Cyber Security
G. Audit, Assurance and
7 Assessment of Applications 1 Assessment Panel process
7.2 Applications with a borderline fail on only one criterion
If an application is a ‘borderline’ fail on only one criterion – namely, a score of 2.9 is achieved on one criterion with all other criteria scoring 3.0 or higher – then at the discretion of the Assessment Panel the HEI will be contacted by GCHQ after the Panel meeting and given 20 working days to re-submit a revised version of the relevant section. The Panel will then consider the new information provided by the HEI with the aim of responding to the HEI with the Panel’s decision within a further 30 working days. It must be stressed that the Panel’s decision is final and there will be no further opportunity to consider the application until the next Call for applications is issued.
Page 48 of 60
Appendix D: Required structure of application for Provisional certification
This appendix provides details of the information that applicants should provide with their application for Provisional certification along with the criteria that will be applied.Applicants should refer to sections 3.4 (page 9) and 3.4.2 (page10) which describe the requirements for an application for Provisional certification to be in scope.
Applicants should also refer to Appendix E which provides advice and guidance on writing and submitting applications.
Please note that an HEI should submit one application per Integrated Master’s degree against this Call. An HEI can submit more than one Integrated Master’s degree for certification against this Call if the HEI believes that more than one of its Integrated Master’s degrees meets the criteria below. Each application for Provisional certification should comprise the following five sections:
1. ‘Institution’s letter of support for the application’ (up to one side of A4). 2. ‘Description of the applicant’ (up to seven sides of A4, excluding CVs)
3. ‘Description of the Integrated Master’s degree in Cyber Security’ (up to fifteen sides of A4, excluding the module descriptions)
4. ‘Assessment materials’ (up to ten sides of A4, excluding copies of examination papers and copies of information provided for coursework)
5. ‘Individual cyber security projects and dissertations: process description’ (up to five sides of
A4)
Documents should be in Word or pdf format with the font size no smaller than 10pt. Unless
specifically asked for, additional pages and other material in addition to that outlined above will not be read and will not therefore form part of the assessment for certification. All information provided will be treated confidentially and used only for the purposes of assessing applications.
1 HEI’s letter of support for the application
Please provide a signed letter from the Vice Chancellor (or equivalent) showing support for the HEI’s application to have an Integrated Master’s degree in Computer Science and Cyber Security
considered for certification by GCHQ.
For those Integrated Master’s degrees that have not yet started, it is important that the HEI confirms the start date for the Integrated Master’s degree and that the degree will start by (up to and
including) October 2017.
For those Integrated Master’s degrees that meet the requirements for Full certification to be applied for, it is important that the HEI confirms that it has chosen to submit an application for Provisional certification and also provides its reasons for making a Provisional application.
Page 49 of 60
2 Description of the applicant
Please ensure that you cover the following points:
a. The names and structure of the department(s)/group(s)/school(s) responsible for the Integrated Master’s degree together with the names, seniority and roles of the members of staff responsible for delivering the degree content, setting and marking examinations, supervising projects, etc. It would be helpful to identify those members of staff responsible for delivering the computer science part of the Integrated Master’s, those staff responsible for the cyber security part, and those staff who straddle both areas.
b. Please describe any recent investments from the HEI, government, industry etc. in the groups running the Integrated Master’s degree programme.
c. Please describe any external linkages that add value to the Integrated Master’s degree: e.g., visiting lecturers with specialist knowledge from other academic departments, government or industry; projects suggested, and monitored, by industry; etc.
d. Please describe the process used to review and re-new the course content in order to keep it up to date, for example: how often is the course content reviewed, by whom, and what external advice is taken (e.g., industrial advisory boards).
e. Please describe the facilities available to Integrated Master’s students in general and those dedicated to students undertaking the Integrated Master’s degree specifically, for example: computer laboratories, dedicated equipment, library (access to text-books), on-line journal subscription (for research dissertations), etc.
e. For each member of staff named above please provide a CV (up to 2 pages in length) which provides details of:
academic background
knowledge and expertise in computer science and/or cyber security – e.g., references to recent publications, working with industry and/or government
esteem indicators – e.g., editorships, invited talks, membership of national and international advisory groups
etc.
CVs should go in an appendix to section 2.
2.1 Criteria to be applied
i. There should be a coherent team responsible for delivering the Integrated Master’s, with clear roles and responsibilities.
ii. The team members delivering the modules, setting the examinations and marking papers should have the appropriate technical knowledge and skills.
iii. The team should be well supported by the HEI. It would be desirable to see that the Integrated Master’s has valuable external linkages.
iv. There should be a well-defined process for keeping the Integrated Master’s degree up to date which takes account of appropriate internal and external advice.
v. Students undertaking the Integrated Master’s should have access to well-equipped modern computer laboratories with easy access to information on the latest developments in computer science and cyber security.
Page 50 of 60
3 Description of the Integrated Master’s degree in Cyber Security
Please ensure that you cover all of the points in sections 3.1 to 3.3.
3.1 Overall structure of the Integrated Master’s
Please provide a high-level description of the Integrated Master’s degree. This should include, for example:
the name of the degree and the specific degree awarded (e.g., MComp, MEng, MSc etc.)
the objectives and expected learning outcomes of the degree as a grounding for an Integrated Master’s qualification
how the degree satisfies the QAA qualification framework for Master’s level
how the degree satisfies the QAA credit framework for Integrated Master’s – for example, minimum 480 credits overall with a minimum of 120 credits at level 7
the number of academic years the degree has been running and whether it is being delivered in academic year 2015 – 2016
the overall structure of the degree – e.g., the set of taught modules, which modules are core and which are optional, the number of credits awarded for each module, the number of credits awarded for individual project(s) and dissertation(s)
a table similar to Table 1 on page 8 that shows the credit allocation to computer science and cyber security across the years of the degree
a description of how the degree is structured to accommodate part-time students, if applicable
3.2 Structure of the computer science component
a. For the computer science part of the Integrated Master’s, please provide a table (Table 3.1) that shows for each taught module:
whether the module is core or optional
the member(s) of staff delivering the module
which Computer Science Subject Areas (1 to 10, Appendix B) the module covers – if it does not cover a Subject Area please state NONE
the number of credits in the module and its level
the percentage of the module addressing the Subject Areas
the number of credits in the module that can be considered to be addressing the Subject Areas – obtained from the product of the 3rd and 4th bullet points
Module (core/optional) Member(s) of staff Computer Science Subject Area(s) covered (1 to 10) Number of credits in module and level Estimated percentage of module addressing Subject Estimated number of credits in module addressing
Page 51 of 60
Area(s) Subject Area(s)
Module 1 ….. Module n
Table 3.1
b. Based on the above information, please provide:
the total number of computer science taught credits in the degree
the total number of computer science taught credits addressing Subject Areas 1 to 10
Where students have a choice of optional modules (e.g., any 2 modules from a set of 5), please do not sum the credits from all of the optional modules but only the number that students would actually choose. It may help to refer to point 3.2e below regarding
pathways.
c. For each module that addresses a Computer Science Subject Area, please provide a module description to include the syllabus/topics covered and the expected learning outcomes. Please include in each module description a list of the Subject Areas and Indicative Topics (Appendix B) that the module covers and the level(s) at which they are covered. The module descriptions should be placed in an appendix to section 3.
d. With reference to Subject Areas 1 to 10 in Appendix B, please provide an overview of how the topic coverage required for the Computer Science part of the Integrated Master’s is achieved by completing a table (Table 3.2) of the following form covering Subject Areas 1 to 10.
Computer Science Subject Area Indicative
Level
Module(s) in which topics in Subject Area are covered
Level at which Subject Area is covered
1. Algorithms and Complexity 4/5
2. Architecture and organisation 4/5
3. Discrete structures 4/5
4. Information management 4/5
5. Networking and
Page 52 of 60 6. Operating systems 4 to 6 7. Programming languages 4 to 6 8. Software development fundamentals 4/5 9. Software engineering 5/6 10. Systems fundamentals 4/5 Table 3.2
e. For the Computer Science component of Integrated Master’s degrees with core and optional modules please identify the permitted combinations of core and optional taught modules that DO cover all of the Subject Areas at the required level.
3.3 Structure of the cyber security component
a. For the Cyber Security part of the Integrated Master’s, please provide a table (Table 3.3) that shows for each taught module:
whether the module is core or optional
the member(s) of staff delivering the module
which Security Discipline(s) (Appendix B) the module covers – if it does not cover a Security Discipline please state NONE
the number of credits in the module and its level
the percentage of the module addressing the Security Disciplines
the number of credits in the module that can be considered to be addressing the Security Disciplines – obtained from the product of the 3rd and 4th bullet points
Module (core/optional) Member(s) of staff Security Discipline(s) covered (A to H) Number of credits in module and level Estimated percentage of module addressing Security Disciplines Estimated number of credits in module addressing Security Disciplines Module 1 ….. Module n
Page 53 of 60
Table 3.3
b. Based on the above information, please provide:
the total number of cyber security taught credits in the degree
the total number of cyber security taught credits addressing the Security Disciplines A to H
Where students have a choice of optional modules (e.g., any 2 modules from a set of 5), please do not sum the credits from all of the optional modules but only the number that students would actually choose. It may help to refer to point 3k below regarding pathways.
c. For each module that addresses a Security Discipline, please provide a module description to include the syllabus/topics covered and the expected learning outcomes. Please include in each module description a list of the Skills Groups (Appendix B) that the module covers and the level(s) at which they are covered. The module descriptions should be placed in an appendix to section 3.
d. With reference to Appendix B, please provide an overview of how the Cyber Security topic coverage for the Integrated Master’s degree is achieved by completing a table (Table 3.4) of the following form covering Security Disciplines A to H and Skills Groups i to xiii:
Security Discipline
Skills Group Module(s) in
which topics in Skills Group are covered Level at which Skills Group is covered A. Information Security Management i. Policy, Strategy, Awareness and Audit ii. Legal and Regulatory Environment
B. Information Risk Management
iii. Risk Assessment and Management
C. Implementing Secure Systems
iv. Security Architecture v. Secure Development vi. Control Systems
D. Information Assurance Methodologies and Testing
vii. Information Assurance Methodologies
Page 54 of 60
E. Operational Security Management
ix. Secure Operations Management and Service Delivery
x. Vulnerability Assessment
F. Incident Management
xi. Incident Management xii. Forensics
G. Audit, Assurance and Review
Audit and Review Included in Skills Group i above
Please provide information under Skills Group i above H. Business Continuity Management
xiii. Business Continuity Planning and Management
Table 3.4
e. For the Cyber Security component of Integrated Master’s degrees with core and optional modules please identify the permitted combinations of core and optional taught modules that DO cover at least 8 of the Skills Groups in Table 3.2 at the required level.
3.4 Social issues, professional practice and professional skills
a. Please describe how computer science Subject Area 11 (social issues and professional practice) is covered in the Integrated Master’s degree. By way of example, this may be through lectures, individual/group projects, coursework, etc.
b. Please describe how Security Discipline J, Professional Skills (Appendix B), is addressed in the Integrated Master’s degree. By way of example, describe how team-working,
communication skills etc. are covered within the degree programme as a whole – it is not a requirement to have a separate dedicated module covering Professional Skills.
3.5 Criteria to be applied
3.5.1 General criteria
i. The objectives and anticipated learning outcomes for students undertaking the Integrated Master’s should be clearly articulated.
ii. The degree satisfies the QAA qualification framework for Master’s level. iii. The degree satisfies the QAA credit framework for Integrated Master’s.
iv. Part-time students should cover the same breadth and depth of content as full time students.
3.5.2 Computer science criteria
i. ComSci 1: there must be a minimum of 240 taught computer science credits across levels 4 to 7.
Page 55 of 60 ii. ComSci 2: there must be at least 180 taught credits that can be mapped to computer science
Subject Areas 1 to 10.
iii. ComSci 3: all of the computer science Subject Areas listed in Table3.2 are covered at the appropriate levels.
iv. Permitted combinations of core and optional modules that DO cover all of computer science Subject Areas listed in Table 3.2 must be clearly identified; there must be at least one combination of core and optional modules that covers all of the Subject Areas listed in Table 3.2 at the required level.
3.5.3 Cyber security criteria
i. CySec 1: there must be a minimum of 105 taught cyber security credits across levels 4 to 7 ii. CySec 2: there must be a minimum of 75 taught cyber security credits across levels 6 and 7. iii. CySec 3: the taught cyber security credits must cover at least 8 of the Skills Groups i to xiii
shown in Table 3.4 at the following levels:
level 4 or higher: minimum of 8 Skills Groups covered
level 6 or higher: minimum of 5 Skills Groups covered
iv. Permitted combinations of core and optional modules that DO cover at least 8 Skills Groups at the required levels must be clearly identified; there must be at least one combination of core and optional modules that covers at least 8 Skills Groups at the required levels.
3.5.4 Social issues, professional practice and professional skills criteria
i. The Integrated Master’s degree should cover relevant social, ethical, legal and professional issues.
ii. The Integrated Master’s degree should address topics such as team-working, communication skills, leadership and decision making.