Skip to main content

Information Security

Thank you for considering an application

Please click here to login and apply, or view your application.

Applicant Portal

Need help? Explore our How to Apply Page

Information Security

MSc

Course options

Key information

Duration: 1 year full time or 2 years part time

Institution code: R72

Campus: Egham

UK fees*: £14,400

International/EU fees**: £31,100

Key information

Duration: 2 years full time

Institution code: R72

Campus: Egham

UK fees*: £14,400

International / EU fees**: £31,100

View this course

The course

Information Security (MSc)

The creation, transmission and storage of huge volumes of electronic data is one of the defining features of our age. Whilst these technologies bring us untold benefits, they also expose businesses, governments and individuals to repeated threats, such as fraud through data manipulation, deliberate sabotage and blackmail. As a result, businesses, governments and individuals around the world rely on the expertise and innovations of information security specialists, without which global communications systems would grind to a halt.

Want to join this expanding field and learn from the very best? Our flagship Information Security programme was the first of its kind in the world. It is certified by GCHQ, the UK Government Communications Headquarters, and taught by academics and industrial partners in one of the largest and most established Information Security Groups in the world. We are a UK Academic Centre of Excellence for cyber security research, and an Engineering and Physical Sciences Research Council (EPSRC) Centre for Doctoral Training in cyber security. We work closely with industry, and much of our curriculum and research is informed and audited by the industry itself. Our teachers are specialists in the field, with backgrounds in computer science, engineering, mathematics, statistics and the social sciences.

Our broad curriculum encompasses cryptography, fraud detection, system security, network security, device security and the study of how security itself should be managed. You will learn about the technical, legal and commercial aspects of the industry and have the chance to complete a supervised dissertation on a topic of your choice. In a typical year you could benefit from lectures and seminars given by as many as 50 different guest speakers. You will also have access to our virtualisation software, for experimenting with network security settings and ideas, as well as to our Penetration Testing Laboratory and industry-sponsored Smart Card Centre.

We offer a friendly, supportive learning environment and you will have a dedicated personal adviser to guide you through your studies. The skills you gain will open up a range of high-level career options and provide a solid foundation if you wish to progress to a PhD. Our graduates are in demand for their cutting-edge grasp of the field as well as their technical expertise and transferrable skills such as data handling, analysis, problem solving and research. The programme can be completed in one year full-time, two years part-time, three to five years through Continuous Professional Development (CPD).


  • Equip yourself with the knowledge and skills to work at a high level in the information security industry or move into postgraduate research.
  • Our strong ties with industry mean we understand the needs of employers and can ensure that you are well prepared to enter the world of work.
  • We have a strong track record of helping graduates into successful, high-level careers in a wide range of sectors.
  • Our MSc Information Security has been awarded GCHQ- certified status

From time to time, we make changes to our courses to improve the student and learning experience. If we make a significant change to your chosen course, we’ll let you know as soon as possible.

Core Modules

  • In this module you will develop an understanding of the need for effective security management. You will look at alternative security strategies and examine methods for responding to security management problems. You will critically evaluate different approaches and consider security management requirements. Sessions will be delivered by a combination of security practitioners, information managers and academics and you will be encouraged to actively discuss the subject matter, engaging in an online discussion forum.

  • In this module you will develop an understanding of the uses of cryptography. You will look at the basic cryptographic mechanisms used to provide core security services and examine differences between them, identifying situations in which they are most usefully employed. You will consider the issues that need to be addressed to secure an application, and evaluate the limitations of cryptography and methods for supporting it within a full security architecture.

  • You will carry out a major individual piece of work. It can be of academic nature focussing on a specific area of information security, or may document the ability to deal with a practical aspect of information security. You will produce a well-structured report of between 10,000 and 20,000 words, with introduction, motivation, analysis and relevant references to existing work.

Optional Modules

There are a number of optional course modules available during your degree studies. The following is a selection of optional course modules that are likely to be available. Please note that although the College will keep changes to a minimum, new modules may be offered or existing modules may be withdrawn, for example, in response to a change in staff. Applicants will be informed if any significant changes need to be made.

  • In this module you will develop an understanding of legal and regulatory risk management in the field of information security and secure e-commerce. You will look at legal obligations and liabilities between private parties, and the implications of government regulations for corporate risk management. You will examine law regulation and liability, voluntary obligations, legal treatment of dematerialised documents and problems of form, involuntary obligations such as negligence, understanding and managing multi-jurisdiction legal and regulatory risk where the laws of several countries apply simultaneously, and the legal treatment of electronic and digital signature systems. You will also consider intellectual property and associated risks, and the basics of data protection and privacy law.

  • In this module you will develop an understanding of computer crime and its history, looking at legal measures such as computer misuse, data protection, criminal damage, software piracy, forgery, and investigative powers. You will examine case studies with emphasis on investigations into hacking, computer misuse and forensics, considering malware such as computer viruses, denial of service attacks and trojan horses. You will also gain an insight into issues that may arise in the future for example, the expansion of the internet, pornography, unsuitable material, and social engineering.

  • In this module you will develop an understanding of the applications of smart cards and security tokens and their use as assets in cyber security. You will look at the constituent components of common systems, analysing strengths and weaknesses in their manufacture and potential risks and security safeguards. You will consider the range of campabilities of SIM cards in smartphones and the main standards and applications of smarts cards for banking and finance. You will also examine the role of embedded smart card and RFID technology for passports, identity cards, and satellite TV, and the security measures that have protected past and current cards.

  • In this module you will develop an understanding of the importance of security in the development of applications. You will look at poor programming practices and how they can be exploited, leading to catastrophic security breaches. You will consider the threat posed by malicious software and examine some of the newer research trends that are likely to influence software security work in the coming years.

  • In this module you will develop an understanding of the foundations and theoretical underpinnings of how data is generated, stored, transmitted, and used as evidence. You will look at the methods used for the collection and analysis of digital evidence, and consider how the integrity of the underlying data is maintained. You will examine the general and UK legal requirements for data storage, and consider the frameworks for the handling and processing of such evidence.

  • In this module you will develop an understanding of the common approaches and methodologies used for carrying out and managing security and penetration testing, including legal requirements for such audits. You will look at network protocols, relevant computer system architectures, and web application systems, considering their vulnerabilities, common forms of attack, and security technologies designed to mitigate these. You will gain practical experience of exploiting vulnerabilities to penetrate a system, learning how to design secure systems and defend them against intrusion.

  • In this module you will develop an understanding of the key areas of cyber security, with a particular focus on the critical national information (CNI) infrastructure. You will look at fault and attack models for information and cyber-physical systems, considering variants of attack trees. You will analyse large-scale networks and their robustness for both random failures and deliberate attacks, evaluating how key elements of the CNI, such as the internet and power and transport infrasturctures, can be captured by such models. You will also examine case studies of attacks by state actors and security problems in control systems protocols.

  • In this module you will develop an understanding of the cultural, societal, political, psychological, and ethical implications of information security and privacy. You will explore the relationships between people and information systems from the perspective of security and privacy. You will critically reflect upon different methodologies that may assist security professionals in developing approaches to ensure that individuals make informed decisions about security and privacy. Sessions will be delivered by a combination of security and privacy practitioners, information managers and academics and you will be encouraged to actively engage in class discussions.

We use a range of teaching methods, including seminars, lectures and practical lab work. There is a strong focus on small group teaching. The programme has a flexible, modular structure, combining a supervised dissertation and mandatory courses that together make up 120 of the 180 credits required to pass, with a range of optional modules on specialist topics, worth 20 credits each.

Assessment is through a combination of end-of-year examinations sat in May or June and the written dissertation, which has to be submitted in September.

2:2

UK Honours degree or equivalent in any subject.

International & EU requirements

English language requirements

  • IELTS: 6.5 overall. No subscore lower than 5.5.
  • Pearson Test of English: 61 overall. No subscore lower than 51.
  • Trinity College London Integrated Skills in English (ISE): ISE III.
  • Cambridge English: Advanced (CAE) grade C.
  • TOEFL iBT: 88 overall, with Reading 18 Listening 17 Speaking 20 Writing 17.
  • Duolingo: 120 overall and no sub-score below 100.

By the end of this programme you will possess the knowledge and skills to pursue a career as a cybersecurity professional, and an ideal basis for moving on to further postgraduate research if you prefer. You will have an advanced knowledge and understanding of the latest breakthroughs and techniques, as well as key challenges and opportunities in the field. This programme will also give you valuable transferable skills such as advanced IT skills, data handling, analysis, research, communication, problem solving, time management, adaptability and self-motivation.

Our graduates are highly employable and in recent years they have gone on to forge successful careers in a wide range of sectors, including: banking, telecommunications, security consultancies, the civil service, public utilities and the retail sector.

You will be assigned a personal advisor to guide you through your studies and advise you on further postgraduate opportunities. The campus Careers team will be on hand to offer advice and guidance on your chosen career and runs regular sessions on finding summer internships or vacation employment and securing employment after graduation.

Home (UK) students tuition fee per year*: £14,400

EU and international students tuition fee per year**: £31,100

Other essential costs***: There are no single associated costs greater than £50 per item on this course.

How do I pay for it? Find out more about funding options, including loans, grants, scholarships and bursaries.

* and ** These tuition fees apply to students enrolled on a full-time basis in the academic year 2025/26. Students studying on the standard part-time course structure over two years are charged 50% of the full-time applicable fee for each study year.

Royal Holloway reserves the right to increase all postgraduate tuition fees annually. Be aware that tuition fees can rise during your degree (if longer than one year’s duration), and that this also means that the overall cost of studying the course part-time will be slightly higher than studying it full-time in one year. The annual increase for continuing students who start their degree in 2025/26 will be 5%.  For further information, see the  fees and funding , and terms and conditions.

** This figure is the fee for EU and international students starting a degree in the academic year 2025/26. Find out more 

*** These estimated costs relate to studying this particular degree at Royal Holloway during the 2025/26 academic year, and are included as a guide. Costs, such as accommodation, food, books and other learning materials and printing, have not been included.

Accreditation

National Cyber Security Centre (NCSC)

This course is accredited by the National Cyber Security Centre (NCSC). This means your qualification is recognised in the industry, giving you a competitive edge when applying for jobs.

)

Explore Royal Holloway