Info Security Handbook 2012 13 Gen

8/10/2019 Info Security Handbook 2012 13 Gen

http://slidepdf.com/reader/full/info-security-handbook-2012-13-gen 1/68 • Information Security handbook • 2012–2013 i

Contents

Programmesection

Generalsection

PROGRAMME SECTION

Welcome to your 2012–2013 studyyear as an International Programmesstudent ..................................................... 1

Introduction ............................................. 2

The University, University of LondonInternational Programmes andRoyal Holloway ....................................... 3

Administrative and technicaluser support .......................................... 11

About online distance learning ...........13

Planning your studies ........................... 17

The programme tools andmaterials ................................................ 27

The Online Library ................................37

Good online communicationpractice ..................................................40

Networking and academic support .....45

What to do if you get intodifculties .............................................. 53

Assessment ........................................... 56

GENERAL SECTION

Introduction ......................................... G.1

New developments in 2012 ................ G.2

Contacting the University .................. G.3

Your Programme Specicationand Regulations .................................. G.5

Qualications Framework .................. G.6Fees, refunds and nancialassistance ............................................ G.7

Studying at an institution ................... G.9

Online resources ............................... G.13

Libraries ............................................. G.15

Bookshops ......................................... G.15

Conrmation of registration ............ G.16

Change of details .............................. G.16

Requesting your study materialsand maintaining yourregistration ........................................ G.17

Entering for examinations ................G.19

Accreditation of prior learning ........ G.24

Transfers ............................................ G.25

Certicates, transcripts andDiploma supplements ...................... G.27

The graduation ceremony ................ G.28

The Careers Group,University of London ........................ G.29

C2, a service from theCareers Group ................................... G.29

University of London InternationalProgrammes Alumni Association .... G.30

University of London Union ............ G.31

Information for students withspecic access requirements ........... G.32

Complaints procedure ...................... G.33

Student Charter ................................. G.34


http://slidepdf.com/reader/full/info-security-handbook-2012-13-gen 2/68 • Information Security handbook • 2012–2013


http://slidepdf.com/reader/full/info-security-handbook-2012-13-gen 3/68 • Programme section • 2012–2013 iii

Welcome to your 2012–2013 studyyear as an International Programmesstudent ..................................................... 1

Academic queries .................................. 1

Introduction ............................................. 2

The University, University of London

International Programmes andRoyal Holloway ....................................... 3

The University of London: a centre ofexcellence .............................................. 3

University of London InternationalProgrammes .......................................... 3

A new name ..........................................3

Royal Holloway ......................................3

Information Security Group ...................4

Why study Information Security atRoyal Holloway?.....................................5

Who are the programmes aimed at? .....6

Learning objectives of theprogramme ............................................ 7

Who is involved in the programme? ......7

How is the programme taught?.............8

How much time should you allow for

study? .................................................... 8

How is the programme assessed? ........8

How is the programme evaluated?........9

Coming to Royal Holloway ..................... 9

Research degrees at RoyalHolloway .............................................. 10

Administrative and technicaluser support .......................................... 11

Administrative support ........................ 11Technical user support ......................... 12

The Support Ofce at RoyalHolloway .............................................. 12

About online distance learning ...........13

The advantages of an online distancelearning programme ............................ 13

The disadvantages of an onlinedistance learning programme .............. 14

Differences between the campus and

distance learning programme .............. 16Planning your studies ........................... 17

The programme structure .................... 17

Pacing your studies .............................. 17

Rules of progression ............................ 20

The programme tools andmaterials ................................................ 27

What to expect and when ...................27

The Virtual Learning Environment ........28Structure of the study materials ..........28

What does a module contain? .............30

What does a normal unit contain? .......31

What does an audio unit contain? .......33

How is information presented withina screen? .............................................34

Using the study materials .................... 35

The Online Library ................................ 37Good online communicationpractice ..................................................40

General netiquette ............................... 40

Discussion area netiquette .................. 43

Email netiquette ..................................44

Networking and academic support .....45

Obtaining academic support ................ 45

Online seminars ..................................46

Module tutors .....................................49

Module discussion areas ..................... 50

Part I: Programme section

Contents


http://slidepdf.com/reader/full/info-security-handbook-2012-13-gen 4/68v • Information Security handbook • 2012–2013

Summary of moderated support .........51

Peer-to-peer support ............................51

Student Cafe ........................................ 51

External support ..................................52

Your responsibility................................52

Personal advice .................................... 52

What to do if you get intodifculties .............................................. 53

Your family doesn’t understand ...........53

Your employer isn’t supportive ............53

You can’t nd the time to study ...........54

You fall behind ................................... ..54

You don’t understand the studymaterials .............................................. 55

You feel isolated................................. ..55

Advisers of studies .............................. 55

Assessment ........................................... 56

Assessment requirements ..................56

Assessing your work ...........................56

Examinations ....................................... 56

How to do well in examinations ..........58

The MSc degree project ......................61

Aims of the project .............................. 61

Merit/Distinction .................................. 63

What happens if you fail anexamination/project? ...........................63

Assessment of your onlinecontribution .........................................63

Results ................................................. 64


http://slidepdf.com/reader/full/info-security-handbook-2012-13-gen 5/68 • Programme section • 2012–2013 1

This Programme section providesacademic guidance along with practicalinformation and advice that is specic toyour studies as an Information Securitystudent. We hope that we have coveredeverything that you need to know aboutduring your studies, but if you require anyadditional information or support pleasecontact us (see page G.3 of the Generalsection).

For practical information that applies toall of the programmes offered throughthe University of London InternationalProgrammes, such as how to pay yourfees, please refer to the General section inPart II of this handbook .

We are committed to continuously

improving your experience of studyingwith the University of London InternationalProgrammes. Over the coming yearwe will be undertaking a number ofdevelopments aimed at beneting ourstudents. You will be notied directly ofany changes likely to affect your studyprogramme but you may also nd it helpfulto check our website:

www.londoninternational.ac.uk

which is regularly updated with the latestnews.

Academic queriesIf you have a query of an academic nature,you may contact the Programme Directorvia the Programme Administrator. Pleasenote, however, that they cannot giveregular advice or tuition.

Programme Administrator for DistanceLearning MSc,Information Security Group,Royal Holloway, University of LondonEgham Hill, Egham,Surrey TW20 0EXTel: +44 (0)1784 414340Fax: +44 (0)1784 430766Skype: Infosec.deEmail: ISDL–[email protected]

Welcome to your 2012–2013 studyyear as an International Programmesstudent



Welcome to the MSc degree andPostgraduate Diploma in InformationSecurity. This handbook is designed to helpyou get the most out of your experienceas a distance learning student of RoyalHolloway, University of London. It is agood idea to read through the contentsquickly so you know what it contains,remembering that you can always comeback to it for specic information or advice.In this chapter you will be introduced tothe programme itself, and to the rest ofthe handbook .

The MSc in Information Security has beenoffered at Royal Holloway since 1992,and has been an enormous success. APostgraduate Diploma was introduced in

2007. In that time students from over 40countries have successfully completeda programme that is held in high regardinternationally, within both industry andacademia. During that time we hadrepeated requests from prospectivestudents throughout the world for aversion of this degree that could bestudied without the time and expenseinvolved in coming to London.

The programme that you are now enrolledon is the result of these requests, andwe are looking forward to sharing thechallenges and opportunities offered bythis new format for delivery of the MSc.We intend to do everything we can tomake your experience on this MSc asrewarding and enjoyable as possible. Weare always keen to hear your ideas andsuggestions – we endeavour to makethis distance learning format of the MScdegree/Postgraduate Diploma every bitas successful as the campus degree, andyour views are very important to us.

Introduction

Unless otherwise stated, any referenceto the MSc also applies to thePostgraduate Diploma throughout thishandbook .



The University, University of LondonInternational Programmes andRoyal HollowayThe University of London: acentre of excellenceThe University of London, which wasestablished in 1836, is one of the oldestand largest universities in the UnitedKingdom. It is a federation of 18 collegesand 10 institutes. Some colleges are

specialised (such as the School of Orientaland African Studies and the London Schoolof Hygiene & Tropical Medicine), whileothers are multi-faculty (such as UniversityCollege London and Queen Mary,University of London). Specialist institutesinclude the Institute of CommonwealthStudies.

University of London

International ProgrammesIn 1858, Queen Victoria signed theUniversity’s fourth charter which permittedthe University’s degrees to be accessibleto students who did not want or couldnot come to London to study. Thisgroundbreaking initiative is one of theearliest examples of a university makingits degrees accessible to students andestablished what has now become known

as the University of London InternationalProgrammes.

International Programmes studentsregister for a range of undergraduate andpostgraduate degrees and our students,who come from over 190 differentcountries, have an age range of between18 and 70 years old. Some join theInternational Programmes immediatelyafter leaving school, while others may havebeen working for a number of years andneed a qualication in order to improvetheir prospects. Others purely seek the

challenge of studying a new subject atdegree level. In many countries graduatesof the International Programmes occupysenior positions in government, commerceand industry. The value of a University ofLondon degree is recognised throughoutthe world.

A new nameIn August 2010, we changed our namefrom the External System to the Universityof London International Programmes tobetter describe ourselves in the twenty-rst century. This change allowed greaterclarity and inclusiveness and we believeit has helped us to connect to morestudents.

One critical thing that did not change,however, was our commitment to offerworldwide access to a university educationof a consistently high standard. We arevery proud of our (and your) reputationand will continue to build on everythingthat the External System stood for andachieved. Although our name has changed,our people, values, reputation and historyremain exactly the same.

Royal HollowayRoyal Holloway, University of Londonstands as a monument to two Victorianvisionaries, Elizabeth Jesser Reid andThomas Holloway. Both played a crucialrole in the development of equality ineducation through the creation of twocolleges for women: Bedford College inLondon, and Royal Holloway College in

Surrey, 19 miles to the west of centralLondon. Their foresight and philanthropyhave ensured opportunities for manygenerations of students.



Elizabeth Jesser Reid, a pioneering socialreformer, founded Bedford College in 1849as a women’s college. Bedford Collegewas the very rst institution to have playeda leading role not only in the advancementof women in higher education, but also inpublic life in general.

Thomas Holloway was a self-made multi-millionaire whose fortune was madein patent medicines. He founded RoyalHolloway College in 1879 after initiatinga public debate inviting suggestions asto ‘How best to spend a quarter of amillion or more’. It was his wife Jane whosuggested a college for women as themeans by which Holloway’s money mightaffect ‘the greatest public good’.

In 1900, both Bedford and Royal Hollowaywere admitted as Schools of the Universityof London and in 1965 they both admittedmale undergraduates for the rst time,while retaining their commitment towomen’s education. The colleges mergedin 1986 and have since adopted the nameRoyal Holloway, University of London.

Information Security GroupThe Information Security Group (ISG)at Royal Holloway is an interdisciplinaryresearch group comprising computerscientists and mathematicians. The groupoffers an active research environment, withover 15 established academic posts and a

large number of research students, makingit one of the largest academic securitygroups in the world. The group regularlyhosts international visitors and has strongresearch links with a number of industrialand government institutions.

A recent initiative has been the formationof the Smart Card Centre by Giesecke andDevrient, Vodafone and Royal Holloway.The principal activities of the ISG include:

Research

The ISG conducts research in areassuch as the design and evaluation ofcryptographic algorithms and protocols(where it contributes actively to theinternational standardisation process),smart cards, electronic commerce,security management, mobiletelecommunications security, and the

integration of security techniques intospecic applications. As well as workingwith academic institutions around theworld, the ISG plays a leading rolein a number of UK and internationalcollaborative research projects, supportedby government research establishments,the European Union and industry.


http://slidepdf.com/reader/full/info-security-handbook-2012-13-gen 9/68



Who are the programmesaimed at?This programme is designed to introducethe technical, legal and commercialaspects of Information Security. It isintended as a foundation for, or as aconsolidation of, a professional career

in Information Security. It is also ofinterest to people intending to embarkon postgraduate research in InformationSecurity.

This programme is aimed at a widerange of different people, from differentbackgrounds, with different experiencesand skills. This is because InformationSecurity is a topic that affects manydifferent people, in many different types oforganisation. It is also because InformationSecurity needs to be addressed andpractised at many different levels. Youare going to be surprised at the variety ofexperiences and interests that your fellowstudents are bringing to this programme.We anticipate that these will differ in twomain areas:

Experience• Some of you may already be

Information Security professionals,and possibly already familiar withentire modules of this programme,but are hoping to obtain a bettergeneral perspective of the eld andsome professional recognition of yourexisting knowledge.

• Some of you will have come acrossvarious aspects of InformationSecurity, on a past degree programmeor as part of your employment, and areseeking to broaden your knowledge ofthis subject.

• Many of you will know very little aboutInformation Security on rst enrollingon this programme, and are looking fora solid background in order to developa new career.

Background• Some of you will have a technical

background in Computer Science,Electrical Engineering, Informatics,Mathematics or another science, andare seeking to specialise in InformationSecurity.

• Some of you will have a background inManagement, Economics or Business,and are seeking to understand theimplications and importance ofInformation Security to your eld ofexpertise.

• Some of you will have never had aformal higher educational trainingand have been accepted onto theprogramme on the basis of relevantwork experience in either of the aboveareas.

This variety is one of the inherentstrengths of this programme and you must

make sure that you take advantage of itby listening, learning and communicatingeffectively with the people that you meeton the programme. We will discuss moreabout how you can do this in the chapter‘Networking and academic support’.

On successful completion of thedegree you should be qualied tond employment in both industry andcommerce as a security expert, and theneed for such experts is likely to be veryhigh for the foreseeable future.



Learning objectives of theprogrammeWhile each individual module has its ownclear learning objectives, there are somegeneral objectives that you should haveachieved on successful completion of thewhole MSc degree. By the end of this

programme you should be (better) able to:• demonstrate a comprehensive

understanding of the issues that needto be addressed when assessingthe information security needs of anorganisation

• identify potential sources ofvulnerability within an informationsystem and the possible implications

of failing to counter them withadequate security controls

• choose appropriate countermeasuresto information security threats andunderstand the likely implications oftheir adoption

• assess the relevance and impact ofnew developments in informationsecurity threats, technologies andcontrols

• recognise the many trade-offs andsubjective issues that need to beaddressed when implementinginformation security within anorganisation.

For the MSc degree only:

• investigate and write a dissertation onan area relating to information security.

Who is involved in theprogramme?The ISG is responsible for the preparationof study materials and delivery of theprogramme. However, as happens on thedegree programme delivered at RoyalHolloway, in order to provide you with

as broad a perspective on InformationSecurity as possible, this programme hasbeen put together with the assistanceof many external experts from theInformation Security industry. You willencounter some of these people aspresenters of audio lectures, as writers ofselected units on specic modules, andpossibly as tutors. Indeed, some of thesepeople are themselves past graduates of

the MSc in Information Security.

Each module will provide more detailsabout which staff and external expertsare involved in the development, deliveryand support for that module. Each modulehas a Module Leader appointed by theISG, and a network of tutors to help youwith your study. You can learn more abouthow to use this support in the chapter‘Administrative and technical user support’.

Short biographies of some of thepeople involved in this distance learningprogramme can be found on the VirtualLearning Environment (VLE).



How is the programmetaught?The study materials are designed to becomputer-based and are available onlinethrough the VLE which all registeredstudents can access. They are alsosupplied in a series of CD-ROMs to enable

students to work ofine. These materialsuse simple, interactive methods to presentinformation and are primarily intended tobe viewed on screen. Some modules alsohave accompanying textbooks, and all havesuggested links to further reading andinternet resources. More information onstudy materials can be found in the chapter‘The programme tools and materials’.

Each module is also supported by a seriesof online seminars, designed to furtherenhance your appreciation of the studymaterials. Details of how these seminarswork and how best to benet from themare provided in the chapter ‘Networkingand academic support’.

It is vital that you appreciate, at this earlystage, that although the study materialsare an important resource, they are by

no means the only resource that you areexpected to use on this MSc degree.The study materials primarily provide youwith an indication of the basic knowledgethat we feel you need to know if youare to become an Information Securityprofessional. You are expected to extendand enhance this basic knowledge throughyour own private reading and discussionswith fellow students. The chapter ‘Planning

your studies’ provides some suggestionson how to study for the MSc degreeeffectively.

How much time should youallow for study?Individuals inevitably differ as to how quicklythey wish to complete the programme, andin the expertise that they already have, soit is difcult to be precise about how manyhours you require for your study.

For individual modules, a reasonableexpectation for study and exam preparationwould be around 200 hours. For the MScdegree, there is a minimum registrationperiod of two years and a maximumregistration period of ve years. Formost students, a reasonable expectationfor completion of the programme inthe minimum period would be to studyapproximately 25 hours per week duringthe academic session (September–April).

We return to this question of timing whenwe consider the pacing of your studies in‘Planning your studies’.

How is the programmeassessed?All core and optional modules on theprogramme are assessed by unseen written

examinations in May. The project for theMSc degree is assessed separately. Allassessment is conducted by Examiners andmarkers appointed by the ISG.

More information on assessment ofexaminations and the project is provided inthe chapter ‘Assessment’.



How is the programmeevaluated?The Information Security programmesoffered through the University of LondonInternational Programmes mirrors theversion of the programme delivered atRoyal Holloway. The basic structure was

widely discussed with more than 30institutions, including UK governmentdepartments, large IT companies andmany nancial organisations. This exercisehas ensured that the overall structure ofthe programme remains stable.

To ensure that the programme iscompletely up-to-date, most of themodules involve signicant input fromrecognised security experts from industry.Furthermore, all of the academic staffhave links with external organisations thatare involved with Information Security.Curriculum development is furtherenhanced by input from senior InformationSecurity professionals, within bothindustry and academia.

We work hard to monitor constantly theeffectiveness of the distance learning

MSc degree. We will be using a numberof evaluation methods to obtain feedbackfrom you about your experience on theprogramme and would greatly appreciateyour assistance in these exercises.

Joining the Royal HollowayInformation Security community

There are a number of ways in which youcan further enhance your involvement withthe Royal Holloway Information Securitycommunity, both during and after yourcourse.

Coming to Royal HollowayIf you are coming to London then youare most welcome to visit the ISG. Youcan make an appointment to meet someof the programme organisers to discussyour progress. Note that it is not alwayspossible to meet your module or seminar

tutors, since many of them are not basedat Royal Holloway itself, but it shouldbe possible to meet a number of themembers of the ISG.

Visits to your country andreceptions

From time to time representatives of theISG may visit your country. In the futurewe plan to organise receptions in selectedvenues (which may include Royal Hollowayitself) which will give you the opportunityto meet other distance learning students,members of staff and alumni. No academicrole will be attached to these meetingsand so you will not be disadvantaged if youcannot attend, or if no such receptions areplanned in your country. Please look outfor announcements of any such events.

Summer School weekend

Although not part of the ofcialprogramme, the weekend SummerSchool in Information Security, held duringSeptember at Royal Holloway, is open toall students to attend. Information aboutthe Summer School will appear on the VLEduring the academic session.

It is a valuable opportunity to meet staff,other students and alumni, and makecontacts with many speakers from theindustry.



Graduation ceremonies

Graduates of the MSc degree willbe eligible to attend the presentationceremony held early each year in Londonor at one of several other ceremonies heldby the University of London elsewhere.Alternatively, they can choose to wait and

graduate in July at Royal Holloway withtheir fellow campus Information Securitygraduates. Further information aboutthe London presentation ceremony canbe found in the General section of thishandbook .

After you graduate

It may seem a long way off now, but whenyou complete your degree programme youwill become an alumnus of the ISG. Wehave an active and growing body of alumniemployed in the Information Securityprofessions throughout the world. Pleaselook out for announcements about howto keep in touch with the Royal HollowayInformation Security community aftergraduation.

Research degrees at RoyalHollowayIf you have enjoyed the MSc degreeprogramme and have been successful, youmay feel that you would like to take thenext step and go on to conduct research inInformation Security. Royal Holloway offershigher research degrees in the form of anMPhil or PhD. Unfortunately you cannotstudy either of these degrees by distancelearning, although you can study for thempart time.

A research degree such as a PhD involvesoriginal research under expert supervision.This research results in a thesis, whichshould be an independent contributionto knowledge. It involves a great deal ofindependent research work in an area thatis of particular interest to you. This typicallyinvolves three years full-time work.

Research degrees require commitmentand would normally require at least adistinction on the MSc programme.If you would like more details aboutconducting a research degree with theISG then you should contact the Directorof Graduate Studies via the ISG website(www.isg.rhul.ac.uk). You can also obtainapplication forms for Royal Holloway’s

PhD programme directly from the RoyalHolloway website:

www.rhul.ac.uk



In this chapter we clarify how to obtainassistance with administrative or technicalmatters. We include under these broadheadings any matters that do not directlyconcern Information Security or relatedcontent, and so information is given hereon how to get assistance with personalproblems that are affecting your progressthrough the programme.

Do not use these support facilities for anyqueries that require detailed knowledgeabout the content of individual modulesthat you have already registered for.

Administrative supportThere will be times when you havea question or a problem relating to

administrative matters. Please note thatsome administrative queries are dealtwith by Royal Holloway and others aredealt with by the University of LondonInternational Programmes. The separationis as follows:

• Programme-specic administrativequeries relating to your studies on theInformation Security programme, suchas the selection of modules, allocation

of tutors, problems with studymaterials, etc., should be addressed toRoyal Holloway.

• General administrative queriesconcerning issues such as examinationentry, module registration or feesshould be addressed to the Universityof London International Programmes.

Administrative and technicaluser support



Support at Royal Holloway

The VLE has a message facility by whichyou can submit general administrativequeries relating to your studies on theInformation Security programme. Yourmessages will be condential. Such queriesmight concern dates for online seminars or

examinations, personal problems affectingyour studies (such as language difculties),nancial or social problems, advice onfurther modules of study, etc.

Do not forget to mention the programmethat you are studying, and your contactdetails when posting an administrativequery on the VLE.

We will aim to answer your query withinve working days.

If you are having trouble logging in oraccessing the VLE, then you can contactthe support ofce. The ofce is openduring term time, Monday–Friday 0900–1700 GMT, except during UK holidays.

Support at the University of LondonInternational Programmes

The staff at the University of LondonInternational Programmes will answerany questions you have about fees,examination entry, registration, changes ofaddress, despatch of materials and otheradministrative procedures.

Again, don’t forget to mention theprogramme that you are studying, andyour contact details, when contactingthe University of London InternationalProgrammes (see page G.3 of the General

section).

Technical user supportIf you are having trouble with technicalissues, such as accessing any of the studymaterials or discussion areas, then youcan use the message facility in the VLEto get user support. Please check rst tosee if other students have had the same

problem.Please note that the user supportservice is not there to teach you howto use and set up your computer, howto use any necessary software, or totroubleshoot any faults with yourcomputer or Internet Service Provider.

Before you contact user support, pleasemake sure that you have met therecommended PC hardware and softwarerequirements.

The Support Ofce at RoyalHolloway

Programme Administrator for DistanceLearning MSc,Information Security Group,Royal Holloway, University of LondonEgham Hill, Egham,Surrey TW20 0EXTel: +44 (0)1784 414340Fax: +44 (0)1784 430766Skype: Infosec.deEmail: ISDL–[email protected]:infosec.le

Colin Walter, IS Director of DistanceLearning, Information Security GroupRoyal Holloway, University of London

Egham Hill, Egham, Surrey TW20 0EX

Tel: +44 (0)1784 443089Fax: +44 (0)1784 430766Email: ISDL–[email protected]



There are many ways in which onlinedistance learning is different fromtraditional classroom-based teaching, andit is important that you understand how itwill work.

Presumably you have already anticipatedsome of the advantages of distance

learning, otherwise you would not havejoined this programme! However, we willidentify a number of the more commonlymentioned ones, just to make sure thatyou are aware of them.

There are also some disadvantagesto distance learning in comparison toattending a campus-based programme,and we will also identify some of these.Having an awareness of these will help

you to study more effectively. Mostimportantly, we will indicate where in thishandbook you can get more informationabout how this programme has beendesigned to help you overcome thesepotential difculties.

The advantages of anonline distance learningprogrammeWhatever your reasons are for choosingdistance learning, the following advantagesof participating in an online distancelearning programme will apply:

• Convenience

The primary advantage of distance learningis that it allows you to study from thelocation of your choice. You do not need toleave your home, your family or possibly

your country in order to complete theprogramme. Distance learning allows youto plan your studies around your other lifecommitments.

About online distance learning



• Pace

You can study in your own time, atyour own pace. Although there will besome timetables and deadlines in place(for example, for online seminars andexaminations), in general you can planexactly when you want to read the study

materials and conduct the necessaryfurther reading.

• Access to materials

Study materials are always available. If youattend a programme at Royal Hollowayand you miss a lecture, you may struggleto catch up or obtain a copy of the lecturenotes. With an online programme you canaccess the materials over and over again.

• Con denceFor many students, the process ofonline distance learning helps to developcondence. Studies have also shownthat students who may be shy aboutoffering opinions in a traditional classroomoften feel less reticent about expressingthemselves in an online discussion.

• Monitor your progress easily

The study materials have been designedin order to provide you with frequentopportunities to gauge what you havelearned and what you haven’t. Manystudy units include elements of self-assessment which help you to monitoryour understanding of the issues underdiscussion.

• Suits different types of learner

The programme has been designed togive you the opportunity to learn aboutInformation Security in a variety of differentways. Study materials use a combination

of text and audio with some interactiveactivities. Online seminars and discussionareas provide you with the chance todiscuss the content of the programmewith fellow students and tutors. We hopethat the use of different techniques meansthat people with different learning stylescan all learn about Information Security inthe way that most suits them.

• Learning from your peers

One particular advantage of onlinelearning is that it encourages you totake the opportunity to learn from yourfellow students all around the world.These discussions can take place in openenvironments where they can remain forthe duration of each programme, so that

you can always refer back to them forideas and inspiration.

The disadvantages of anonline distance learningprogrammeThere are also some difculties associatedwith distance learning and it would beunwise to underestimate their potentialimpact. By making them clear to you now,we hope that you will be able to recognisethem and consider which ones mayaffect you. One of the purposes of thishandbook is to provide you with advice onhow to overcome some of these potentialdifculties.

Technology

One of the most obvious challengesfor online learners is technology. Due

to the nature of this programme, mostof you are probably fairly familiar withusing information technology. However,technology does not just cause problems





While on campus, students may studya module over a single term, or over aconcentrated period of time (normallyone week). Full details relating to themodules available for on-campus studyand the method of application for mixed-mode study can be obtained from theProgramme Director or from the web:

www.isg.rhul.ac.uk.

Differences between thecampus and distancelearning programmeWe are continuing to offer the MScdegree in Information Security as a taughtprogramme on campus at Royal Holloway.We regard the distance learning MSc

degree programme that you have enrolledfor simply as a different way of teachingthe same degree.

Is the quality of teaching the same?

Some of you may also be concerned aboutwhether you will receive the same qualityof teaching as students studying at theRoyal Holloway campus. We believe verystrongly that you do and, in fact, in somerespects you gain signicant advantagesby studying in this format (see ‘Theadvantages of an online distance learningprogramme’).

We develop the campus and distancelearning programmes together, and keeptheir syllabuses as closely matched aspossible. Royal Holloway and the Universityof London subject all programmes torigorous quality assessment to ensure that

the same academic and teaching standardsare met and maintained, both for studentsstudying at Royal Holloway and thosestudying at a distance.

Distance learning teaching materials willbe updated annually to preserve the matchwith those on campus. The policy of theISG has always been that content willbe updated for sound academic reasons,rather than for purely presentationalones, a principle which is supported byour institutional partners in the securityindustry.

Is the MSc degree quali cation thesame?

It is the same syllabus, the same degree,taught by the ISG at Royal Holloway. Theonly difference is delivery. Yes, in ouropinion, it is exactly the same.

Upon successful completion, you areawarded a University of London degree.There is only one University of Londondegree, and it is awarded both tostudents attending Royal Holloway and toInternational Programmes students.

The nal diploma indicates that thestudent was registered with the Universityof London and awarded a University ofLondon degree. It also gives the nameof the College which conducted the

examinations. There is no reference to thefact that you studied as an InternationalProgrammes student.



Planning your studies

This chapter provides a detailed descriptionof the structure of the MSc degree inInformation Security, and how to progressthrough the degree programme. We alsoinclude a guide featuring general tips onhow to go about planning your studies.

The programme structureThe MSc in Information Security isstructured around a series of core andoptional modules. They are listed in Table3.1 below.

The core modules are compulsory forall students intending to complete theprogramme for the Postgraduate Diplomaor MSc degree awards. In addition tocompleting the four core modules,

students should complete two optionalmodules (referred to later as your ‘options’)and, for the MSc degree, a project.

The academic session for all modules runsfrom the beginning of October to the endof April, and all modules are assessed byunseen written examinations in May.

Pacing your studiesDuring your earlier phases of education

and in your working life you will haveacquired your own specic styles andmethods of studying. The distance learningformat provides a high degree of exibilityas to how you organise your study, and it isup to you to make the decision about howto progress through the programme mosteffectively.

This exibility really has two aspects, asfollows:



Pacing your progress through theprogramme

The rst aspect covers the pace at whichyou take the modules: you can completethe Postgraduate Diploma in one year andthe MSc degree in two years, but moststudents take three or four years. Table 3.2

(opposite) indicates the suggested routesthrough the elements of the programmefor each of these timescales.

The modules of the programme should takeabout 200 hours of study each, and thisgure includes additional reading, onlineseminars and examination preparation. Theproject is considered to be equivalent totwo modules, so the entire MSc degreerequires around 1,600 hours of study.

To give you an indication of how thistranslates into weekly study hours,we have proposed the following roughestimates of required study time. These arebased on the assumption that most of youwill choose to have a break outside the 35-week academic and examination sessionbetween September and May.

• At a fast pace you should expect to do

about 900 hours of study each year, orabout 25 hours per week for two years.

• At a standard pace you should expectto do an average of about 15–20 hoursper week for three years.

• At a moderate pace you should expectto do an average of about 10–15 hoursper week for four years.

Both the standard and moderate paceshave the advantage of completing themodule examinations before progressingto the project stage. For this reason, youshould be aware that the fast pace is reallyonly recommended for those students

who can either work on their project inthe workplace, or have sufcient exibilityto prepare for the options examination atthe same time as completing their projectdissertation.

Almost all the options modules run everyyear, but occasionally some may not. We

will, however, endeavour to give you asmuch notice as possible.

Pacing your modules

The second aspect of the exibility that thedistance learning format offers concernsthe pace at which you work through thematerials within a particular module. Youshould be able to t your studies aroundwork and family commitments, but youmust also make sure that you organiseyour studies within the constraints of theoverall schedule of online seminars andexaminations.

A module will normally feature two orthree online seminars within the academicsession and it is important that youare prepared both to contribute to, andbenet from, these online seminars. Youshould be aware of any requirements

to have studied particular units of themodule before participation in a seminaractivity. Information about seminarswill be publicised on the Programmenoticeboard in the VLE. Look out forannouncements concerning dates,topics and requirements for onlineseminars after registration for aparticular module.

Table 3.3 (opposite) gives a rough indicationof the possible timing of support activitieswithin the modules in any academicsession. Note that exact scheduling issubject to change.



Table 3.1

Core modules

IYM001 IYM002 IYM003 IYM004

Security management An introduction to

cryptography and security

mechanisms

Network security Computer security

Optional modules

IYM005 IYM007 IYM008 IYM009 IYM010 IYM012 IYM015

Secureelectroniccommerceand other

applications

Standards

and evaluation

criteria

Advanced

cryptography

Database

security

Information

crime

Smart cards/

tokens security

and applications

Digital forensics

Table 3.2

2 years 3 years 4 years

First year 4 core modules 3 core modules 2 core modules

Second year 2 options & project 1 core & 2 options 2 core modulesThird year Project 2 options

Fourth year Project

Descriptor fast standard moderate

Table 3.3

IC1 IC2 IC3 IC4 OPTx OPTy Project

July Select Select Area of interest

September Register

Induction

October

to

March

Seminar Seminar Outline

Seminar Seminar

Seminar Seminar

Seminar

Seminar Seminar

Seminar Progress report

Seminar Seminar

Seminar Seminar

Seminar Seminar Submit

April Revision

Support Support Support Support Support Support

May Examinations



Completion of your study of the moduleunits by the end of March will enableyou to plan a revision schedule for theexaminations. A certain amount of onlinesupport for examination preparation willbe available in the period leading up to theexaminations.

Look out for announcements in the VLEconcerning details of examination support.It is important that you make the best useof this opportunity. Just like the onlineseminars, it will need some preparation onyour part.

Rules of progressionYou are normally expected to completethe core modules before progressing to

the optional modules. However, if youare proceeding at a standard pace thenonly three of the four modules will becompleted before you proceed to thefourth core module and your two optionalmodules.

If you are proceeding at a standard pacethen we recommend that you studythe modules Security Management ,Introduction to Cryptography and

Security Mechanisms and NetworkSecurity in your rst year.

If you are proceeding at a moderate pacethen we recommend that you study themodules Security Management andIntroduction to Cryptography and Security Mechanisms in your rst year.

The Programme Specication andRegulations (PSR) states that you must

pass the Core element by achieving anaverage of 50 per cent or more beforeproceeding to the project. Note that if youare proceeding at a fast or standard pace

then failure to achieve an overall pass in theCore element could delay your progressionto the following year of the programme.

Reporting breaks of study

If you are going to discontinue studyingfor a time, you should inform the Collegesupport ofce of the intended period

of discontinuation and of any particularproblems (e.g. concerning health).Permission to submit any reports ordissertations late will be given only underexceptional circumstances (and in cases ofillness, you will need to produce a doctor’scerticate). Do not wait until the deadlinesbefore letting us know if there has been aproblem.

How to study the programmesIn this section you will nd some usefuladvice about how to study effectively onthis online distance learning programme.You can nd more comprehensive advice inThe Sciences Good Study Guide , includedas part of your study pack.

A number of studies on distance learninghave shown that students who are well-motivated and organised are normally themost successful. If you follow the tipsbelow, you should be able to organise yourtime and stay motivated.

Making sure you know what isexpected of you

Please take great care to make sure thatyou are aware of what is expected of youthroughout your studies. As a distancelearning student you need to be particularly

responsible for taking this initiative –nobody is going to stand up in front ofthe class and remind you of an importantregulation or announcement. You should:



• Make sure that you have read andunderstood this handbook from coverto cover before you start your studies.

• Make sure that you have read andunderstood the PSR. By doing so youshould avoid a number of unnecessaryadministrative or technical problems,

which can take time and effort toresolve and may distract you from yourstudy.

• Make sure that you read the instructionsfor each module very carefully. Pay closeattention to the learning objectives ofeach unit and try to complete as manyof the exercises and tasks as you can.

• Pay close attention to announcements.Make sure that you regularly check anydiscussion areas where informationrelating to modules that you arestudying, or the programme in general,are posted.

Setting study targets

Staying motivated is one of the challengesof distance learning. Some of you mayhave no problems doing so, but for othersit might be a good idea to set yourself

study targets. You must set your studytargets carefully or they may have quitethe opposite effect to what you intend.You will need to work out what works bestfor you, but some suggestions for settingsensible study targets are as follows:

• Be speci c – for example, I will studyfrom 1800 to 2000 every day (ratherthan I will study 14 hours a week).

• Make them measurable – forexample, I will complete one unit, orI will attempt ve exercises, or I willread three chapters of a book, etc.

• Be realistic – you should make yourtargets challenging, but they shouldalso be achievable targets that youknow you can meet: for example, I willcheck the discussion board three timesa week (not ve times a day).

• Set deadlines – for example, I will

nish this essay by Saturday.• Allow some slack in your schedule

– days are always lost due tounexpected events.

Finding a time to study

The exible structure of the programmelets you study at your own pace andrhythm. Although this offers you a lotof freedom, you may nd that you work

most effectively if you develop a personalstudy schedule that allows you to proceedthrough the programme in a way that tswell with your other daily activities andcommitments (at work and at home).

Though it may seem rigid, establishing aweekly calendar to guide you through theprogramme and help you use your timeefciently may prove very helpful. Thiswill provide you with an idea of what you

want to cover in a given period of time.You may want to vary your work patternfrom time to time, and to make changes tothe activities that you conduct in order toreduce the effects and strains of tirednessthat can result from long sessions in frontof a computer or reading.

Remember to pay attention to periodsof time when online seminars or onlinesupport sessions may be running. It maybe important that you have reached certainparts of a module at a particular time inorder to benet most from these activities.



Allow plenty of slack in your schedule.There will be days when you don’t feel likeworking, or when unexpected work or familycommitments impose on your time. Theremay also be occasions when you experiencecomputing or network problems. By avoiding‘last minute’ scheduling you should be ableto cope with such eventualities.

Be sure to allocate enough time for study,and let your friends and family know thatyou need a regular period of concentratedwork. However do make sure that you stillhave time for family, friends and recreation.

Finding a place to study

Many students nd that their place of studycan be as important as their timetable.

Everybody is different when it comes tohow and where they study. Some peoplecan study with background music on whileothers prefer silence; some people canread on a train while others need to be in alibrary. The important thing is that you nda place where you can study without beingdistracted.

Once you have decided where you aregoing to study, make sure that other

people (such as your friends, colleagues orfamily) know that you will be studying thereand that you prefer not to be disturbed fora specied time. It can be a good idea todiscuss this practical aspect of studyingwith the people around you (at work or athome) before your needs are perceived bythem as a problem.

Remember that although many of theactivities on an online programme need totake place in front of a computer, there arealso many study activities that can be (andoften are best) done elsewhere. Reading

printed notes and background texts, writingexercises, and conducting projects, can allbe done away from a computer. If you aregoing to study away from your home orworkplace then remember to take all thematerials and texts that you will need tocomplete the study session.

Although routine can provide a great dealof support to your studies, if you are havingdifculties you may nd that the stimulus ofa different location can trigger new ideas. Ofcourse, it might not be possible to do thiswhere your computer work is concerned,but for reading you might nd that a visitto a library can create a sense of academicinvolvement, or that reading in a differentroom in the house can relax you and assist

your concentration.

Getting involved

Another extremely important way ofstaying motivated is to get involved withother people. While some people arehappy studying on their own, most peoplethrive on social contact, and there is nodoubt that the quality of your learning onthis programme will be greatly enhanced

by your engagement with other peopleworking in Information Security, no matterat what level.

The most important way in whichyou can communicate with otherInformation Security people is to getinvolved in the online activities onthe programme . Make sure that youparticipate in online seminars, follow thediscussion areas, set up study groups,

make contact with other students andshare your experiences.

While not an option for many of you, someof you may be fortunate enough to be able



to pursue other social learning activities,even if on an occasional basis:

• If you discover that some of the otherstudents on the MSc degree live closeto you geographically, then you mightwant to consider arranging informal face-to-face meetings from time to time, to

discuss aspects of the programme.• If you are currently employed (or were

previously employed) in the InformationSecurity industry, then you may wantto discuss issues arising from yourstudy with your colleagues. Seeing howtopics covered in the programme haverelevance to workplaces can be highlymotivating.

• If you are currently employed, but notin the Information Security industry,then it may still be a useful exercise totry to apply the knowledge that you areobtaining from your studies to your placeof work, and to discuss with colleaguessome of the implications of issues thatyou feel might be of relevance to them.

• If you have plans to visit London at somestage of your studies, then you might

want to consider paying a visit to theRoyal Holloway campus and talking topeople in the ISG.

Developing a exible study strategy

An advantage of any distance learningprogramme is that it allows you to adopt arange of different study strategies. Someexamples:

• You have almost certainly started

this programme with an amount ofknowledge about some aspects ofInformation Security. When starting amodule it is a useful practice to skim

through the online material to get asense of what is familiar to you andwhat each topic is about. You maythen return to the beginning and workthrough the topics in the suggestedorder. However, by getting a feeling forwhat the module covers, you may beable to plan your studies to spend lesstime on subjects that you are condentthat you know about and take longer towork through topics that are new andchallenging.

• Studying is an iterative process: you willnd that the material contains plentyof cross-references between differenttopics, exercises and further reading.You may choose to read through the

basic study materials and then returnto conduct these extra activities, oryou may choose to conduct many ofthese extra activities as you go along.You may nd that a useful strategy is toread through a topic once, then conductexercises and further reading, and thenreturn to the study materials in the lightof your more developed understandingof the issues concerned.

• With most modules it is a good ideato start with the rst unit and thenwork through all topics in numericalorder. Most of the modules have beenwritten so that each topic builds onthe knowledge and skills taught in theprevious ones. However, you may ndthat with some modules you can dipin and out, depending on your ownpreferences and existing knowledge.Each module introduction will adviseon how best to approach the materialsinvolved.



• Another good strategy while studying isto take written notes and to summariseyour reading. This will help you recallquickly the main points of material thatyou have already processed, and willprove useful for revision. Organise yourwork and notes (written or electronic)into les so that you can easilynd them and use them whenevernecessary. If you are primarily workingelectronically then practise what youare studying and make sure that youback up all important information!

Adapting to different teaching styles

You may notice that different modules,and even different topics within onemodule, present the study materials indifferent ways. Many different writersand presenters have contributed to thisprogramme (as many different lecturersteach on the campus version of the degree)and they all have specic views of theirsubject and how it should be taught.

We have tried to give the study materialsa consistent look and feel, but we havedeliberately allowed some of the personal

styles of the writers and presenters toremain. As in face-to-face teaching, youwill need to allow yourself some time toadapt to these variations in style and tothe techniques used by different writersto guide you through the materials. Forexample, in some modules you will ndthat you are asked to do a lot of task-basedlearning, whereas in others you may bedoing more reading.

Your tutors will also have different methodsof running their online seminars – insome cases you will do a straightforwarddiscussion of themes from your readings;

in others you may be asked to present aparticular argument or a piece of writingthat you have done.

Dealing with overlap andinconsistency

You will nd that the content of manyof the modules will overlap in some

areas. This is both inevitable (since it isimpossible to completely separate outtopics relating to Information Security)and desirable. It is extremely useful tohear people address the same topic fromdifferent perspectives, as this enhancesyour understanding and also assists you byproviding valuable context.

You may also discover that different writersor presenters may make comments abouttopics that are inconsistent. There arethree situations in which this may occur:

• The most likely situation is that theissue under discussion is a subjectiveone, and the two presenters havediffering views. One of the mostimportant things that you will learn onthis programme is that InformationSecurity is as much an art as it is a

science. In many situations there isno single correct approach, and it is alearning objective of this programmethat you recognise in which situationsdifferent opinions can arise, so that youcan develop the skills to make your owninformed judgement about the issuesconcerned.

• The two comments were made withindifferent contexts or under different

assumptions. If a point of confusionarises as a result of this, then wewould like to hear from you so that wecan address it.



• One of the comments is factuallyincorrect. This is most likely to occurwhen one presenter is making apassing remark about an issue slightlyoff the main topic of the current unit.We have tried to eliminate any suchinconsistencies, but would greatlyappreciate hearing from you if thereare any errors in the study material.

Further reading

It is very important that you read aswidely as you can in order to broadenyour perspectives and enhance yourunderstanding of issues arising fromthe study material. The subjectivityand complexity of Information Securityrequires that you expose yourself to asmany different opinions and approaches asyou have the time to explore.

Some modules incorporate further readingthat you either must, or are stronglyadvised to, read. You should conductthese readings as advised on the moduleconcerned.

All modules will list a number of usefulresource texts that you are recommended

to explore at your leisure. Reading thesetexts will be helpful, but it may be difcultfor you to read all of these extensivelywithin a tight timetable. The best adviceon how to proceed is to apply commonsense. Extra reading will be stimulating,but make sure you don’t lose sight ofwhat is expected. Be selective in yourchoice of reading. Remember that it maynot be necessary to read a textbook from

cover to cover – it may sufce that youread chapters dealing with topics that youparticularly wish to learn more about.

Accessing further reading texts may alsobe difcult. Some of you may have accessto a library, although it may not contain allthe books on the book lists. In this caseyour only option may be to purchase someof the texts in question. If you are on atight budget then you may want to beselective about which books to buy. Hereare some suggestions on book purchasing:

• Pay close attention to the advice givenon a particular module regarding theappropriateness of a text.

• Consider your own personal interestswhen you decide to purchase a text.

• Particularly consider purchasing a textthat is likely to be useful on more thanone of your programme modules.

• Read book reviews and consult otherstudents and tutors on the programmeregarding particular books.

• Consider sharing books with otherstudents who live geographically closeto you.

Remember that while purchasing bookscan appear to be quite expensive, it isa useful investment. Some books mayprove useful to you in your professionalcareer beyond the end of the programme.Careful purchasing of relevant texts is avery small percentage of the overall costof doing your degree, and an even smallerpercentage of the salary of a job that youobtain after graduation.

Using the internet

Information Security is a rapidly evolving

subject and there is absolutely no doubtthat the most important supplementaryresource tool that you will need on thisprogramme is access to the internet.



The very nature of Information Securityas an IT discipline means that almost allrelevant organisations have extremelygood websites and that almost allsignicant topics and technologies areextensively referenced on the internet.Conducting sensible searches forInformation Security topics is likely to leadto very productive lists of resources, andindeed in many cases almost ‘too many’hits.

However, it cannot be overstated thatyou really must take care to evaluateany information that you obtain over theinternet, as the very nature of InformationSecurity also lends itself to a huge amountof unreliable and erroneous information.

You must learn to be selective and useyour judgement in processing informationobtained in this way. Much of this iscommon sense, but here are a numberof tips on how to use internet resourceswisely:

• Trust the information you obtain asmuch as you trust the source writeror organisation. If you have no otherknowledge about the source then yousimply must treat the quality of theinformation with caution.

• Internet sites recommended in moduleresource sites or by module tutors aremore likely to have been checked forquality of content. The same will applyto sites recommended by reliableweb portals or resource sites ofrespectable organisations.

• Internet sites recommended byfellow students will be as reliable asthe student who has recommendedthem. You may quickly discover on

the programme which students youparticularly trust for such information.

• Never rely on just one internet sitefor information. Read as much asyou can about a subject, and baseyour condence in information onthe amount of consensus that you

nd from different sources withindifferent sectors. Note that a fact beingexpressed repeatedly on different sitesdoes not make it true – misinformationspreads like wildre on the internet.It is very common, especially withnew topics, for internet sites to obtaininformation from one another. Withcareful reading you should be able tonotice this happening and take it into

account.• Where possible, always try to

corroborate information obtainedfrom the internet by obtaining itadditionally from a more traditionalsource, such as books, or publishedjournals or articles. While these arenot necessarily awless themselves,in most cases they will have beenreviewed more carefully than aninternet site. The same may apply tosome ‘white papers’ that are availablefor download on the internet, althoughagain you must pay close attention tothe reputation of the source.

If you need further advice on how tosearch the internet intelligently and howto decide what to trust, there are guidesavailable, for example at:

www.vts.rdn.ac.uk



The programme tools and materials

The purpose of this chapter is to introduceyou to the various tools and materials thatwe are providing you with in order to studythe programme. We will explain what youshould have received from us in your studypack, the basic features of the VLE andthe structure and format of the computer-based study materials.

What to expect and whenThis section is intended to explain thepurpose of the various materials you havebeen sent and how to get the most out ofthem.

Please make sure that you havereceived these materials and that youtake the time to examine their contents.

Handbook The handbook that you are now readinggives practical advice on how to study,how to solve problems which might ariseand where to go for certain types of adviceand help. You will also nd informationrelated to how you access and use theonline learning facility and how youprogress through the degree.

The PSR contains the rules by whichthe degree is run. You should read thisdocument carefully.

Project Guide (MSc degree only)

This is an excellent handbook to guideyou through the Project stage of theprogramme. You will be sent this guidewhen you complete your core studies. Itcan also be downloaded from the Projectarea within the VLE.

The Sciences Good Study Guide

We have provided each student with acopy of The Sciences Good Study Guide (SGSG). This guide is specially designed byOpen University staff for students studyingon distance learning programmes andgives very valuable pointers to studying

on your own and getting the most fromyour programme. It is especially usefulfor people who have been away fromformal study for some time or who arenot familiar with the British system ofacademic education. You can use it as anintroductory workbook or as a referencewhenever you want to rene your learningtechniques. It will help you develop studystrategies which suit your needs.

We strongly recommend that you havea look through the SGSG and familiariseyourself with its contents so that youknow what it contains and can go back toit when the occasion arises. You may ndthat many of the areas covered are notnew to you, but you may look up specictopics such as taking notes, writingassignments or preparing for exams.

The SGSG has a lot of useful tips forsuccessful study – use it.

Textbooks

If you have registered for any modulesthat involve compulsory reading, then therelevant textbooks will have been includedin your study pack. Please read theintroduction to any modules that you haveregistered for in order to make sure thatyou have received the correct textbooks.



CD-ROMs

You should have received CD-ROMscontaining the study material for themodules that you have registered for. Thiswill allow you to study without connectingto the internet.

Password and username

This enables you to log in to theprogramme website. Please keep arecord of this information in a safe place.

If you forget your username and/orpassword, please contact the support ofceat Royal Holloway.

The Virtual LearningEnvironmentThe Virtual Learning Environment (VLE) islike a virtual classroom that the Universityuses to deliver the content of the MScprogramme via the internet. It haseverything you need to study and to helpyou manage your learning.

The VLE will allow you to:

• access your course materials

• take part in discussions with your tutorand other students

• receive notices, seminar dates, projectsupport and other programme-relatedinformation

• ask questions regarding theadministration of the programme

• seek help for technical problems thatyou encounter.

There is a range of other tools available to

you within the VLE, such as a calendar anda place to add your own personal prole.

In order to work online you should notnormally need to install any software – you

just need to connect to the website viathe internet. In order to work ofine yousimply use the CD-ROM.

The VLE user guide explains how to getstarted using the VLE and how to exploreits functionality. This guide can be found onthe Portal homepage:

http://my.londoninternational.ac.uk

Structure of the studymaterialsIn the PSR, the MSc degree is described ashaving three elements. They are the Core element, the Options element and theProject element: the Postgraduate Diplomaconsists of the Core element and the

Options element. These elements form thebasis of the criteria used by the Board ofExaminers when recommending studentsfor the award. So your performance interms of these elements is critical, and youshould refer to the PSR for precise details.

Modules

The Information Security programme ismade up of a number of modules. There arefour modules comprising the Core element,which are compulsory, and a number ofoptional modules, with a choice of two ofthese comprising the Options element.

Each module is a collection of relatedcontent, so they come in different forms.This is reected in the style of the content:some are more technical, others are morediscursive. Some are more theoretical,others are more based on case studies

or applications. The programme structureand the assessment criteria have beencarefully designed to ensure you study anappropriate range of modules and acquire a



broad range of skills.

Modules have a number of commonproperties, relating to their delivery modeand how they are assessed. On campus, amodule would involve 33 hours of lectures,delivered over an 11 week semester.On this distance learning programme,

a module will be available online fromSeptember to May over a period of 35weeks and have its own online seminaractivities. For both campus and distancelearning students, modules are examinedat the same time, towards the end of May.

It is important to understand the structureof a module. The diagram below indicateshow modules are structured, and thefollowing sections describe each of the

components of a module.

Unit

Each of the modules on the programmeis divided into a number of units. Thematerial presented within a unit roughlycorresponds to the amount of material thatis presented to students on the campusversion of the degree in three hours oflectures. Since campus modules tend to

have around 33 hours of lectures, thismeans that every distance learning modulehas approximately 11 units.

Although the material presented in oneunit is roughly the equivalent of a threehour lecture, this does not mean that youare only expected to spend three hours oneach unit! There are two reasons for this:

• Studying distance learning material is aquite different experience to sitting in alecture (in fact, it can be a much morerewarding one). The time you spendstudying a unit will very much depend

on how closely you engage with thematerial. Take your time, and develop asystem that works best for you.

• Each distance learning unit containsmuch more than just the contentsof the lecture. It also contains tasks,exercises and opportunities for further

reading. These are all activities thatcampus students tend to performoutside the three-hour lecture.You should therefore plan to spendconsiderably more than three hoursstudying each unit. Don’t forget thatyou will also need time to prepare forthe examination.

On some modules you will see that a unithas been given a weight . This is because

we have chosen to base distance learningunits around specic topics within thatmodule. Thus, when the material on aspecic topic does not contain sufcientmaterial for it to merit the status of a fullunit (weight 1.0), we have made it a halfunit (weight 0.5). On some modules youwill nd units of weight 1.5 or 2.0. Whenyou are planning your study programmeyou should note carefully the weightassigned to a given unit and allocate studytime to that unit accordingly.

There are two types of unit on thisprogramme:

• A normal unit is a unit that is basedprimarily on text.

• An audio unit is a presentation(typically in PowerPoint) accompaniedby an audio commentary. We havemost commonly used audio unitswhen the campus presentation is bya speaker external to Royal Hollowaywho is recognised as an outstanding


http://slidepdf.com/reader/full/info-security-handbook-2012-13-gen 34/68 • Information security handbook • 2012–20130

expert in his or her eld.

Section

Most units are broken into sections. Thesesections represent self-contained topicsthat are discussed within a unit. There aretypically between three and 10 sections inany unit. The length of each section may

vary and you are not necessarily expectedto spend equal amounts of time on eachsection – they exist solely to enhance thestructure of the study material.

What does a modulecontain?A module is effectively a package thatconsists of a number of components.Most modules feature the following:

W elcome unit

An introductory unit that explains how themodule is structured and provides specialinstructions that you need to be awareof before commencing your study of themodule.

Module units

The main part of the content is provided

by a set of around 10 units, either normalunits or audio units.

Supporting units

Some modules feature special supportingunits with supplementary informationthat some of you might need in order tounderstand parts of the module content.

For example, the Introduction toCryptography and Security Mechanisms module includes a Mathematics unit thatprovides basic notation and an explanationof some mathematical ideas that arerequired for several of the units in thatmodule.

Online seminars

These are tutor-led discussions that are

held at specic times during the time thatyou are registered for a module. Theseseminars are not assessed. However,familiarity with the content of seminarsmay be required for the examination.

Module discussion area

MSc/DiplomaInformation Security

(Core) module (Core) module (Core) module

Unit Unit UnitUnitUnitUnit

Section SectionSectionSectionSectionSectionSectionSection



This is a discussion area that is dedicatedto the module and is made available to allstudents registered for that module.

What does a normal unitcontain?In this section we discuss the content ofnormal units. Audio units are discussed ina later section.

A normal unit consists primarily of screensof text. Many people nd reading froma screen very difcult and so it might beargued that text is best presented in theform of a document that can be printed offand studied like a book. However, a normalunit is more than just text, and there are atleast two ways in which it is a much richer

experience than reading printed matter:• Text is presented in a number

of different formats that providemore variety and encourage closerengagement with the material thanthe rather passive activity of readingprinted words.

• Text is supported by audio, interactiveimages, links and tasks.

Note that it is possible to print off themajority of text and study in a moreconventional way. There are somelimitations to this approach: the materialhas been written specically for viewing onscreen, so you will lose some value fromnot engaging with the material on screen.In addition, sections containing audioclips or ash animation have textequivalents that are not available in the

intended format. We recommend youstudy the materials on screen at least oncebefore resorting to text equivalents.

The following is a list of the types ofcomponent that you will nd in a normalunit. Most normal units feature most ofthese components, but you may nd thatin some units not all of these appear.

Unit introduction

The unit introduction sets the unit in

context within the rest of the module.It contains a high-level overview of thecontents of the unit, and may containspecial instructions relevant to your studyof the unit . The unit introduction also liststhe main learning outcomes that you areexpected to achieve as a result of studyingthe unit. The unit introduction features asection menu that lists the titles of thesections and allows you to link directly tothe start of each section.

Section introduction

Each section normally features a sectionintroduction as its rst screen. Thiscontains a short high-level overview of thesection and may contain some preliminaryactivities that you should performbefore starting the section. The sectionintroduction also contains a list of the titles

of the main screens of that section.

Screen

A screen is a basic page of text. In mostcases a screen is dedicated to a veryspecic topic within the section, andthe screen title will indicate what thisis. However, a screen is rather morethan a page in a book, as it may presentinformation in many different ways. We

discuss some of these ways in the nextsection.



Exercise

Exercises are intended to be optionalactivities that you might like to conductto explore further the topics investigatedduring the unit. Exercises often fall intofour different types (although some featureelements of more than one):

• reective exercises, where youare asked to look back at the unitand collate material or summarisearguments

• discursive exercises, where you areasked to consider issues that wereraised during the unit and provide youropinion or thoughts on them

• investigative exercises, where you

are asked to explore further a topicrelating to the unit and seek out moreinformation concerning it

• practical exercises, where you areasked to conduct a particular activity.

You may choose to do these exercisesalone, or in groups. Due to the fact thatmany of these exercises involve openquestions, you may not always nd thatsolutions are provided. See individualmodules for comments on how best toobtain feedback on your results from doingthese exercises.

In some units, exercises are distributedamong the screens of the material, whilein others they are listed at the end ofthe unit. While it may be appropriate toconduct the exercises at the time that youencounter them, in other cases you may

wish to return to them later. The choice isyours.

Task

In contrast to an exercise, a task is anactivity that you are expected to performbefore proceeding with the rest of thematerial. Normally a task species exactlywhat you are expected to do. In manycases it is suggested that you actually

write down the results of your task.You should take as long as you feel isnecessary to complete a task. Pleaseapply common sense to this. Some taskshave very obvious outcomes, and it shouldbe fairly clear how much time is neededto complete them. Other tasks are quiteopen-ended. In the latter case, the maximof ‘the more you put in, the more you takeout’ will normally apply (but, of course,

you will only have a limited amount of timeavailable!).

Some tasks have no answer provided.These tasks are rather similar to exercises,except that by being listed as a task meansthat you are strongly advised to conductthem. Other tasks are accompaniedby prompts that direct you to a screenwhere possible solutions to the task arediscussed. To make the most of this typeof task you should not visit the answerscreen until you have completed thetask.

Summary

The summary screen is an importantscreen that brings to a close thediscussion in the unit and emphasises themain points that you should have takenfrom the material in the unit.



Quiz

Many units have a short quiz associatedwith them, implemented separately.The purpose of a quiz is to allow you toassess how much of the unit you haveunderstood. A quiz normally consistsof up to 10 multiple-choice questions

concerning issues raised by the unit. Thequiz questions are just a tiny sample ofsome of the issues that you should haveunderstood from your study of the unit,and are not an attempt to cover all ofthe main points. After you have selectedyour answers, you will receive automatedfeedback on whether they are correct. Thisfeedback includes a short discussion ofthe various options that you were asked to

choose between.You should not attempt the quiz until youfeel that you are ready to move on to thenext unit. You do not need to attain anyparticular score in the quiz to progress,so do not take your score too seriously.In some cases you might even disputethe answer, or have some arguments asto why other options are possible. Thisis ne, so long as you are condent thatyou can argue your case! However, youshould judge your understanding of theunit on the basis of how easy you foundit to attempt the questions, and on howsatised you were with the argumentsin the automated answer. If you foundanswering the questions very difcultand do not understand the automatedanswers, then maybe you have notmastered the content of the unit.

What does an audio unitcontain?An audio unit is built around a two-to-three hour recording of a live campuspresentation. Although a central studyactivity on an audio unit will be listening tothe presentation, slide by slide, there are

many ways in which you will nd that thisexperience can be even more rewardingthan if you had actually been there:

• An audio unit provides a considerableamount of extra support material thathelps to place the presentation incontext and indicates opportunities forfurther study.

• It can be quite easy to lose track of

the structure of a live presentation – an audio unit imposes structureby breaking the presentation intomeaningful sections.

• Each audio unit contains informationthat helps you to look out for issuesin advance of them being discussedduring the presentation – as thepresentation has already happened,you can benet from hindsight.

• The presentation within each audiounit has been carefully edited tostreamline the information ow andto remove the breaks and delays thatinevitably occur when a presentation isgiven to a large campus audience.

• The greatest benet of all is thatyou can listen to the presentation atyour own pace. You can stop it, play

sections again, take a break, listen to itagain, etc.

You may nd that live presentations arenever quite the same again!



In response to student feedback, we haveincluded the following to support yourstudies of the audio lectures further. Foreach audio unit we will also provide a pdfof the slides used in the lecture, so thatyou can access them more convenientlyofine or for revision purposes. For thesame reasons you will also be providedwith the full audio content of the unit in asingle le on CD.

Audio units include some of the samefeatures as normal units. In particular,they normally include unit introductions,section introductions, exercises and a quiz.There are, however, some features that areunique to audio units.

Meet the speaker

Each audio unit commences with a shortbiography of the main audio presenter.When the presenters are external to RoyalHolloway, we will normally also includesome information about the organisationthat they represented at the time of theirpresentation.

Issues to look out for

The main content of an audio unit is thepresentation. This is divided into sections,just like a normal unit, and each sectioncommences with a guide that includes anumber of issues to look out for. Theseare not intended to be deep, searchingquestions that you will have to work hardto answer. Rather, they are questionsthat the presenter will address during theslides in this section. They are simply listedin order to assist you in extracting some ofthe important lessons from the audio.

Questions from the audience

Perhaps the only disadvantage of notbeing in the live presentation audience isthat you do not have the opportunity topersonally question the presenter. Wherepossible, and relevant, we have includedsome of the best questions (and answers)

from the audience. We will try to provideas many opportunities as possible for youto raise your own questions from thesepresentations, and in some cases we maybe able to direct them to the presentersinvolved (see individual modules for moreinformation about how best to do this).

How is informationpresented within a screen?

We now look briey at some of thedifferent ways in which information ispresented on screen in a normal unit. Wealso introduce some of the basic iconsthat are used to indicate specic actions oractivities.

Note that this list is not intended to beexhaustive, and also that many moduleswill not feature all of these ways ofpresenting information.

Please read the following informationcarefully, as this will assist you inmaking the most of the study materials.

Text reveal box

In a text reveal box you will see a list oftopics in boxes on the left and a large blankbox on the right. By selecting the topic onthe left you will see information relatingto it appear in the box on the right. The

purpose of a text reveal box is to presentrelatively large amounts of information in amore compact and structured way.



Reveal table

In a reveal table you will see a tablewith some missing entries. By followingthe accompanying instructions you willgradually be able to complete the missingtable entries in a sequential way.

Question and answer

A question-and-answer session is indicatedby a mostly blank box featuring one ormore questions. When you select thequestion, the answer will appear in the boxbelow. Questions that are posed in thisway are meant to be questions that youpause and think about before looking atthe answer.

To get the most from these you should

not reveal the answer until you havehad time to think about the question.

Figure

A ‘gure’ is a diagram. Figures arepresented in many different ways ondifferent units of the programme. Somegures are static, some gures arelabelled, and other gures are animated(in which case you will be provided with aprompt that explains how to activate theanimation). Detailed gures may include anoption to enlarge them, or an option to seefurther information.

Prompt

A ‘prompt’ consists of a couple ofsentences appearing in bold that inviteyou to perform a specic action (openinga window or visiting a resource, forexample).

Read

A ‘Read’ instruction indicates a source (inmost cases part of a book, but sometimes

an article) to read on a particular topic.You are recommended to read this sourceunless it is clearly marked as an optionalactivity.

Read more

A ‘Read more’ instruction links you tomore material on the current topic. By

selecting this link you will normally ndthat a new screen opens in a separatebrowser tab. It is important to follow ‘Readmore’ instructions.

You should not assume that materialthat has been placed there is either ofsecondary importance or optional inany way.

Normally the only reason that these links

are used is to enhance the presentationand structure of the information appearingon the main screen.

Examples

In cases where the task is quite difcult,your lecturer may provide an exampleor possible answer so that you can get aclear understanding of what is expectedbefore you attempt the task. In suchcases you will see a ‘See example’ or‘Possible answer’ button – simply selectthis and an example will appear in a newwindow.

Text equivalent

The ‘text equivalent’ button will link to atext equivalent of a ash animation.

Using the study materialsEach unit can be thought of as a ‘study

guide’ that directs you through an amountof module content. At various stages, thetext unit will suggest that you stop readingand conduct some other activities, such



as reading another source book, listeningto an audio clip or performing a specictask. Exactly how you choose to use thismaterial, and how much time you spendconducting exercises, tasks and furtherreading, is really up to you.

As mentioned before, we strongly advise

you to view the material at least once onscreen. You may then choose to print offthe slides and use the single audio le,or you may choose just to take your ownnotes as you proceed through each unit.Viewing on screen will probably also beuseful for revision purposes, especiallywhen material can be gradually revealed,allowing you to test your comprehensionof the topics covered. The choice is entirely

yours.If you discover any errors in the studymaterials then we would be very pleased

to hear from you.



The Online Library

The Online Library has been developed forInternational Programmes students. Youcan access your programme’s individualOnline Library homepage at:

www.external.shl.lon.ac.uk/index.php?id=info

To access the Online Library from thePortal, click on the ‘Online Library’ tab.

Online Library tour

To help you to nd your way around theOnline Library, take the tour:

www.external.shl.lon.ac.uk/help/tour.php

This should only take you ve minutes tocomplete but it will save you a lot of timein the future.

Passwords for accessing the OnlineLibrary

To use the resources available in theOnline Library you will need to request apersonal Athens username and password.To do this, please ll in the form at:

www.external.shl.lon.ac.uk/help/ databases

Your personal Athens account will berenewed by the Online Library Team inthe December of each year that you areregistered as an International Programmesstudent.

Summon

Summon is the Online Library’s newGoogle-like search engine that providesfast, relevancy-ranked results through a

single search box. You can nd journalarticles by typing the article title into theSummon search box. You will need to

use your Athens password to access theresources that you nd through Summon.To nd out more, please go to:

www.external.shl.lon.ac.uk/summon/ about.php

Databases and electronic journals

The Online Library provides access toa wide variety of databases, many ofwhich contain full-text electronic journalsand e-Books. If you are interested ina particular journal use the Full TextElectronic Journal List:

http://zk6qc5fe9p.search.serialssolutions.com/

You can browse or search the full list ofthe Online Library’s databases from thedatabases page:

www.external.shl.london.ac.uk/res/ databases.php?id=info

Here are some of the major databases thatthe Online Library provides:

• The ACM Digital Library is oneof the most important information

resources in computer science andcovers every major area of computing,including computer security, computergraphics and information retrieval.It contains over two million full-textarticles, periodicals and proceedingssince 1985, bibliographic information,abstracts, and the agship journalCommunications of the ACM . Pleaseemail the Online Library Team (see

below) for a separate ACM usernameand password.



• Academic Search Complete –updated daily, this is a multidisciplinarydatabase with full-text coverage of7,900 periodicals, including more than6,800 peer-reviewed journals.

• Business Source ® Premier – theindustry’s most popular business

research database features the full textof more than 2,200 journals. Full text isprovided back to 1965 and searchablecited references back to 1998.

• Dawson’s e-Book collection – severalcore textbooks are available here inelectronic format, and the collection isconstantly growing.

• Lexis ® Library – although primarily adatabase containing full-text case lawand legislation for various jurisdictions,it also provides access to national andlocal United Kingdom newspapers.

• Science Direct – full-text accessto over 220 journals across a rangeof subject areas including science,health, business and management,and social sciences. Abstracts of over2,500 journals can be searched, but

full-text access is limited to titles thathave been selected and paid for by theOnline Library.

• Web of Knowledge – delivers easyaccess to high-quality scholarlyinformation in the sciences, socialsciences, arts and humanities. Thisalso includes free access to MyEndNote Web reference management.

The Online Library Team has developedintroductory Quick Start Guides for eachof the databases to help you learn to usethem effectively:

www.external.shl.london.ac.uk/pdf

Support for using the Library

The Online Library Team will be availablebetween 09.00 and 17.00 (GMT) Mondayto Friday. You can contact them with yourenquiries by email or telephone:

[email protected]+44 (0)20 7862 8478

You can also make enquiries by lling in aweb form at:

www.external.shl.london.ac.uk/help/ enquiries/index.php

A specialist librarian will respond to yourenquiry within two working days. Emailreplies from the Online Library EnquiriesService are sometimes interpreted as junkmail (spam) by lters. This means that youmight miss our reply to you, particularlyif you are using Hotmail or AOL. To avoidfrustration, if you are using a junk maillter please set it to allow email [email protected] [email protected]

The Help Desk

While the Online Library Team will aimto answer your enquiry within twoworking days, you may be able to ndthe information you need instantly at theOnline Library Help Desk:

www.external.shl.london.ac.uk/help/



Feedback or suggestions?

If you would like to suggest a resourceor have any ideas as to how the OnlineLibrary can be improved, please let theOnline Library Team know:

www.external.shl.london.ac.uk/contact/

Keep up to date with Library developmentsin the News section of our website:

www.external.shl.lon.ac.uk/news/index.php





When you are communicating informally(such as in an email or using the StudentCafe) it may be ne to treat onlinediscussions like a verbal conversation andlet your thoughts ow quickly – you donot need to go back to correct mistakes ingrammar, spelling or the logical sequenceof your message. However, when you areparticipating in the online seminars andposting to module discussion areas thenyou should be more careful about thegrammar, spelling and presentation of yourmessage (see the section on ‘Posting todiscussion areas’).

Note that you are requested to makeall posts to discussion areas and theStudent Cafe in English. If you wish to

communicate with a fellow student inanother language then we request that youconduct such a discussion privatelyby email.

Language shortcuts

Emoticons (‘emotional icons’) can beused in online communication in order toprevent misunderstandings and to expressfeelings. Examples of popular emoticons

include::-) smiling

:-( frowning or looking sad

;-) winking

:-o shock or surprise

Other language shortcuts that you mightwant to use are acronyms that are used inplace of common phrases, because theyare quicker to type. Some examples are:

AFAIK as far as I know

IIRC if I remember correctly

IMHO in my humble opinion

LOL laughing out loud (beware:also ‘lots of love’!)

ROTFL rolling on the oor

laughing.Please restrict your use of all languageshortcuts in module discussion areasand online seminars to very few wellunderstood ones.

Dates and times

In the UK we usually write dates as day/ month/year in numbers (for example,11 April 2002 = 11/04/02), but other parts

of the world write month/day/year andwould read the date 11/04/02 as November4 2002. Please try to remember to writedates in a clear format such as 11-Apr-02that spells out the month in order to avoidsuch confusion.

It is also a good idea to avoid using wordslike ‘today’, ‘tomorrow’ and ‘yesterday’and to use the date instead – rememberthat people may be in different time zones

and that it may already be ‘tomorrow’where they are. You should also rememberthat people will be participating in thediscussions over an extended time periodand may not read your message untilseveral days or even weeks after you haveposted it.

Please also bear in mind the differencein time zones when making any precisearrangements with students from differentparts of the world (deadlines for posting acontribution, sending an email, etc.)



Name

You should include your name at the endof any communication. Some packagesadd a signature le (some text that isalways added to the end of the message).If you use this facility, keep your signaturele short: about four lines are considered

appropriate.Formatting

The person who reads your messagemay be using a different email program toyou, even a different computer system.A message sent using, for example,a Japanese email program to anotherJapanese system will be able to sendJapanese characters, but if such amessage is received on another system itmay be unreadable.

There is a minimum common standard foronline communications: send plain text.Formatting like bold, underline and italicwill not be understood by all systems.Even different fonts may cause problems.Try to view and write your communicationsusing a xed spaced font like Courier. Inthis font each character and space has the

same width and columns of text, numbersand spaces line up on top of each other.

Avoid using special or extended characters.For example, the £ sign may be turned into# when viewed using a different computer.Also, keep your line length to around65–70 characters in messages. Somecomputer systems do not wrap long lines,so your message will disappear off theright of the screen when others open it to

read it on their computer systems.

Attachments

It is possible to include attachments inmost forms of online communication (thisincludes postings to discussion areas).During online seminars your tutor mayask you to post answers to tasks. Pleaseonly attach les that have been created in

widely used applications – otherwise yourtutor and peers may not be able to readthem.

You might nd it useful to installCutePDF™ Writer on your computer.This free software enables you to convertdocuments into PDF les.

http://www.cutepdf.com

Viruses

You have registered for a degreeprogramme on Information Security – sodo we really have to say anything moreabout viruses in this handbook ? Pleasetake care to use basic virus hygienecontrols on your computer, and checkattachments and anything you downloadfor viruses. If you think you’ve got a virus,then try to nd out if you got it from an

email attachment or program, and warnthe person who sent it to you. Do notassume that everyone you sent email tohas caught the virus.

Remember that it is going to look veryembarrassing if you are the source of acomputer virus on any courseware. Makesure that it does not happen!



Discussion area netiquetteThe following netiquette issues applyparticularly to use of discussion areas andonline seminars.

Posting to discussion areas

The key point when writing a message isclarity – ask yourself if everyone who mayread your message will understand you.We advise you to do the following whenparticipating in any programme-relateddiscussion area or online seminar:

• Write in proper sentences (althoughgrammar and spelling need not beperfect).

• Spell out any abbreviations whenrst used in the message you are

writing. For example, Royal Holloway,University of London (RHUL).

• Put the message in context (i.e. quotepart of the original message to whichyou are replying if it helps place yourquestion or response in context).

• Do not quote the entire originalmessage to which you are replyingunless it is absolutely necessary.

• If you are starting a new discussionthen make sure that you are in thecorrect part of the discussion areaand title your discussion appropriatelyaccording to the topic concerned.

• If you are posting to an existingdiscussion then try to use a moreinformative title for your posting thanthe default ‘Re: XXX’.

•

Do not write in capitals – it is oftenread and interpreted as SHOUTING.

Think twice

While we want to encourage you touse discussion areas and post to onlineseminars as much as possible, don’t gettoo enthusiastic – always make a quickcheck before nally posting a message.Make sure your contribution is relevant

and on topic. For example, try to avoid theclassic post ‘I agree’, and adopt a moreinformative ‘I agree because…’.

Checking the discussion boardregularly

Remember that the discussion areas andonline seminars are asynchronous – theydo not take place live. People will beadding to the discussions over at least a10-day period, so do not expect an instantreply to the messages that you post. It istherefore important that you get into thehabit of checking discussions regularly. Forexample, you could decide to give yourselfone hour three times a week to look atdiscussions. If you give yourself scheduledtimes to read and add to discussions, youare more likely to participate effectivelyand efciently.

You should also remember that people willbe studying things at different rates, soyou may need to wait a while for a non-moderated discussion on a particular topicto get going. However, even if you havemoved on to something else when thediscussion gets going, you should try toparticipate as it will serve as revision.



Email netiquetteThe following further netiquette rules applyparticularly to use of email:

Junk email

Please do not proliferate the sending ofjunk email among fellow students on theprogramme. In particular, do not under anycircumstances:

• distribute unsolicited email containingadvertising material to fellow students

• post any messages to fellow studentsrelating to pyramid schemes ormoneymaking scams

• proliferate chain letters such as thosethat claim that if you send an email toa number of other people good luckwill come to you, but if you do notsend it then you will get bad luck

• use email addresses of students onthe programme to distribute onlinepetitions.

If you receive unsolicited email of any ofthese types then the best thing to do isdelete it straight away. If you suspect anystudents on the programme of being the

source of unsolicited email messagesthen contact the support ofce at RoyalHolloway.

Space in your mailbox

Please remember that it is yourresponsibility to leave sufcient space atall times in your mailbox to receive emailsand attachments from us.



There will be times when you wish thatyou had someone nearby to talk to aboutthe content of the programme. In fact, wewould strongly suggest that you make aconscious effort to try to talk to as manypeople as you can about the content ofthe programme. To a large extent, thequality of your experience will dependon the amount of contact that you havewith other students and tutors on theprogramme.

We will do what we can to help you in thisrespect, but it will be primarily up to you totake advantage of what is available.

In this section, we look at how youcan most effectively use the availableresources.

Note that this chapter concerns academicsupport, that is, how to get help withunderstanding Information Security andrelated programme content.

Obtaining academic supportWhile you may choose to study thisprogramme entirely on your own, thereare many reasons why it is a good idea totry to communicate with other students asoften as you can:

• Understanding study material .This includes a brief step-by-stepguide to how to proceed when youdon’t understand some of the studymaterial.

• Covering missed issues . Discussingstudy material with others often bringsto light issues and subtleties that you

did not pick up on when studying onyour own.

Networking and academic support



• Obtaining the ‘big picture’ .Comparing the views of other people,especially on subjective issues, helpsto create a better understanding of allthe complexities of a subject andthe different opinions that existconcerning it.

• Bene ting from experience . In anarea like information security, there islittle substitute for having experiencein the eld. You may have no suchexperience, or only have experience ina limited area. Interacting with otherswill inevitably lead to you dealing withpeople who have valuable experiencein other areas. You may also nd thatother people greatly appreciate you

sharing your own experience in topicsthat you are particularly familiar with.

• Joining a community . Interactingwith other people and sharinginformation is normally a very positiveexperience and allows you to becomepart of an online community. In thisway, you will meet like-minded people,which will not just be an interestingexperience in itself and help you toovercome isolation as a distancelearner, but in many cases it will leadto the establishment of friendshipsand contacts who may be benecialto you during and after completion ofyour studies.

We now look at each of the differentways in which you can engage in onlinenetworking and communication on this

programme. These are:• online seminars

• module tutors

• module discussion areas

• peer-to-peer support

• Student Cafe.

When using any of these online supportmethods please make sure that you followgood online communication practice.

Online seminarsMost of the modules on the InformationSecurity programme feature a number ofonline seminars.

What are online seminars?

Online seminars are regular, formaldiscussions that will be moderated by atutor. The discussions are ‘asynchronous’,which means that they are not ‘live’ events

and that you don’t have to be online atthe same time as the other participants.You contribute to the discussion at a timethat suits you. We do strongly recommendthat you check discussions regularly overthe scheduled seminar period (preferablyat least once a day) to read messagesfrom other participants and follow thedevelopment of the discussion.

The use of online seminars varies betweenmodules, but as a general rule, you willbe expected to participate in either two orfour online seminars for every module thatyou study. The online seminars will takeplace on set dates and will last for a setamount of time (typically 10–14 days). Youwill receive detailed schedules of onlineseminars for a particular module when youregister for it.

You will receive detailed instructions abouteach seminar before you are expectedto join it. Your tutors will have pickedout some key themes or skills that they



wish to discuss with you in the onlineseminar and you will be expected bothto prepare for and to participate in thediscussions. Please note that your tutorshave chosen each seminar topic for a veryspecic reason: it may be crucial to yourunderstanding of a particular topic and willgenerally involve exploring an examinableissue that is not covered in detail in thestudy materials.

Your tutor’s role is to facilitate the onlineseminars to make sure that you get themaximum benet from them. This meansthat they will work with you to help youreach the right conclusions, but that theywill not simply give you answers to thequestions that are posed.

Why do we have online seminars?

Online seminars are a key part of thedistance learning programme and arean alternative to the activities that areundertaken in a tutorial session oncampus. The amount that you can learnfrom participating in them should not beunderestimated.

Online seminars are designed to build

on and reinforce the themes that you arereading about, and to make you reecton and analyse the study materials.They provide you with an opportunityto check that you have understood thetheories and concepts that have beenintroduced. Where you and your fellowstudents have apparently not understoodissues relating to the online seminar,your tutor can provide you with feedback

and explanations that can help you tounderstand the issues better.

Online seminars provide an organisedopportunity for you to learn from your

fellow students. Participating in the onlineseminars gives you the chance to discussand explore some of the key themes fromeach module with a range of people withdifferent backgrounds, knowledge andperspectives.

We hope that by making online

contributions to your very rst module, youwill have the condence and experienceto gain maximum benet from onlineactivities throughout the remainder of theprogramme.

Why are they timetabled?

It is necessary to run online seminarsfor xed periods of time between xeddates in order to focus participants onconducting a particular set of tasks. Settingdates is necessary in order to guaranteethat students will be addressing the sameissue at the same time, and that a tutorwill be present to guide the discussion forthe duration of the online seminar. Onlineseminars normally run for a 10-day period,thus allowing sufcient time for you tocontribute when it suits you best, but overa short enough time that the discussion

remains focused and dynamic.If you cannot participate in an onlineseminar for any reason, then the seminarwill remain accessible for you to read whenyou are next able to return to your studies.

If you wish to continue discussions beyondthe end of an online seminar, or run yourown similar discussions outside theseminar period, then you may do so. Theonly difference is that such discussionsare not formally part of the programme,and that they may not receive such closeattention from a tutor. You are, however,strongly encouraged to use online





You should interact with your seminartutor:

• only during the support period of anonline seminar

• only concerning the topic underdiscussion in the online seminar

• only through the online seminaritself.

On the other hand, please :

• do not ask your seminar tutor module-specic questions that have nothingto do with the seminar topic – theseshould be directed to the modulediscussion area (and occasionally tothe module tutor, see the next section)

• do not email your seminar tutor directly(in most cases he or she will probablyrequest that you post your question orcomment to either the online seminaror the module discussion area anyway)

• do not ask your seminar tutoradministrative and technical supportquestions – see the section on‘Administrative and technical usersupport’ for advice on these matters

• do not ask your seminar tutoracademic questions relating to othermodules, unless they are of directrelevance to issues under discussionin the online seminar – use the supportfacilities for these other modules tohave such questions addressed.

Module tutorsEach module is also supported by one ormore module tutors. At least one moduletutor will be available to support themodule from the start of the session tothe time of your examination (this includestimes outside the periods when online

seminars are running).Module tutors will assist your study of themodule in two different ways, as follows:

1. Monitoring the module discussionarea

The most important role of module tutorsis that they will be monitoring informationposted to the module discussion area. Thisdoes not mean that they will post to this

board regularly, but they will try to answerspecic questions that are posted there.We discuss the module discussion areashortly.

2. Answering academic questions

The main advantage of asking yourquestions within module discussion areasis that all students get the benet ofanswers that may be posted, whether theycome from other students or from tutors.On occasions, you may also wish to askyour own private academic module-relatedquestions, and to do this you shoulduse the ‘Ask a tutor’ function. You will beinstructed on how to do this when youregister for each module.

You should:

• use this service selectively – pleaseuse the module discussion area in the

rst instance

• restrict questions to those concerningmodule-specic content only.



On the other hand, please:

• Do not ask the module tutoradministrative and technical supportquestions.

• Do not ask the module tutor academicquestions relating to other modules

– use the support facilities for

these other modules to have theseaddressed.

Questions asked directly of the moduletutor will normally be answered withinve working days of receipt.

Module discussion areasEach module has its own modulediscussion area. This is a discussion areadedicated to that module and open to allstudents who have registered for thatmodule.

Module discussion areas are madeavailable for academic, topic-relateddiscussions. Although programme staffwill not be ‘leading’ any discussions on themodule discussion area (this is what onlineseminars are for), the module discussionareas are monitored, which means

that module tutors will be checking thediscussions regularly to ensure that postedinformation is correct and that discussionboard protocols are being observed.Module tutors may also choose to postmessages relating to the module contentif they feel that discussions require inputfrom them.

Module discussion areas provide youwith an opportunity to discuss your ideas

and thoughts with your peers in a relaxedenvironment. If you are having problemsunderstanding a particular point, you canalso use this forum to ask your peers for

help, just as you might ask fellow studentson campus. The module discussion areais part of your campus .

You should feel free to post module-related information or questions to themodule discussion area. It is preferableto use the module discussion area (rather

than email) for module content-relateddiscussions with fellow students as thiswill mean that a greater number of peoplewill benet from and be able to contributeto the discussion.

You can also use these areas to postanswers to exercises, for feedback fromboth fellow students and tutors. A furtheruse is for the sharing of information suchas useful links related to module content.

Your peers may not always be able topost replies to your questions or thoughtsimmediately, so remember to check theboard regularly. As with online seminars,please make sure that you understandthe technical operation of the discussionareas within the VLE and that you followgood online communication practice whenposting messages.



Summary of moderatedsupportIf you have an academic query then thefollowing should apply:

1. Post your query to the relevant modulediscussion area (e.g. unit or seminararea).

2. If (1) does not produce a satisfactoryresponse, then post your query to ‘Aska Tutor’.

3. If (2) does not produce a satisfactoryresponse, then post the query directto the Module Leader, via personalemail.

4. If (3) does not produce a satisfactoryresponse, then please contact the

Programme Director.

If your query is of an administrativenature, please refer to the ProgrammeAdministrator or the relevant InternationalProgrammes department (see page 12 andpage G.3 of the General section).

Peer-to-peer supportAlthough you are a distance learner, it isimportant to remember that you are partof a learning community, just as you wouldbe if you were studying on campus. Wewould encourage you to work with andsupport each other as much as possible.Both the material you will be studyingand the VLE have been designed to giveyou the opportunity to get to know andto share ideas with your peers. It is yourresponsibility to take this opportunityand exploit it to your advantage .

There are several ways in which you canuse the programme infrastructure toengage in learning activities with yourpeers, as follows:

Discussion areas

These should really be your primarymethod of obtaining peer-to-peer support.All students registered for a particularmodule have access to the modulediscussion area, and you can shareyour questions, answers, thoughts and

experiences relating to that module in thisenvironment. All students also have accessto the Student Cafe.

Email

You are, of course, free to establish yourown relationships and communicatedirectly with your fellow students onthe programme. We would encourageyou to have as many discussions as youcan within the more widely accessiblediscussion areas, but recognise that thereis considerable value in assisting someof your learning in a more private waythrough the use of email. Some of youmay nd that you wish to explore certaintopics in smaller study groups through theuse of email.

If you do use private communicationsor study groups to assist your learning,

we would encourage you to share theresults and thoughts that you have inthese environments by posting summariesor issues that emerge from privatediscussions on the more accessiblemodule discussion areas.

Student CafeAs well as the specic module discussionareas, there is a general discussion area

called the IS Student Cafe that you arewelcome to use. The IS Student Cafe isa discussion area that is not monitoredby tutors. There is also the Student Cafe,which is open to all students, not just



those studying IS, and is probably theclosest you are going to get to a ‘StudentUnion’ on your distance learning ‘campus’!

The IS Student Cafe can be used foractivities such as:

• holding general discussions that do notrelate directly to any specic module

on the programme• sharing general resources concerning

the programme

• discussing general distance learningstudy issues

• socialising with other students.

Please try to avoid the use of the IS StudentCafe for module-specic discussions thatcould be more appropriately held on amodule discussion area. Remember that,since the Cafe is not monitored by tutors,you should not expect tutors to respond toquestions that may be posted.

External supportWherever possible, you should take thechance to talk to others about what youare studying. These may be people whoare working in Information Security, butalso those who know little about it. Talkingto all sorts of people about InformationSecurity, including trying to explain someof the things that you have learned, mayhelp you to understand better the newconcepts and ideas that you have comeacross on the programme. Feedback fromyour counterparts may clarify what youhave not understood and help to developyour skills in putting forward structuredarguments.

You can combine your study with otherways of extending your knowledge in yourarea of professional interest. You may, forexample, consider joining a professionalorganisation to establish contacts or toreceive newsletters and invitations toseminars, conferences and exhibitions. Youmay wish to subscribe to relevant mailinglists and websites. You may also nd ituseful to have access to general journals(management, information technology,etc.), both local, regional or international,which will keep you informed and up-to-date on background information that isuseful for the study of information security.Look out for recommendations in moduleresources and from fellow students. Be

both imaginative and selective.

Your responsibilityAny form of education requires the studentto make a certain level of commitmentin order for it to be successful. Onlinedistance learning may be more exiblethan an on-campus degree programme butit still requires you to take responsibility foryour own learning. You must be committedand you should use the academic supporttools at your disposal to their full potentialso that the programme is a rich andpositive learning experience. For example,failing to contribute to an online seminaris the equivalent of missing a lecture ortutorial and it will have an impact on yourlearning. You should also remember thatyour tutors are there to guide and facilitateyour learning, not to do it for you.

Personal advicePlease refer to ‘What to do if you getinto difculties’ and in particular, theinformation on ‘Advisers of studies’.



This short chapter summarises someadvice on what to do if you encounterserious difculties during your studieson the programme. The most importantthing is to address problems early, to seeksupport if you need to, and not to panic!Most types of problem that you mayencounter will not be unique to you, andmany other students may have been facedwith similar difculties in the past.

At the end of the chapter you will ndinformation about the appointment ofadvisers of studies. Their main role is toprovide a single and personal point ofcontact if you nd yourself in difcultiesand need to discuss them with someonewith sound knowledge and personal

experience of the course.

Your family doesn’tunderstandIdeally your family and partner are behindyou all the way and, in theory, they probablyare very supportive. But small difculties canquickly build up into a genuine problem – forexample, you rarely help with the dishes orwith the children, you don’t want to go out in

the evening, the little jobs around the houseremain undone for too long, etc.

Probably the best way to avoid this is tonegotiate time for studying and time forfamily and friends – and keep to it. Whena problem arises, you need to go back andreview the arrangements you have made

– are you keeping your side of the bargain?What compromise could you make to keepeveryone happy? When examinations areapproaching you need to explain to everyonethat you need to spend more time studying,but then plan to spend extra time with themwhen the examinations are nished.

Your employer isn’tsupportiveIf you are combining work and study youmay nd that your employer is initiallysupportive but then is later reluctant to spareyou sufcient time to study or to attendexaminations. This can lead to conicting and

stressful pressures on your time.If your employer is co-operating withyour studies (perhaps even paying for theprogramme) then it is denitely in theirinterests to help you to succeed. The mostimportant thing you can do is to make itclear to your employer exactly how muchtime you will need and at what periodsof the year you are particularly underpressure. Plan your needs out carefullyin advance with the co-operation of youremployer (don’t surprise them with last-minute requests for time off – make sureyou give plenty of notice and ask themwell in advance for any time off that youmay require).

Planning your studies may also involvemaking arrangements to catch up on anywork that is falling behind, or reminding

your boss gently of the advantages to theorganisation of having you complete theprogramme and applying your new skillsand knowledge for the benet of all. Thenature of your employment may simplynecessitate that sometimes you have toshoulder a higher workload than usual.For a while your study time may have toaccommodate problems at work, but inexchange it seems only fair that you be

given compensatory time when suchbottleneck periods are past.

Some of you may have less co-operativeemployers, or may even have chosen not to

What to do if you get into difculties



inform your employer that you are studyingthis programme. This does make life moredifcult when the two activities start toclash in their demands on your time. Ifthere is very little that you can do aboutpressures from the workplace then youmay simply have to consider taking lighterstudy loads and also being prepared tosacrice some of your holidays or leisuretime in order to complete your studies.

You can’t nd the time tostudyFinding the time to study and maintainingstudy schedules can be a real problemfor some students. This is where, as adistance learning student, you may haveto work hard to improve your personaldiscipline and efciency.

If you have problems nding time tostudy then it is well worth reviewing yourweekly schedule to see if there aren’tsome small changes in lifestyle that couldresult in a few hours being gained eachweek for study. Sometimes these can besurprisingly simple to nd. For example,could you use any time spent commuting

by bus or train to do some study? Couldyou revise your weekly employmentschedule to arrange a day working at homeeach week, thus saving some commutingtime, which could then be used for study?Could you use your lunch hour to study?Could you alter your sleeping times to takeadvantage of quiet moments when no oneelse is up at home?

Another way of recovering some time isto try to study more efciently. There are

no prescriptive rules for efcient studybecause it comes down to your ownpersonality and study skills. However,many of the study skills discussed in thishandbook , and in The Sciences GoodStudy Guide , should help you to becomemore efcient with your time.

You fall behindIf you fall behind the pace at which youhave chosen to study this programme,or something unexpected happens thatputs you seriously behind on your studyschedule (such as work commitments,an illness or an accident), then you haveseveral options.

Putting in an extra effort in order to get

back on schedule is one option, althoughthis might be impractical if the delay hasbeen signicant.

Revising your schedule is perhaps a morefeasible alternative – this might involvedelaying the taking of an examination oradjusting your entire study schedule to aslower pace – perhaps deciding to take anextra year to complete, for example.

If you have fallen behind because you didnot give yourself a xed study scheduleor set yourself specic goals, you shouldtry to do this now. Having deadlines andmilestones pre-arranged might give youthe impetus and discipline you need tonish.

If you do nd you are having difcultiesand are not sure what to do, then ask usfor advice.



You don’t understand thestudy materialsIf you don’t understand the study materialsthen there are several different ways inwhich you are advised to proceed. As arough guide, consider the following actionsin order of priority:

• If you are stuck on a particular issueor explanation then it is occasionallythe case that you are simply too tiredand just need a rest – so take a break,get some fresh air, and come back toit later. You might also be able to moveon to the next topic and then return tothe troublesome one later. However,if you still have problems then you willneed to take some further action.

• Take a look at alternative descriptionsor explanations in other resourcessuch as programme texts or internetsites. It may be that you have beenconfused by the presentation ofthe material and that a differentdescription is all that it takes to clarifythe issue for you.

• Having established that you cannot

solve the problem yourself, there areseveral different academic supportmechanisms that you can use to getassistance. These include askingfellow students or contacting a tutor.

• If you do not understand any of theexplanations provided by your peers ora tutor then it is possible that you aremissing some important backgroundmaterial (some basic mathematics orunderstanding of simple computer

networking, for example). Mostmodules contain advice on sourcesof background reading. However, youmay want to contact a module tutorfor further advice on how to proceed.

You feel isolatedIsolation is one of the most commonproblems distance learning studentsface. As we have stressed repeatedlythroughout this handbook , the best waythat you can prevent this problem isthrough positive engagement with fellowstudents and tutors on this programme.In the unlikely event that all your bestefforts to do this have failed and you needan individual with whom you can discussyour problems, then you can contact yourpersonal adviser of studies (see below).

Advisers of studiesAs a registered student you will beassigned a staff member to provide asingle and personal point of contact if youneed advice during your studies. Soonafter you start the course your adviser willget in touch with you to provide you withtheir contact details. There are, as you haveseen, other channels for administrativeand technical queries, as well as the ‘Aska tutor’ function for academic questions,but there may be a few occasions whenyou need a more personal point of contactwith an individual member of the teachingstaff. Where possible we will assign you tothe same adviser for the entire duration ofyour studies on the programme.



In this chapter we discuss how yourperformance on the MSc degree orPostgraduate Diploma is assessed. Weinclude a guide on how to approachexaminations and discuss issues relatingto the MSc degree project.

Assessment requirements

Please read the PSR for a precisestatement of the requirements forpassing the MSc degree/PostgraduateDiploma.

Assessing your workQuite reasonably, many students worryabout their exams and whether they willpass or fail. Some students worry morethan others, particularly those of you who

have returned to academic life after manyyears of absence (or who are experiencingacademic life for the rst time), those of

you who are from countries with differenteducational systems, and those of youfor whom English is not a rst language.Just the thought of examinations, writinga project or being marked in any way canbe terrifying! Don’t panic – most studentswho complete their intended studies dosucceed in obtaining the qualication. Youwill certainly need to work hard, but if youdo work hard then you should pass.

So how do we assess your work? You willnd full details of the procedures in thePSR, which have been sent to you. Thegeneral assessment of this programme isfairly straightforward:

• All modules of the programme (coreand optional) are assessed by unseen

written examinations. Your averagesfor the Core and Option elements arecalculated.

• The Project for the MSc degree isassessed by a dissertation and atwo-hour unseen written paper. Itis a separate element and this iscombined with the results in theother two elements to determine yourqualication for the MSc degree.

• The results of the Core and Optionelements are used to determine yourqualication for the Diploma.

ExaminationsThe bulk of the assessment on thisprogramme is by examination, so it isextremely important that you understandwhat you need to do and how best to

study for an examination. Some of you willbe fresh from studying and examinations,others may worry that you have forgotten

Assessment



how to pass examinations. These briefnotes are here to remind you. As you willsee, it pays to:

• know the PSR

• plan for examinations

• study regularly

•

read the essential study materials andexternal resources

• revise effectively

• make use of the opportunities forformative feedback

• practise a previous examination paperunder examination conditions.

How are examinations marked?

To ensure that our assessment of yourwork is fair, we use three differentmethods:

1. Examination scripts are graded by twodifferent internal markers.

2. Markers do not have access to yourpersonal details (‘blind marking’).

3. A selection of all marked workis sent to External Examiners.These are academics from other

universities, whose job it is to checkon the standards of marking at RoyalHolloway. These Examiners areindependent and report back to theUniversity of London.

How should you revise forexaminations?

In this section we provide some advice onhow to prepare yourself for examinations.

You will also nd useful hints on revisingfor examinations in The Sciences GoodStudy Guide .

Set aside the time

After working through the study units ofa module, you should block out enoughtime for revision. Try to make very fewappointments and postpone any big partiesin the weeks before the examinationperiod. Concentrate rst and foremost

on revision. Make yourself a revisiontimetable. Set yourself the same amountof revision for each of the main subjects onwhich you will be examined. Try to stick tothis schedule. Do not spend lots more timerevising the subjects you like best or ndeasiest. Likewise, do not spend all yourtime on the subjects you nd most difcult.Finally, do make sure that you don’t spendevery minute on revision – that way you’ll

go mad. Short breaks will refresh you andprevent you getting completely obsessed.

Be aware of the styles ofexamination question

You should prepare yourself for the stylesof question that are likely to be asked in theexaminations. This can be done by lookingat previous examination papers and readingcarefully any advice provided by moduleleaders or tutors (especially in cases wherethere may be a change in the styles ofquestion asked compared to previousyears). Note that question style is likely tovary from module to module.

In general there are two different types ofquestion asked in examinations, and youshould be aware of the extent to whichthese are likely to be asked in any specicexamination:

• short answer questions: these typicallyfocus on technical content, factualknowledge and an explanation ofconcepts that have been covered in thestudy material



• essay questions: these are more openand provide you with the opportunityto demonstrate your understanding ofone or more parts of the programmeand your ability to analyse issuesrelating to information security.

There are several reasons why you should

not rely on trying to guess exactly whatquestions are likely to be asked in a futureexamination. First, some of the studyunits that you are doing may have neverbeen assessed in previous examinations(they may be new or signicantly revised).Second, although some of the questionsin previous examination papers appear tocover similar topics, future questions mayvary in the way that they are phrased and

this variation can change an easy questioninto a very difcult one.

Practise writing examinationanswers

If you are not familiar with the Britishsystem of taking written examinations,then it is particularly important that youpractise writing examination answersunder time constraints. Previousexamination papers can be useful forthis purpose. See individual modules foradvice on how best to obtain feedbackon answers you have written to pastexamination papers. Note that evenif you are familiar with taking writtenexaminations, if you normally use acomputer keyboard to record informationand data then it might be worth practisingthe ‘ancient art’ of writing things downon paper! Taking written examinationscan be physically tiring for those of usout of practice with this particular form ofexercise.

Preparing for the examination itself

Finally, it may seem obvious, but makesure that you know in advance exactlywhere and when the examination is beingheld! Most students will have somedistance to travel to the examinationcentre and many of you will have

to plan for the necessary overnightaccommodation. Take enough time to ndout exactly where the examination takesplace and how to get there. Make yourselffamiliar with the building. Students havebeen known to go to the wrong place andtry to take the wrong exam! Get a goodnight’s sleep beforehand. Make sure thatyou arrive in plenty of time for the exam,so that you are relaxed. Take a watch

with you. If you have some distance totravel, catch an earlier train or bus thannecessary, so that you can be certain youwill be there on time. Make sure you havesuitable pens and pencils and that yourpen/biro has sufcient ink for the durationof the examination.

How to do well inexaminations

Doing well in examinations is mostlya matter of how much you have learntand understood – but is also a matter ofexamination technique. In this sectionwe provide some advice on examinationtechnique. Examinations are a good test ofyour ability both to organise yourself andto think carefully under pressure.

You will also nd useful hints on doingwell in examinations in The Sciences Good

Study Guide .



Read the instructions carefully

Make sure that you read the examinationinstructions carefully and that you knowexactly what you are being asked to do.Pay particular attention to the number ofquestions that you are expected to answer,and which parts of the examination are

compulsory or optional. The easiest wayto fail an examination is not to answerenough questions . It is not uncommonfor a student to answer too few questions,and each question not answered willautomatically be awarded zero marks. Ifyou have to answer three questions, andyou answer two, you will have to producevery good answers in those two just topass. So, the rst priority is to check the

number of questions you have to answerand to allocate time for each of them.

Think rst – and make a plan

In any examination you should spendsome of your time just thinking andplanning and not writing answers at all.In a two-hour examination, for example,you should perhaps spend the rst 10minutes studying the whole examinationpaper carefully, reading the instructionsand selecting the questions that you aregoing to answer. Similarly, before youanswer each of the questions that youhave chosen, spend at least a few minutesdeveloping a plan. Once you start writing,you can change your plan if you feel itnecessary. This time to read the questionsand develop your plan is built into theexamination.

You should make your overall choice ofquestions (before you start answering anyof them) as part of this plan. This way youavoid panicking when you have answered

one or two questions and don’t know whatto do next. Similarly, take care over theorder in which you answer the questions.Starting off with the easiest can seemthe best solution. It does, however, haveone big disadvantage – the examinationgets worse and worse as you go on. In anexamination where you have to answerthree questions, some people prefer toanswer the second-best question rst ofall. Then tackle the easiest question. Thisway you should be feeling good when youcome to the most difcult question. It’s upto you…

Read each question carefully

Surprisingly few students do this well.Most marks in examinations are lostthrough a failure to answer the questionproperly . First, read each questioncarefully, then go back and read theinstructions again. Remember that whenyou see a question in an examination paperthat you seem to recognise, check rstwhether it is exactly the same – or slightlybut importantly different. Many studentsget caught out and just write answers tothe questions they have revised, failingto check whether these questions wereactually asked in the examination. Checkand double-check.

Pay attention to the markingscheme

Every examination paper will ask you toanswer a certain number of questions, andmarks will be allocated to each question.

It is very important to note how many

marks are available for each part ofeach question and to devote time toanswering these parts in proportionto the marks involved . Spending time



perfecting one part of a three-mark questionat the expense of beginning a 10-markquestion is a bad mistake! Similarly, don’ttry to read too much into the meaning ofmarks for parts of questions unless youhave been specically advised to do so.Three marks do not always mean thatexactly three issues have to be identied.Pay attention to any advice issued bymodule leaders or tutors on the meaning ofmarking schemes for their module.

Give your answer a structure

Particularly for essay-style questions,remember that a good answer is notalways just a list of everything thatyou know about a subject, but is also acareful argument with a clear structurethat addresses the particular questionthat has been asked about that subject.Concentrate on getting the structure rightand making sure you have a clear, well-ordered argument. If the issue concernedis an open one, then sum up the mainpoints for and against the position you aretaking and explain the arguments on bothsides.

Present your answer clearly andconcisely

You don’t have much time in anexamination, so make your points clearlyand concisely. You will not normally getmarks for repeating the same point inmany different ways – but you will getmarks for demonstrating a completecoverage of all relevant issues. Ifnecessary use bullet points to present lists

of related information.It constantly amazes Examiners how somevery long answers can contain almost

nothing and some very short answers cancontain almost everything!

Legibility

All students are reminded that theExaminers place great importanceon legibility in examinations. Anyscript deemed illegible by the Boardof Examiners will be assigned a markof zero and a fail result will be given.This will count as an attempt at theexamination. Royal Holloway will nottranscribe illegible scripts and so a studentwith poor handwriting due to medical orlearning difculties must apply for specialexamination arrangements in the usualway (see Information for students withspecic access requirements, on pageG.32 of the General section).

If English is not your rst language

You may worry that you will both read andwrite more slowly than your colleaguesdo. Even if this is the case, rememberthat you get good marks for writing clear,critical and well-organised answers (seethe above remarks on being concise). Notethat it is not normally a requirement that

your answers are in uent well-punctuatedEnglish. It is necessary, however, thatExaminers can understand the points thatyou are making. Try to avoid unnecessarilycomplex and colloquial English phrasesand jargon. Write simply and clearly.

If you are running out of time

Remember to keep checking and, ifnecessary, revising your initial examination

plan. Be aware of the time throughoutthe examination. If you nd that you havespent too much time on early questionsthen don’t panic. Adjust your plan to



address the remaining questions aseffectively as you can. If you really arerunning out of time then it may be wiseto look ahead quickly at questions thatyou have not completed for relatively easyparts that you can quickly answer. It issurprising how many marks you can pickup in little time by choosing carefully whatto answer. In an essay-style question youmight choose to list quickly a number ofrelevant issues, and then try to expandon them as well as you can in the closingminutes.

Examination standards

The standard of the examinations forthe programme is the same as that forstudents studying on campus. RoyalHolloway’s academic staff are involved inthe same way in the setting of questionpapers and the marking of scripts. Noconcessions are made for the more difcultstudy circumstances of distance learningstudents. You need to be reasonablycondent that you have the ability tosucceed in an examination before makingyour entry.

The MSc degree projectStudents on the MSc degree are requiredto carry out a compulsory informationsecurity project towards the end ofthe programme. Full details on therequirements of the project and how toapproach the planning, conducting andwriting of the project dissertation areprovided in the project handbook . This willbe sent to you when you register for theoptions, to help you plan ahead in preparingfor the project stage.

Aims of the projectA project is a major individual piece ofwork. It can be of an academic natureand aim at acquiring and demonstratingunderstanding and the ability to reasonabout some specic area of informationsecurity. Alternatively, the project work may

document the ability to deal with a practicalaspect of information security.

The objective of the project is to write acomprehensive dissertation on the topic ofthe project. On completion of the projectyou should have demonstrated the abilityto:

• work independently on a security-related project, for which you havedened the objectives and rationale

• apply knowledge about aspects ofinformation security to a particularproblem, which may be of anengineering, analytical or academicnature

• produce a well-structured dissertation,including introduction, motivation,analysis, and appropriate references toexisting work.

Selection of your project topic

After registration for the project you will beallocated a project supervisor who will giveyou advice on choosing the project and willmonitor its progress. However, it is primarilyyour responsibility to dene and plan theMSc degree project. You are encouraged toseek placements with industrial sponsorsfor the duration of your project, should that

be relevant to your intended topic.



Timetable of the project

In summary, the milestones for the projectprocess are as follows:

1. As soon as possible after 1 July ,submit to the Programme Director anintention to register for the project inthe coming study session, including

an indication of your possible areasof interest. This specication of areasof interest can be still quite vague,but it helps us to arrange in advancea suitable supervisor for you in orderto ensure a prompt start to yourproject after registration. Informalnegotiations to plan the project withyour prospective supervisor can beginover the summer.

2. Formally register for the projectelement by contacting the ProgrammeDirector before 1 September . Youwill subsequently be sent formalnotication of the appointment of yourallocated supervisor.

3. Agree on an acceptable projectdescription with your project supervisoras soon as possible and no later than

31 October .4. Submit an interim project report for

approval by your project supervisor by31 January of the same study session.The supervisor will conrm whetheror not to recommend you proceed tocomplete and submit the project in thecurrent session. You need to register forthe project examination by 1 February .

5. Complete the dissertation and submitit to the University by 31 March ofthe same study session (full details ofthe submission process appear in theproject handbook ).

6. Sit the project examination at thespecied time in May .

You should look out for notices in the VLEannouncing seminar activities designed toprovide guidance on developing a projectplan, conducting your project and writing upyour project dissertation.

Interrupting or failing the project

Students who fail the project and wish tore-take it have the following options:

• Students may keep the same projecttopic and make another attempt withno further supervision. An examinationre-entry fee will apply.

• Students may keep the sameproject topic (or related topic) and

make another attempt with reducedsupervision. The project fee will be 50per cent of the project module fee. Anexamination re-entry fee will apply.

• Students may start again with a newproject topic. The full module fee for theproject will apply.

For details on examination re-entry feesand module fees, please refer to the

fee schedule which is published on theInternational Programmes website (seealso page G.7 of the General section).

A student who starts the project in oneacademic year, and who does not completethe formal assessment by 31 March in thesame academic year, is deemed to haveinterrupted the project. An interruptedproject can be resumed the followingacademic year and, depending on how

much supervision a student receivedin the academic year the project wasstarted, there will be a limited amount ofsupervision when the project is resumed.



Students who interrupt their project in twosuccessive years will have used up all theirdue supervision and have the followingoptions:

• Students may keep the same projecttopic and make another attempt withno further supervision.

• Students may keep the same projecttopic (or a related topic) and makeanother attempt with reducedsupervision. The project fee will be 50per cent of the project module fee.

• Students may start again with a newproject topic. The full module fee forthe project will apply.

Merit/DistinctionThe MSc degree and PostgraduateDiploma may be awarded with merit orwith a distinction to any student whoperforms to a sufciently high level inthe assessed elements. Full details ofthe requirements for the awards of MScdegree and Postgraduate Diploma andMSc degree and Postgraduate Diplomawith merit or distinction are described inthe Regulations.

What happens if you fail anexamination/project?In the event that you should fail anexamination or the project at your rstattempt, you are entitled to one furtherattempt in a following academic session.

Please consult the ProgrammeSpeci cation and Regulations for full

details of resubmission requirements(pay particular attention to thoseconcerning resubmission of projecttopics and supervision).

Assessment of your onlinecontributionThis section is not relevant to studentswhose rst year of registration was2010–2011 or a subsequent session.However, for students who rst registeredbefore 2010–2011, a satisfactory

contribution to an online seminar ispart of the assessment of the SecurityManagement module.

This will be assessed by the submissionof a report to your tutor and will count fora small part of the assessment for thatmodule. The examination for that modulewill count for the remainder. The reportwill be a self-assessment of your owncontribution to an online seminar.

What counts as an onlinecontribution?

It is important that you make sure thatyou have a clear idea of what countsas a meaningful online contribution.Clearly, you will be expected to makecontributions that display someinvolvement with the study materials and that are relevant to the current seminar

topic.Note that the quality of your contributionto an online seminar does not dependdirectly on your subject expertise. Thereare many different ways in which you canmake a quality contribution. These include:

• responding to questions that ariseduring the seminar

• asking relevant questions during the

seminar (although note that askingquestions alone is unlikely to beregarded as an adequate contribution)



• providing your personal viewpointconcerning issues arising in theseminar

• reecting on the discussionby providing summaries of thearguments so far

• describing personal experiences

relevant to the seminar topic• providing pointers to relevant links

or articles relating to the seminardiscussion.

The main point is that you will need tobe involved and thinking about the issueswith the motivation to take part.

Your seminar tutor will make clear at thestart of the seminar the kind of things

that will be looked out for, which willbe dependent on the topic or activityspecied in the seminar itself.

How do I assess my contribution?

Your tutor will require you to submit areport containing a self-assessmentof your contribution to the rst onlineseminar of the Security Managementmodule. This report will take the form of

a self-evaluation of your contributions inthe seminar, including their content andquality and how they compared with othercontributions. More details of this self-evaluation process will be provided at thet t f th i

What about resits?

If you have to resit a module examinationfor the Security Management module,your online seminar mark will be carriedover. It is possible to register again foronline support in the session of your resitexamination, and for this an appropriate

fee will be charged. Check the PSR fordetails.

ResultsExamination results are postedanonymously on the InternationalProgrammes website on a date which willbe advertised there. This is usually aroundthe end of July. Students will receivewritten conrmation of these in August

together with registration or graduationdetails for the following year.

Documents

Info Security Handbook 2012 13 Gen