ABCDEFGHIJKLMNOPQRSTUVWXYZAAABACADAEAFAGAHAIAJAKALAMANAOAPAQARASATAUAVAWAXAYAZBA
1
Title of the programme – including any lower awards
Please provide the titles used for all awards relating to this programme. Note: all programmes are required to have at least a Postgraduate Certificate exit award.

See guidance on programme titles in:
2
Masters MSc in Cyber Security
3
Postgraduate Diploma PG Diploma in Cyber Security Please indicate if the Postgraduate Diploma is available as an entry point, ie. is a programme on which a student can register, is an exit award, ie. is only available to students exiting the masters programme early, or both.Exit
4
Postgraduate Certificate PG Certificate in Cyber SecurityPlease indicate if the Postgraduate Certificate is available as an entry points, ie. is a programme on which a student can register, is an exit award, ie. is only available to students exiting the masters programme early, or both.Exit
5
Level of qualificationLevel 7
6
This document applies to students who commenced the programme(s) in:2019
7
Awarding institutionTeaching institution
8
University of York University of York
9
Department(s):
Where more than one department is involved, indicate the lead department		Board of Studies
10
Lead Department Computer ScienceComputer Science
11
Other contributing Departments:
12
Route code
(existing programmes only)
PMCYBSSEC1
13
Admissions criteria
14
In addition to University requirements, we would normally require at least a 2.1 degree in Computer Science, Software Engineering, Information Technology, Electronics, or a related discipline.
15
Length and status of the programme(s) and mode(s) of study
16
ProgrammeLength (years/ months) Status (full-time/ part-time)
Please select		Start dates/months
(if applicable – for programmes that have multiple intakes or start dates that differ from the usual academic year)		Mode
17
18
Face-to-face, campus-basedDistance learningOther
19
MSc
12Full-timePlease select Y/NYesPlease select Y/NNo
20
MSc
36Part-timePlease select Y/NYesPlease select Y/NNo
21
PG Diploma in Cyber Security12Full-timePlease select Y/NYesPlease select Y/NNo
22
23
English
24
Language(s) of assessment
25
English
26
2. Programme accreditation by Professional, Statutory or Regulatory Bodies (PSRB)
27
2.a. Is the programme recognised or accredited by a PSRB
28
Please Select Y/N: Yesif No move to section 3
if Yes complete the following questions
29
2.b. Name of PSRB
30
NCSC (Note: accreditation is only given for the full MSc - not the interim awards)
31
2.c. Please provide details of any approval/ accrediation event needed, including: timecales, the nature of the event, central support / information required:
32
n/a
33
2.d. Are there any conditions on the approval/ accreditation of the programme(s)/ graduates (for example accreditation only for the full award and not any interim award)
34
No
35
3. Additional Professional or Vocational Standards
36
Are there any additional requirements of accrediting bodies or PSRB or pre-requisite professional experience needed to study this programme?
37
Please Select Y/N: Noif Yes, provide details
38
n/a
39
4. Programme leadership and programme team
40
4.a. Please name the programme leader for the year to which the programme design applies and any key members of staff responsible for designing, maintaining and overseeing the programme.
41
Dr Radu Calinescu
42
5. Purpose and learning outcomes of the programme
43
5.a. Statement of purpose for applicants to the Masters programme
Please express succinctly the overall aims of the programme as an applicant facing statement for a prospectus or website. This should clarify to a prospective masters student why they should choose this programme, what it will provide to them and what benefits they will gain from completing it.
44
The MSc in Cyber Security is a forward-looking degree designed for students who already possess a strong computer science, software engineering or information technology background and who want to broaden their knowledge and expertise concerning the challenges of global cyber security.

The programme emphasises both the principles underpinning effective approaches to cyber defence and the important technical material that must be understood in order to make effective cyber security decisions. By unifying these with theoretical, social and legal material, you will be equipped for a career in industry, government or academia, in strategic and research areas.

As a graduate of the MSc in Cyber Security, you will have developed a detailed understanding of the fundamental aspects of cyber security, the extant threats to current and emerging system types, and the range of technologies that can be brought to bear to reduce risk.

Available as a full‐time one‐year intensive programme, the MSc in Cyber Security is suitable if you are an applicant from industry or government as it will inform your strategic thinking and decision-making. The programme is also suitable if you are seeking to develop a more research-based career as it provides a broad topic base, the opportunity to specialise and a solid foundation in research methodology.
45
5.b.i. Programme Learning Outcomes - Masters
Please provide six to eight statements of what a graduate of the Masters programme will be able to do.
If the document only covers a Postgraduate Certificate or Postgraduate Diploma please specify four to six PLO statements in the sections 5.b.ii and 5.b.iii as appropriate.
Taken together, these outcomes should capture the distinctive features of the programme. They should also be outcomes for which progressive achievement through the course of the programme can be articulated, and which will therefore be reflected in the design of the whole programme.
46
PLOOn successful completion of the programme, graduates will be able to:
47
1Apply the specialist principles associated with cyber security such as cryptanalysis, attack, authentication, identity, trust, and anonymity, in order to determine systems' security vulnerabilities. [Principles]
48
2Analyse and evaluate the technological components of current and proposed cyber systems, which include computers, algorithms, and networks, from the perspective of their security properties. [Technical]
49
3Identify, analyse and assess the range of threats to cyber systems from practical and theoretical viewpoints. [Threats and attacks]
50
4Evaluate and design systems-level solutions to security weaknesses in cyber systems posed by technological and non-technical (human) factors. [System Design]
51
5Form reasoned judgments, based on evidence, regarding the particular legal, social, and professional issues involved in the deployment, management, and analysis of cyber security systems. This includes forensic analysis of attacked systems, and appreciation of the regulatory and cultural constraints relevant to cyber security. [Legal, social, and professional]
52
6Explain, through oral presentations and written papers, complex technical ideas and arguments to peer specialists and more general audiences. [Communication]
53
7Scope, plan, execute and manage significant cyber-security research projects and produce focussed stakeholder reports. [Creativity]
54
8Maintain knowledge of developments in cyber security by accessing, interpreting, evaluating and synthesising data and arguments from up-to-date research literature from related areas and technical manuals and standards specifications. [CPD]
55
5.c. Explanation of the choice of Programme Learning Outcomes
Please explain your rationale for choosing these PLOs in a statement that can be used for students (such as in a student handbook). Please include brief reference to:
56
i) ... in what way will these PLOs result in an ambitious, challenging programme which stretches the students?
57
The PLOs describe a programme which satisfies the standard defined by GCHQ/NCSC for accreditation purposes, but build on this standard to provide significant opportunities to exceed it. The PLOs complement each other to ensure that you will gain a strong background in all aspects of security. Thus, the programme encourages a holistic approach to security, dealing with defensive measures, evaluation of security effectiveness, post-breach escalation prevention, analysis of breaches in order to gain understanding and improve for the future, CPD and research methods for your future development. Each module combines programme PLOs to provide you with broad coverage of the overarching themes whilst giving depth in its own particular area.
58
ii) ... in what way will these PLOs produce a programme which is distinctive and advantageous to the student?
59
This Cyber Security Masters is distinctive in that the programme gives consideration to important non-technical issues - such as legal and ethical issues and constraints - in addition to the development of Cyber Security and communication skills advantageous to any graduate. Due consideration is given to cross-cutting continuing professional development, to ensure that you will be appropriately prepared to embark on, or to continue, a successful career. The eight PLOs cover the entire spectrum of Cyber Security knowledge and skills, and underpin a programme that will give you the advantage of an exposure to both fundamental principles and advanced techniques in Cyber Security.
60
iii) ... how the design of the programme enables students from diverse entry routes to transition successfully into the programme? For example, how does the organisation of the programme ensure solid foundations in disciplinary knowledge and understanding of conventions, language skills, mathematics and statistics skills, writing skills, lab skills, academic integrity
61
The programme is designed to allow those with a mix of backgrounds, from recent graduates to experienced practitioners working in industry, to acquire knowledge and skills appropriate for modern Cyber Security. The first group of modules (ITRA, NTAC, CTAP and MALF) will provide you with foundations of good security practice. The following group (RISS, FACI, CRES and WASP) builds on these foundations to address issues relating to system design, incident response and continuous professional development. The final project will give you an opportunity to integrate all of the preceding material and build on it to develop a significant piece of work aligned to your own thematic interests within the cyber security domain. Throughout the programme, but particularly in CRES and WASP, you will be afforded opportunites to develop and enhance transferable skills such as analysis of others' work in order to achieve defined goals, and presentation of technical material in a variety of ways for a range of audiences. Additionally, you will have access to pre-reading material on programming and networking (https://www.cs.york.ac.uk/postgraduate/taught-courses/msc-cyber-security-pre-course-prep/), to prepare you for the programme, and to a wide range of free courses and services provided by the University's Centre for English Language Teaching (CELT, https://www.york.ac.uk/celt/), Writing Centre (https://www.york.ac.uk/students/studying/develop-your-skills/study-skills/writing/) and Careers (https://www.york.ac.uk/about/departments/support-and-admin/careers/). These courses and services are designed to enhance your language and academic writing skills, and to support you in planning your future career.
62
iv) ... how the programme is designed to enable students to progress successfully - in a limited time frame - through to the end of the award? For example, the development of higher level research skills; enabling students to complete an independent study module; developing competence and confidence in practical skills/ professional skills. See QAA masters characteristics doument http://www.qaa.ac.uk/en/Publications/Documents/Masters-Degree-Characteristics-15.pdf
63
The programme is designed to meet the requirements of both "research" and "specialised/advanced study" categories of the QAA, while satisfying the conditions of GCHQ/NCSC accreditation. The modules are designed to ensure a gradual emphasis shift from foundations to holistic and system-level security. The first group of modules (ITRA, NTAC, CTAP, and MALF) emphasize on the fundamentals of security in theory and practice, while a second group (RISS, FACI, CRES, and WASP) build on the foundations to develop holistic and systematic design and analysis skills. On the other hand, throughout the programme the mode of study is designed to gradually shift from specialised learning to independent study. ITRA is designed as a general introductory module to the programme in which you will not only acquire preliminary knowledge of multiple aspects of cyber security, but also get a chance to transition smoothly into the more demanding, hands-on, and independent mode of study in the master’s programme. In NTAC, CTAP and MALF, you will be given lectures on specialized issues and get a hands-on experience on such issues in practicals. In RISS and FACI, you will be expected to analyse systems from a holistic point of view in multiple mini-projects. In CRES and WASP, you will develop your skills and acquire experience in independent study and the full cycle of research-led investigation. Eventually, in the PCYB individual project, you will carry out a fully-fledged and in-depth independent study of a topic in cyber security. The whole programme is hence designed to provide foundational knowledge and develop independent study skills to enable you to carry out the independent study module.
64
v) ... how this programme (as outlined in these PLOs) will develop students’ digital literacy skills and how technology-enhanced learning will be used to support active student learning through peer/tutor interaction, collaboration and formative (self) assessment opportunities (reference could be made to such as blogging, flipped classroooms, response 'clickers' in lectures, simulations, etc).
65
The programme is designed to incorporate levels of group work and formative assessment opportunities appropriate to the mode of study in each module. Throughout the foundational modules, practicals are designed to encourage group discussion, and formative feedback on your work in practicals is provided by academics and other tutors regularly. In RISS and FACI, such formative feedback on your mini-projects is provided on the system level. Later in CRES, you will develop and receive individual feedback on a project proposal. In WASP, you will write an in-depth group report on a chosen topic and prepare an individual poster to present your topic. These posters are later presented and discussed in a workshop simulation with peers and academics. Throughout the individual project, you will present your preliminary project findings, you will answer questions, and you will be given formative feedback at regular meetings with your supervisor.
66
vi) ... how this programme (as outlined in these PLOs) will support and enhance the students’ employability (for example, opportunities for students to apply their learning in a real world setting)?
The programme's employablity objectives should be informed by the University's Employability Strategy:
67
The PLOs are informed by and aligned with the knowledge and skills identified by the National Cyber Security Centre (NCSC) and GCHQ as demanded and required by the cyber security industry sector. You will learn fundamentals of cyber security and experience how to apply such knowledge in analysing and designing secure systems. In particular, PLO1, PLO2, PLO3, PLO4 and PLO5 are concerned with the foundational and technical knowledge and skills you will acquire, with PLO2, PLO3 and PLO4 specifically concerned with practical skills in this regard. Practicals, projects, and analysis exercises are designed closely based on real-world cyber security issues and problems, and you will get the chance to, in part or fully, develop security algorithms, and to analyse and break them in simulated settings based on practical environments. Additionally, you will get experience with standard tools used in the industry for security analysis and design. Furthermore, through presentation of complex concepts in various forms (discussion, report, precis, oral presentation, poster, podcast, interview) you will develop personal and social skills required in your future employment. In particular, PLO6, PLO7 and PLO8 are concerned with such skills, including communication, creativity, and continuous professional development.
68
viii) ... how learning and teaching on the programme are informed and led by research in the department/ Centre/ University?
69
The Cyber Security group at the Department of Computer Science is a leading research group. It combines research strengths in cryptography, quantum information processing, digital forensics, and network security. This has enabled designing an outstanding learning and teaching programme focusing on pragmatic aspects of cyber security. Teaching and project supervision is done by the members of the Cyber Security group whose research outputs and professional experience support the programme. Furthermore, several of the programme lecturers are also affiliated with other research groups in the department, such as the Enterprise Systems and the High Integrity Systems Engineering groups. These academics have expertise at the intersection of cyber security and software/systems engineering. Furthermore, members of the group maintain a research portfolio from a variety of sources, involving partners from the private and public sectors. As such, many of the techniques taught in the programme are applied directly in large research projects, and you will be exposed to the newest techniques and data regarding the effectiveness of the existing practice.
70
5.d. Progression
For masters programmes where students do not incrementally 'progress' on the completion of a discrete Postgraduate Certificate and Postgraduate Diploma, please summarise students’ progressive development towards the achievement of the PLOs, in terms of the characteristics that you expect students to demonstrate at the end of the set of modules or part thereof. This summary may be particularly helpful to students and the programme team where there is a high proportion of option modules and in circumstances where students registered on a higher award will exit early with a lower one.

Note: it is not expected that a position statement is written for each masters PLO, but this can be done if preferred.
71
On completion of modules sufficient to obtain a Postgraduate Certificate students will be able to:
If the PG Cert is an exit award only please provide information about how students will have progressed towards the diploma/masters PLOs. Please include detail of the module diet that students will have to have completed to gain this qualification as an exit award.
72
PG Cert is an exit award only for which students have to accumulate 60 credits by completing the core modules ITRA, NTAC, CTAP, MALF, RISS and FACI. There are no options. PG Cert students will have made some progress towards fulfilling PLOs 1, 2, 3, 4, 5 and 8. PLOs 6 and 7 will not have been achieved.
73
On completion of modules sufficient to obtain a Postgraduate Diploma students will be able to:
If the PG Diploma is an exit award only please provide information about how students will have progressed towards the masters PLOs. Please include detail of the module diet that students will have to have completed to gain this qualification as an exit award.
74
PG Diploma is an exit award only for which students have to accumulate 80 credits by completing the core taught modules ITRA, NTAC, CTAP, MALF, RISS, FACI, CRES and WASP, as well as a 40-credit Cyber Security Diploma individual project. There are no options. PG Cert students will have made some progress towards fulfilling all PLOs. PLO 7 will have been achieved only to a very modest extent.
75
6. Reference points and programme regulations
76
6.a. Relevant Quality Assurance Agency benchmark statement(s) and other relevant external reference points
Please state relevant reference points consulted (e.g. Framework for Higher Education Qualifications, National Occupational Standards, Subject Benchmark Statements or the requirements of PSRBs): See also Taught Postgraduate Modular Scheme: Framework for Programme Design:
77
The MSc Cyber Security programme meets all the requirements for the Taught Postgraduate Modular Scheme: Framework for Programme Design, including following one of the Masters programme structures recommended in Section D.11 of the Framework.

The programme also meets all the QAA Subject knowledge and skills requirements, Subject specific skills requirements and General transferable skills requirements, many of which align with the requirements of the GCHQ accreditation received by the programme.

The MSc Cyber Security programme meets the Threshold requirements of QAA in the computing stream.
78
6.b. University award regulations
79
The University’s award and assessment regulations apply to all programmes: any exceptions that relate to this programme are approved by University Teaching Committee and are recorded at the end of this document.
80
7. Programme Structure
81
7.a. Module Structure and Summative Assessment Map
Please complete the summary table below which shows the module structure and the pattern of summative assessment through the programme.

IMPORTANT NOTE:
If the structure of your programme does not fit the usual academic year (for instance students start at the beginning of September or in January) please contact your Academic Quality Team contact in the Academic Support Office for guidance on how to represent the structure in an alternative format.

To clearly present the overall programme structure, include the name and details of each invidual CORE module in the rows below. For OPTION modules, ‘Option module’ or 'Option from list x' should be used in place of specifically including all named options. If the programme requires students to select option modules from specific lists by term of delivery or subject theme these lists should be provided in the next section (7.b).

From the drop-down select 'S' to indicate the start of the module, 'A' to indicate the timing of each distinct summative assessment point (eg. essay submission/ exam), and 'E' to indicate the end of teaching delivery for the module (if the end of the module coincides with the summative assessment select 'EA'). It is not expected that each summative task will be listed where an overall module might be assessed cumulatively (for example weekly problem sheets).

Summative assessment by exams should normally be scheduled in the spring week 1 and summer Common Assessment period (weeks 5-7). Where the summer CAP is used, a single ‘A’ can be used within the shaded cells as it is understood that you will not know in which week of the CAP the examination will take place. (NB: An additional resit assessment week is provided in week 10 of the summer term for postgraduate students. See Guide to Assessment, 5.4.a)
82
Full time structure
83
CreditsModuleAutumn TermSpring Term Summer Term Summer Vacation
84
CodeTitle12345678910123456789101234567891012345678910111213
85
10ITRAIdentity, Trust, Reputation and their ApplicationsSEA
86
10NTACNetworks and Communications Security: Threats, Attacks and CountermeasuresSEA
87
10CTAPCryptography Theory and ApplicationsSEA
88
10MALFMalware and Other MalfeasanceSEA
89
10RISSRigour in Secure System Development and AssessmentSEA
90
10FACIForensic Analysis of Cyber IncidentsSEA
91
10CRESCyber-security Research SkillsSEA
92
10WASPWider Aspects of CybersecuritySEA
93
100PCYBCyber-security Individual ProjectSEA
94
Please indicate when the Progression Board and Final Exam board will be held and when any reassessments will be submitted.
NB: You are required to provide at least three weeks notice to students of the need for them to resubmit any required assessments, in accordance with the Guide to Assessment section 4.9
95
Progression BoardModule Assessment Board Sum/4, Ratification Sum/5
96
ReassessmentResit Ratification Sum Vac/1
97
Exam BoardRatification Aut/7
98
Part time structures
Please indicate the modules undertaken in each year of the part-time version of the programme. Please use the text box below should any further explanation be required regarding structure of part-time study routes.

As there are no formal prerequisites between the taught modules, part-time students have the flexivbility to complete them in any order. However, all taught modules must be completed by the end of the Spring term in year 2, and we have the following recommendations for part-time students:
- Take two modules in the Autumn term and two modules in the Spring term in each of the first two years;
- Prefer ITRA first
- Prefer NTAC before MALF
- Prefer WASP last
Thus, the recommented normal pattern is: year 1 - ITRA, CTAP / RISS or FACI then CRES; and year 2 - NTAC, MALF / FACI or RISS then WASP.

The individual project starts in year 2 Summer Term, and finishes in year 3 Summer Vacation Term.
99
Year 1 (if you offer the programme part-time over either 2 or 3 years, use the toggles to the left to show the hidden rows)
100
Year 2