There is a considerable amount of interest in the subject of cyber security. It seems as if a day doesn’t go by without a new story about a worrying data breach or a hack attack. New terms such as phishing has entered in the lexicon and we regularly hear references to topics such as encryption and malware.
With the possibility of new modules (and perhaps qualifications) on the horizon, an important question is: what can associate lecturers do to be prepared for new cyber security modules? This blog post is to summarise a set of resources that might be useful. This post is, of course, unapologetically OU centric and there, are of course, many other resources or books out there. If you do know of other resources that might be helpful, do feel free to add a comment below.
Cyber security MOOC
The OU, in collaboration with FutureLearn runs a MOOC (massive open online course) entitled Introduction to Cyber Security (FutureLearn). This is particularly interesting, since the course description states that ‘it has been developed by The Open University with support from the UK Government’s National Cyber Security Programme’. It is presented as a ‘double accredited course’, described as a GCHQ certified training course, accredited by the Institute of Information Security Professionals (IISP).
The MOOC addresses a range of relevant topics, such as: threats, authentication (access control, passwords, two-factor authentication), malware (types of malware, attack vectors, preventing infection), cryptography, network security (firewalls, virtual private networks, intrusion detection/prevention), cyber security laws, recovering from attacks and managing risks.
One of the great things about being a tutor is that tutors can study many OU modules as a part of their continuing professional development. If you’re interested in cyber security, tutors can choose to study two different postgraduate modules that are linked to the subject of cyber security.
The first module is called M811 Information security. M811 is relating to IT governance and management (which reflects the focus of the postgraduate programme). Here is the key part of the description: ‘In this online module, you’ll explore the professional and technical skills necessary to understand, document, manage and implement strategic and operational aspects of your organisation's information security. You’ll study topics in information security risk assessment and management, as well as professionalism, home information security, and information security research.’
Regarding M811, an important point is that it isn’t a technical module: instead, it focuses on the socio-technical and organisational issues which reflects the notion that cyber security is just not about technology: it is about people too.
The second module is called M812 Digital forensics. M812 is different to M811, since it is a lot more technical. It is described as follows: ‘This online module will help you understand how to conduct investigations to correctly gather, analyse and present digital evidence to both business and legal audiences. You will also learn how to find tools to locate and analyse digital evidence on a variety of devices, including mobile phones, and how to keep up to date with changing technologies, laws and regulations in digital forensics.’
The connection with law is particularly important and useful. It introduces learners to different aspects of legislation that relate to data and cyber security. It is technical in the sense that students are required to carry out an analysis of a digital image (data downloaded from a digital device) and write a detailed report. An interesting aspect of the module is that students (acting as digital forensic examiners) will take play in a short role play activity where they present evidence to a tutor who plays the role of a court barrister.
OpenLearn: Badged Open Courses
As well as FutureLearn, the university has OpenLearn, which offers BOCs (rather than MOOCs). A BOC is a Badged Open Course. There are three BOCs that relate to cyber security.
The most recent BOC is called Introduction to cybersecurity: say safe online (OpenLearn). The course is described as follows: ‘[it will] help you to understand online security and start to protect your digital life, whether at home or work. You will learn how to recognise the threats that could harm you online and the steps you can take to reduce the chances that they will happen to you.’ The learning outcomes are: ‘start to protect your digital life, recognise threats to your online safety, take steps to reduce the risk of online threats, understand concepts including malware, viruses and trojans, consider network security, cryptography and identity theft’.
OpenLearn also contains BOCs made from sections from M811 and M812; you can even use these BOCs to get a feel for what kinds of materials are presented in either of these modules.
The Information security BOC (OpenLearn) is described as follows: ‘... information has become the life blood of the modern world. Given its importance, modern organisations aren’t always as careful as they could be with it. . . . In this free coursey ou’ll explore what it is about information that makes it so valuable.’ Again, the emphasis is on people and organisations, rather than technology.
The Digital forensics BOC (OpenLearn), being derived from M812, is descried as follows: ‘Digital forensics, is an introduction to computer forensics and investigation, and will give you an overview of forensic science in general, including how it works in practice. It will introduce you to the world of digital forensics, that is, applying forensic science to the digital artefacts that we create every day through our interactions with computers, mobile phones and the unseen objects around us that encompass the so-called ‘internet of things’.
There are of course, loads of other Science, Maths and Technology BOCs available.
FutureLearn is, of course, one of many MOOC providers. Three other providers are called EdX, Udacity and Coursera.
At the time of writing EdX runs a MOOC called Cybersecurity fundamentals, which was 8 weeks in length (with an average of 6-8 hrs per week), and Coursera, that relates to usability security (which can be considered to be an intersection between interaction design and cyber security).
Acknowlegements: Many thanks to Sharon Dawes for providing the inspiration and motivation behind the writing of this blog, and for also sending me links to a number of related cyber security resources.