Banner

Data Security (Non-Technical) - an online course

About this course

This course is a practical introduction to the techniques used to assess the cyber security risks to your information assets. You can apply these techniques to ensure that you have met the security requirements of the General Data Protection Regulations (GDPR).

The course is aimed at organisations that have collected data about people and must ensure that data is secure. It provides practical application of cyber security risk assessment, part of which is risk assessment based upon the identification of vulnerabilities commonly found in information systems. 

Having developed skills to identify various system cyber security risks you will go on to identify and implement appropriate risk mitigation strategies for client assurance of data security.

Taking place over six weeks, each week will contain a mix of taught material, self-study, activities and practical exercises, all carried out online.

Apply now

The amount of personal data processed and stored by today's data scientists seems to be forever increasing. An example of this would be the data produced by customers engaging with digital marketing channels. This provides data scientists with very large data sets, which in turn afford opportunities for application of analytics leading to improved business opportunities.

However, recent changes in European data privacy laws, i.e. the GDPR, include the possibility of heavy fines if the data you have collected, processed or stored is not securely stored leading to accidental or deliberate access by unauthorised parties. GDPR has widened the scope of personal data, e.g. an Internet Protocol (IP) address and Media Access Control address (MAC address) are now both considered personal data.

The course starts with demonstrating how to conduct a cyber risk assessment, walking you through each stage of the process and emphasising the types of controls and why they are recommended.

Moving on, as much of the data we use is accessed through web applications, we examine common web vulnerabilities. Locating these vulnerabilities is initially demonstrated using tools that are free and commonly available before introducing more complex tools that are of industry standard.

You will gain a better understanding of the risk associated with an IT system used for data collection and processing. We will take a technical approach, learning the different aspects of the security risk assessment, such as:

  • Management issues in security
  • Technical aspects to security
  • Humans in the loop, social engineering and attack cycles
  • Conducting a risk assessment
  • Development of mitigation strategies
  • Common vulnerabilities found in web applications
  • Using tools to find web application vulnerabilities

You will be assessing the vulnerabilities and threat to components (laptops, server, databases, etc.) in your information systems, to understand the role these play in exposing your confidential data, standard operating procedures and other intellectual property. You will learn how to provide approached controls, in terms of the risk to the information asset and the cost of the control and how to combine these two activities to conduct a risk assessment of a system.

Throughout the course, you will also be asked to consider how you would use the risk assessment approach in your own organisations and reflect on the use of risk assessments to apply appropriate cost-effective controls. 

To assess course progress, you will be asked to complete activities each week and submit three pieces of graded coursework. For the first graded coursework you will identify possible security risks within a fictional ‘University Fees Office’. The second coursework consists of applying skills developed in ‘attacking’ a commercial website to identify security risks then suggest mitigation strategies for a supposedly secure ‘Bank’ website. For the final graded assignment, you will employ the skills and knowledge you have developed to conduct and report a risk assessment based within your own organisation.

Whilst you will complete all of these assignments individually, you will also work in small groups with the dedicated supervision of a course tutor who will be available to provide in-depth assistance if you have any problems.

Aims and learning outcomes

During the course you will learn how to identify threats and vulnerabilities that could lead to a system breach, along with the techniques which enable you to make a judgement of the mitigation and controls required for the data you are handling. This will place you in a stronger position to enable management of the information environment within your organisation.

At the end of this course you will be able to:

  • Understand the requirement for security governance and the legal aspects of cyber security as it applies to data science
  • Identify the type of cyber vulnerabilities and threats to a business
  • Suggest various mitigation approaches to the identified risks
  • Understand the costs for the different mitigation strategies
  • Conduct a risk impact assessment on your organisation

Syllabus

Activities 

  • Vulnerability and threat assessment against a given scenario
  • Risk assessment and mitigation strategies for a given scenario
  • Implement a risk assessment for your own organisation

Week 1 - Introduction

Learning outcomes:

  • Explain how cyber security is part of information security assurance
  • Identify those perpetrating a cyber-attack
  • Express the importance of cyber security in a data science environment

The first week takes you through the current cyber security environment. What is it we want to protect? Where are the threats coming from and what damage might they do? We also examine the role humans play in securing (and not securing) information.

Week 2 - Common Technical Vulnerabilities

Learning outcomes:

  • Explain the need for cyber security
  • Describe the top 10 vulnerabilities
  • Describe the background to the Cyber Essential Scheme
  • Identify vulnerabilities based on the STRIDE methodology

Participants are introduced to possible technical vulnerabilities of information systems and how to protect against attacks that attempt to exploit these vulnerabilities.

Week 3 - Thinking like a Hacker

Learning outcomes:

  • Explain why students are an important link in the security chain
  • Describe how social engineering may be deployed in cyber space
  • Identify methods used in social engineering
  • Apply controls to a given scenario

Using commonly available freeware participants are taught how a hacker may try to attack a web application and the common vulnerabilities that they may attempt to exploit. Using skills developed participants ‘attack’ the vulnerabilities of a commerce website.

Week 4 - Assessing the Vulnerabilities in a Web Application 

Learning outcomes:

  • Use browser based techniques to identify vulnerabilities
  • Be able to attack a commercial website reporting vulnerabilities
  • Recommend mitigation strategies for vulnerabilities identified
  • Identify possible impact of vulnerabilities through poor site design 

Revisiting the commerce site participants are taught how to attack the same vulnerabilities using advanced industry standard tools. With experience of attacking the known vulnerabilities of a commerce site participants move onto using advanced tools to find the vulnerabilities of the website for a fictional bank.

Week 5 - Hacking Assignment 

Learning outcomes:

  • Select appropriate penetration testing techniques
  • Use industry standard tools to identify vulnerabilities
  • Successfully attack a 'Bank' website reporting vulnerabilities
  • Recommend mitigation strategies or vulnerabilities identified
  • Identify possible impact of vulnerabilities through poor site design

This week participants look at the process of conducting a risk assessment, the types of mitigation we can use and some of the indicative cost for implementing these methods of mitigation. Participants practice the risk assessment against components of the system, and when the components come together to form an information system. 

Week 6 - Formal Risk Assessment and Future Cyber Security

Learning outcomes:

  • Conduct risk assessment within own organisation
  • Produce risk assessment report to appropriate standard
  • Recommend mitigation strategies for vulnerabilities identified
  • Discuss legal and ethical aspects of cyber data security
  • Suggest future directions of cyber security for data science

The final week discusses how to handle a security incident and how to plan to recover from a disaster. We will look at resources to allow you to go deeper in to the topics covered on this course.

Fees

The Data Security (Non-Technical) course is £1500 per person, inclusive of VAT.

For corporate packages, please see here.

How to Pay

You can pay by phone, email or Flywire, using the application form here.

Paying Online

  • To make a payment using this method, fill out the application form and select "Pay by Credit / Debit Card".
  • A 2% fee is charged for payment by credit card and we do not accept American Express. 
  • Fees paid by this method will be charged in British pounds sterling.

Paying by Phone

  • To make a payment using this method, fill out the application form and select "Pay by Phone". 
  • A 2% fee is charged for payment by credit card and we do not accept American Express. 
  • Fees paid by this method will be charged in British pounds sterling.

Pay by Email

  • To arrange a payment using this method, please contact us once you have received confirmation of your place. Contact your course advisor, agent, or email us on payments@southamptondata.science 

Flywire

  • To make a payment using this method, fill out the application form and select "Pay by Flywire".
  • Best for international participants: accepting over 70 currencies via credit card, debit card, or bank transfer.

  • Simply visit flywire.com/pay/southamptondata and follow the instructions on the website. Please use the same email address that you used when you applied to the course.