Unit information: Foundations for Cyber Secure Everywhere in 2026/27

Unit name	Foundations for Cyber Secure Everywhere
Unit code	COMSM0162
Credit points	30
Level of study	M/7
Teaching block(s)	Teaching Block 1 (weeks 1 - 12)
Unit director	Professor. Awais Rashid
Open unit status	Not open
Units you must take before you take this one (pre-requisite units)	None
Units you must take alongside this one (co-requisite units)	None
Units you may not take alongside this one	N/A
School/department	School of Computer Science
Faculty	Faculty of Engineering

Unit Information

This unit comprises of three modules assessed together through a group project co-created with industry. Students apply learning from the following 3 modules in hands-on problem-solving and reflect on challenges posed by blended infrastructures and limitations of current techniques to address them.

Module 1: Fundamentals of Cyber Security

Students are exposed to fundamental topics through thematic fortnights over the course of ten weeks. Each thematic fortnight is structured with week 1 involving lectures and week 2 uses a flipped classroom approach where student groups present critique of allocated papers with lecturers acting as learning mentors.

Week 1 of each thematic fortnight involves lectures on the selected topics and discussion points initiated by the lecturer. The students are then divided into groups from different disciplinary backgrounds and each group is allocated a scientific paper on the theme. Students read and discuss the paper before week 2 and prepare a presentation to share the insights and critique of the paper to the class in a flipped classroom mode, with lecturers acting as learning mentors.

This module consists of five thematic fortnights, each covering two topics from the foundational knowledge within CyBOK:

1. Security principles; Privacy & online rights.
2. Software security; secure software lifecycle.
3. Network security; distributed systems security.
4. Hardware security; cryptography.
5. Operating systems & virtualisation security; Authentication, Authorisation & Accountability.

Module 2: Threats and Risks

Students are introduced to threats in blended, intermeshed large-scale infrastructures, current risk management and mitigation approaches and the challenges to scaling these up. The teaching takes the form of taught lectures and hands-on workshops where students work together to apply the concepts in the lectures to specific problems.

Topics include:

• Attacks and defences – how malware and attack technologies are scaling up, the factors driving adversarial behaviours and the challenges of undertaking security operations, forensics and incident management in such large-scale adversarial contexts;

• Threats arising from cross-domain nature of blended infrastructures – where data and information cross a range of platform, administrative, organisational and geographical boundaries;
• Threat modelling – including existing threat frameworks and their limitations; Risk management and assessment – perceptions of risks pertaining to large-scale infrastructures, how these impact mitigation, existing risk frameworks and their limitations;
• Connecting risk and threat profiles to policy and decision making – including understanding and countering biases in risk analysis (especially those pertaining to infrastructure critical to society)

Module 3: Human and Organisational Factors

This module provides students with an understanding of the critical role that human behaviour and psychology play in the field of cyber security. Students explore various factors that influence cyber security outcomes, e.g., social engineering, insider threats, user awareness. decision-making processes, and security culture within organisations. Through a combination of theoretical knowledge, case studies, and practical exercises, students develop the skills necessary to assess, mitigate, and manage human- and organisation-related risks in cyber security.

Topics include:

• Human behaviour in security and detecting and preventing social engineering attacks
• User Awareness and Insider Threats
• Usability and Human Centric Access Controls
• Security Culture, Decision Making, Policy and Governance

Your learning on this unit

Upon successful completion of the unit students are expected to:

1. Have knowledge of state-of-the-art in Cyber Secure Everywhere from both infrastructure, systems and software perspective as well as human, organisational and regulatory perspective.
2. Develop a deep awareness of the challenges when scaling up state-of-the-art methods to include complex IT, OT and IoT systems.
3. Have knowledge of threats to complex IT, OT and IoT systems and large scale infrastructures, current risk management and mitigation approaches and their limitations.
4. Develop skills to apply knowledge of Cyber Secure Everywhere fundamentals to real-world scenarios and critique the limitations of existing approaches.

How you will learn

Students will be actively engaged in the creation and delivery of teaching materials and learning experiences. The unit utilises a flipped classroom model where academic mentors facilitate and guide the students' learning experience.

Student will also further develop their understanding of the challenges and issues through case-studies, workshops and hands-on exercises, supported by academic mentors and facilitators

This includes guiding the selection of material, as well as presentation and delivery. There will be regular review sessions with academics in which students can discuss elements of their assessed work and receive feedback.

How you will be assessed

Tasks which help you learn and prepare you for summative tasks (formative):

Each module will provide allocated reading and guided review/critiques to develop critical reading skills. Additional hands-on supported workshops, case studies and practical sessions will enable students develop the skills necessary to assess, mitigate, and manage challenges presented by blended complex systems in cyber security.

Tasks which count towards your unit mark (summative):

Coursework (100%), comprising Group work (75%) & Individual work (25%)

The group project will be based on a large scale case study co-created with an industry stakeholder. Students will apply the learning from modules 1-3 above in hands-on problem-solving as part of the group project and use it to reflect on challenges posed by blended infrastructures and limitations of current techniques to address them. They will develop a:

1. threat model for the case study, a detailed risk analysis and mitigation plan, and analyse the strengths and weaknesses of their chosen threat modelling and risk assessment frameworks (Module 2: Threats and Risks). Students will be expected to include corporate and public policy / communication implications within this work, alongside technical analysis and mitigation. (Weighting 25%) (ILO 3, 4)
2. report critiquing the strengths and limitations of current cyber security mechanisms (Module 1: Fundamentals) in mitigating the risks. (Weighting 25%) (ILO 1, 2)
3. report on how human and organisational factor (positively or negatively) shape the the security posture of the infrastructure in the context of the case study (Module 3: Human and Organisational Factors). (Weighting 25%) (ILO 1, 3)
4. Write a 1000 word critical reflection on their own performance and that of their group members, which will be utilised to differentiate (if appropriate) between group members’ performance (Weighting 25%).

When assessment does not go to plan

If students do not pass an individual assessment, an equivalent (different) assessment will be set by the unit director.

For group work, if the reflective logs highlight an unequal contribution by the students and therefore it would be unfair to award all students within the group the same mark, the marker will hold a meeting with relevant students to assess their understanding of the topic. Where exceptional circumstances mean that a student cannot participate in this summative group work, an equivalent piece of work will be set which would require an in-depth study of two contrasting approaches from literature through their application to a suitably sized case study and a report.

As the formative assessments in each of the units involve group work the students will still be able to gain relevant group work skills and meet the programme level ILOs even if they cannot complete a summative group work assessment in group work mode due to exceptional circumstances.

Resources

If this unit has a Resource List, you will normally find a link to it in the Blackboard area for the unit. Sometimes there will be a separate link for each weekly topic.

If you are unable to access a list through Blackboard, you can also find it via the Resource Lists homepage. Search for the list by the unit name or code (e.g. COMSM0162).

How much time the unit requires
Each credit equates to 10 hours of total student input. For example a 20 credit unit will take you 200 hours of study to complete. Your total learning time is made up of contact time, directed learning tasks, independent learning and assessment activity.

See the University Workload statement relating to this unit for more information.

Assessment
The assessment methods listed in this unit specification are designed to enable students to demonstrate the named learning outcomes (LOs). Where a disability prevents a student from undertaking a specific method of assessment, schools will make reasonable adjustments to support a student to demonstrate the LO by an alternative method or with additional resources.

The Board of Examiners will consider all cases where students have failed or not completed the assessments required for credit. The Board considers each student's outcomes across all the units which contribute to each year's programme of study. For appropriate assessments, if you have self-certificated your absence, you will normally be required to complete it the next time it runs (for assessments at the end of TB1 and TB2 this is usually in the next re-assessment period).
The Board of Examiners will take into account any exceptional circumstances and operates within the Regulations and Code of Practice for Taught Programmes.