of embedded smart card and RFID technology for passports, identity cards, and satellite TV, and the security measures that have protected past and current cards.

  • In this module you will develop an understanding of the importance of security in the development of applications. You will look at poor programming practices and how they can be exploited, leading to catastrophic security breaches. You will consider the threat posed by malicious software and examine some of the newer research trends that are likely to influence software security work in the coming years.

  • In this module you will develop an understanding of the foundations and theoretical underpinnings of how data is generated, stored, transmitted, and used as evidence. You will look at the methods used for the collection and analysis of digital evidence, and consider how the integrity of the underlying data is maintained. You will examine the general and UK legal requirements for data storage, and consider the frameworks for the handling and processing of such evidence.

  • In this module you will develop an understanding of the common approaches and methodologies used for carrying out and managing security and penetration testing, including legal requirements for such audits. You will look at network protocols, relevant computer system architectures, and web application systems, considering their vulnerabilities, common forms of attack, and security technologies designed to mitigate these. You will gain practical experience of exploiting vulnerabilities to penetrate a system, learning how to design secure systems and defend them against intrusion.

  • In this module you will develop an understanding of the key areas of cyber security, with a particular focus on the critical national information (CNI) infrastructure. You will look at fault and attack models for information and cyber-physical systems, considering variants of attack trees. You will analyse large-scale networks and their robustness for both random failures and deliberate attacks, evaluating how key elements of the CNI, such as the internet and power and transport infrasturctures, can be captured by such models. You will also examine case studies of attacks by state actors and security problems in control systems protocols.

  • In this module you will develop an understanding of the cultural, societal, political, psychological, and ethical implications of information security and privacy. You will explore the relationships between people and information systems from the perspective of security and privacy. You will critically reflect upon different methodologies that may assist security professionals in developing approaches to ensure that individuals make informed decisions about security and privacy. Sessions will be delivered by a combination of security and privacy practitioners, information managers and academics and you will be encouraged to actively engage in class discussions.

We use a range of teaching methods, including seminars, lectures and lab work. There is a strong focus on small group teaching and practical work. The programme has a flexible, modular structure, combining mandatory courses with a range of optional modules, optional specialist pathways that require certain module choices, a supervised dissertation, and a year in industry.

Your work placement will begin in the summer of your first year, after your examinations in May/June. You will be assigned a supervisor by your host company and they will be responsible for directing your work. You will also have an academic supervisor who will visit you to check that you are integrating successfully, assess your progress and ensure that you are being given appropriate work to do. Although the responsibility for finding a placement is ultimately yours, our Careers Service will help you to identify suitable opportunities from a large database of companies, make applications and prepare for any interviews. You will be invited to attend jobs fairs and companies will visit in year 1 to introduce their placement opportunities. We regularly highlight opportunities through our mailing lists and on social media.

Please note that progression onto a placement is conditional on good academic performance during year 1. On returning to campus after your placement in year 2 you will complete your MSc research project, to be submitted by September of that year.

Assessment is through a combination of end-of-year examinations in year 1, the written dissertation, and feedback and reports from your assessed year in industry.

Explore Royal Holloway

All undergraduates starting with us in 2020 onwards have the opportunity to take a Placement Year, which will add even more value to your studies.

There are lots of exciting ways to get involved at Royal Holloway. Discover new interests and enjoy existing ones

Heading to university is exciting. Finding the right place to live will get you off to a good start

Whether you need support with your health or practical advice on budgeting or finding part-time work, we can help

Discover more about our 21 departments and schools

Find out why Royal Holloway is in the top 25% of UK universities for research rated ‘world-leading’ or ‘internationally excellent’

They say the two most important days of your life are the day you were born, and the day you find out why

Discover world-class research at Royal Holloway

Discover more about who we are today, and our vision for the future

Royal Holloway began as two pioneering colleges for the education of women in the 19th century, and their spirit lives on today

We’ve played a role in thousands of careers, some of them particularly remarkable

Find about our decision-making processes and the people who lead and manage Royal Holloway today