Introductory description

This module provides a foundational understanding of cyber security, equipping students with the essential principles, concepts, and practices necessary to navigate and respond to today’s digital threat landscape. Students will explore the interdisciplinary nature of cyber security, examining how technology, law, policy, and psychology intersect to protect systems, data, and services from unauthorised access or harm. Core topics include the principles of information security—confidentiality, integrity, and availability—alongside supporting concepts such as authenticity and accountability. Students will also gain insight into key objectives such as risk reduction, system resilience, and the mitigation of common security failures through real-world case studies and examples.

In addition, the module offers practical and conceptual engagement with the lifecycle of a cyber-attack, from initial reconnaissance to persistent access, using well-established frameworks such as MITRE ATT&CK, the Cyber Kill Chain, attack trees, and attack graphs. Students will develop the skills to model and understand adversary behaviour and apply a range of tools and techniques used by attackers—within a controlled, legal, and ethical context. By engaging with foundational security design principles and risk management strategies, students will learn how to identify vulnerabilities, manage threats, and design systems that are secure by design. This comprehensive introduction lays the groundwork for further study and professional practice in the field.

Module aims

Outline syllabus

This is an indicative module outline only to give an indication of the sort of topics that may be covered. Actual sessions held may differ.

This module introduces the fundamentals of cyber security, a field focused on protecting computer systems, networks, and data from unauthorised access. Students will explore core concepts like the CIA triad (Confidentiality, Integrity, and Availability) and related principles such as Authenticity and Accountability.

The course covers the objectives of cyber security—prevention, detection, and response—and examines common cyber attacks using frameworks like the Cyber Kill Chain and MITRE ATT&CK. Students will analyse real-world security failures and learn about risk management, including threat modelling.

The module also teaches foundational security design principles like least privilege and defence-in-depth, promoting a security-by-design mindset to build more resilient digital infrastructures.

Learning outcomes

By the end of the module, students should be able to:

• Identify tools, techniques and procedures which are associated with common attacks within the context of cyber-space. → [CITP: 2.1.1, 2.1.5, 2.1.7, 2.2.2]
• Compare and contrast the effectiveness of the relevant tools, techniques and procedures of a given cyber-attack framework when employed against a given target system. → [CITP 2.1.5, 2.1.7, 2.2.2]
• Demonstrate the ability to comprehend primitives, techniques and procedures which may be used by cyber adversaries.. → [CITP 2.1.1, 2.1.5, 2.1.7, 2.2.2, C7]
• Demonstrate the ability to communicate complex cyber-attack primitives to lay audiences concisely, clearly, and professionally → [CITP 2.3.2, C7]

Indicative reading list

Reading lists can be found in Talis

Specific reading list for the module

Subject specific skills

• Select and apply appropriate tools, techniques and procedures related to specific parts of the Cyber Kill Chain.
• Identify tools, techniques and procedures that could be used to mitigate and remediate the actions of an adversary.
• Respond appropriately to situations that challenge legal, ethical and reputational values.

Transferable skills

Problem solving, critical thinking, creativity, analytical and ethical reasoning