Rigour in Secure System Development & Assessment - COM00116M

« Back to module search

  • Department: Computer Science
  • Module co-ordinator: Dr. Rob Alexander
  • Credit value: 10 credits
  • Credit level: M
  • Academic year of delivery: 2017-18

Module will run

Occurrence Teaching cycle
A Spring Term 2017-18

Module aims

This module provides a unifying framework in which the taught content of the cyber-security programme can be brought to bear. It addresses the context for secure systems including security management and legal issues, together with rigorous approaches to assurance in such systems. It aims to equip the students with knowledge of the mechanics of how secure systems are evaluated, certified and reach deployment and provide hands on experience of processes used to evaluate security. It aims to identify crucial issues that are not yet well developed, e.g. determining return on investment.

Module learning outcomes

  • Understand the concept of assurance in system development, including how mathematical rigour can be brought to bear to achieve high assurance systems and products
  • Understand the concept of a security lifecycle and how secure systems come to be justifiably deployed.
  • Analyse threats to systems, identify and evaluate countermeasures.
  • Evaluate different approaches to risk assessment and the tradeoffs between different established approaches to evaluation.
  • Evaluate rigorous approaches to creating security cases (arguments for security) using Goal Structured Notation (GSN)
  • Be familiar with a variety of regulatory processes for secure system development evaluation and certification.
  • Understand how financial return-on-investment decisions are incorporated in security judgements.


Task Length % of module mark
Technical Report
N/A 100

Special assessment rules



Task Length % of module mark
Technical Report
N/A 100

Module feedback

Students will receive oral feedback during the classroom week, and written feedback on their assessment submission.

Indicative reading

David Brewer, An Introduction to ISO/IEC 27001:2013. BSI, 2013.

The information on this page is indicative of the module that is currently on offer. The University is constantly exploring ways to enhance and improve its degree programmes and therefore reserves the right to make variations to the content and method of delivery of modules, and to discontinue modules, if such action is reasonably considered to be necessary by the University. Where appropriate, the University will notify and consult with affected students in advance about any changes that are required in line with the University's policy on the Approval of Modifications to Existing Taught Programmes of Study.