Postgraduate Course: Work-based Professional Practice in Cyber Security (INFR11191)
|School||School of Informatics
||College||College of Science and Engineering
|Credit level (Normal year taken)||SCQF Level 11 (Postgraduate)
||Availability||Not available to visiting students
|Summary||This course is work-based and is focused on the real-world application of cyber security in a workplace environment. It includes experiencing how information and risk, threats and attacks, cyber security architecture and operations, secure systems hardening and usability and cyber security management are applied to provide resilience in a workplace organisational environment. Students who do this course will obtain practical experience in the design, implementation, and evaluation of cyber security approaches.
This course provides graduate apprenticeship students with a holistic approach to cyber security, privacy and trust. It is a key stage in the learning and development strategy of the graduate apprenticeship programme in cyber security. It is project based, introduced in the university and facilitated in the workplace around work-based projects.
This is a work-based learning course worth 20-credits. Students undertake work-based application throughout the GA programme and are expected to spend around 200 hours in total on this course. The University Student-Led Individually Created Course (SLICC) approach will be planned to cover the graduate apprenticeship students working with their specific employers and the work will directly link to their own contexts in the workplace.
The main topics are: the application of cyber security re-search techniques, developing an understanding of the application of cyber security operations to business environments. In addition, this course covers the meta-skills required to operate in a professional environment including graduate attributes for: lifelong learning, aspiration and personal development, outlook and engagement, research and enquiry, personal and intellectual autonomy, personal effectiveness and communication in both university and the workplace.
The year 1 courses in cyber security are applied to real world cyber security problems and projects.
Students will be directed in their learning using the SLICC approach. They will plan, propose, carry out, reflect on and evaluate a cyber security study from their own work context in cyber security. The SLICC framework requires that students use the generic learning outcomes to articulate their learning in their own defined project, reflect frequently using a blog, and collect and curate evidence of their learning in an e-portfolio. They receive relevant formative feedback on the Reflective Report, which forms the summative assessment. All this is with the guidance of a professional practice academic tutor.
The course will encourage appraisal of students' own practical experiences in cyber security and allow them to reflect on their learning in the context of cyber security.
Note: this course is not a stand-alone introduction to applied cyber security and can only be delivered as part of the Graduate Apprenticeship in cyber security.
* Information and risk: including confidentiality, integrity and availability (CIA); concepts such as probability, consequence, harm, risk identification, assessment and mitigation; and the relationship between information and system risk.
* Threats and attacks: threats, how they materialise, typical attacks and how those attacks exploit vulnerabilities.
* Cyber security architecture and operations: physical and process controls that can be implemented across an organisation to reduce information and systems risk, identify and mitigate vulnerability, and ensure organisational compliance.
* Secure systems hardening and usability: the concepts of systems hardening and usability to ensure robust, resilient systems that are fit for purpose.
* Cyber security management: understanding the personal, organisational and legal/regulatory context in which information systems could be used, the risks of such use and the constraints (such as time, finance and people) that may affect how cyber security is implemented.
* Personal & professional: the ability to communicate, problem solve and work with and lead teams.
Entry Requirements (not applicable to Visiting Students)
|| Students MUST have passed:
Research Methods in Security, Privacy, and Trust (INFR11188)
||Other requirements|| This course is not a stand-alone introduction to applied cyber security and can only be delivered as part of the Graduate Apprenticeship in Cyber Security. Graduate apprenticeship students must have completed all year 1 courses of the Graduate Apprenticeship in Cyber Security, core courses including: Research Methods in Security, Privacy Trust (INFR11188).
Course Delivery Information
|Academic year 2020/21, Not available to visiting students (SS1)
||Block 5 (Sem 2) and beyond
|Learning and Teaching activities (Further Info)
Lecture Hours 5,
Feedback/Feedforward Hours 5,
Summative Assessment Hours 50,
Programme Level Learning and Teaching Hours 4,
Directed Learning and Independent Learning Hours
|Assessment (Further Info)
|Additional Information (Assessment)
||Written Exam 0%
Practical Exam 0%
An SLICC is assessed via three key components, a self-reflective report, an agreed portfolio of outputs and a formative self-assessment.
Self-critical Final Reflective Report (100% weighting) - The reflective report is the key component of the assessment. Apprentices are expected to document and demonstrate active self-critical reflection and responses to the application of their learning throughout experience. It is essential that the report is linked to and draws upon the e-portfolio of evidence of learning. Maximum word limit is 3000 words.
E-portfolio of evidence - At the proposal approval stage for the work-based professional practice, the work-based tutor/advisor will discuss and agree with what outputs and information need to be created, collated and submitted in the e-portfolio. This e-portfolio will support and provide evidence for the learning and development of skills throughout the programme. The e-portfolio should be constructed throughout the duration of the learning experience, demonstrating evolution, iteration and progress over-time. It must include a regular reflective blog diary. It may contain other evidence, which may take many forms including photographs, documents, reports, feedback, video, podcasts, etc.
Formative Self-Assessment - An important component of the final submission, in addition to the ability to self-critically reflect on work place experience, is to demonstrate an understanding of the achievements made in the work-based application of the GA Cyber Security learning through graded self-assessment. In the self-assessment apprentices are required to demonstrate the alignment of the grades that they have provided for each learning outcome to the justification for them, and where this is evidenced within the e-portfolio.
|No Exam Information
On completion of this course, the student will be able to:
- Demonstrate an understanding of the cross-disciplinary nature of cyber security, and the complexities, challenges and wider implications of the contexts in which cyber security problems occur in the workplace.
- Draw on and apply relevant cyber security approaches, tools and frameworks for cyber security enquiry to different settings in real world situations.
- Review, develop and apply skills and attributes (academic, professional and/or personal) in graduate attributes, including lifelong learning, aspiration and personal development, outlook and engagement, research and enquiry, personal and intellectual autonomy, personal effectiveness and communication in both university and the workplace.
- Frame and address cyber security business problems, questions and issues as a cyber security project, being aware of the environment and context in which the problem exists.
- Review, evaluate and reflect upon knowledge, skills and practices in cyber security.
|Bolton, G. 2010. Reflective Practice: Writing and Professional Development. 3rd Ed. London: Sage|
Boud, D., Keogh, R. and Walker, D. 2005. Reflection: Turning Experience into Learning.
Oxon: Routledge Falmer Fook, J. and Gardner, F. 2007. Practising critical reflection : a resource handbook Maidenhead: Open University Press
Kolb D.A. 1984.Experiential learning : experience as the source of learning and development New Jersey: Prentice Hall
Moon, J.A. (2006). Learning journals: a handbook for reflective practice and professional development (2nd edition). Abingdon: Routledge.
Mumford, J. and Roodhouse, S. (eds.) (2012). Understanding work based learning. Farnham: Gower.
Tarrant, P. (2013). Reflective practice and professional development. London: SAGE
Williams, K., Woolliams, M. and Spiro, J. 2012. Reflective writing Basingstoke: Palgrave Macmillan
|Graduate Attributes and Skills
||Development of graduate attributes are a key component of a graduate apprenticeship. In this course there is specific reference to the development and application of skills and attributes (academic, professional and/or personal), including and lifelong learning, aspiration and personal development, outlook and engagement, research and enquiry, personal and intellectual autonomy, personal effectiveness and communication in both university and the workplace.
||This course is not a stand-alone introduction to applied cyber security and can only be delivered as part of the Graduate Apprenticeship in Cyber Security.
|Keywords||Cyber Security,Graduate Apprenticeship
|Course organiser||Dr Heather Yorston
|Course secretary||Ms Lindsay Seal
Tel: (0131 6)50 2701