The Bachelor of Engineering with Honours in Information and Communications Technology (Information Security) is a four-year direct honours degree programme and is also the first undergraduate degree programme offered by a local autonomous university that majors in information security. The programme is designed to provide students with the necessary industry-relevant knowledge and practical technical skills to become specialised professionals in the field of information security that will be in demand by the industry.
Building on the core computer science fundamentals, specialised in-depth knowledge and technical skills will be taught to cover a holistic range of topics in Information Security. Students will learn about Secured Software Development, Ethical Hacking, Digital Forensics as well as Security Governance and Management. Security in emerging areas such as mobile and cloud security will also be covered.
The Programme’s Mission Statement
To train highly specialised professionals that can integrate seamlessly and contribute effectively to the Infocomm industry.
The Programme Educational Objectives
The programme aims to train students to become highly specialised professionals with deep technical capabilities that continuously improve themselves to be catalysts for transformation while remaining grounded in the community. As such, alumni of the programme are expected to achieve the following Programme Educational Objectives within five years after graduation:
Team Integrated Project: During the course of the programme, students will be given the opportunity to develop innovative information security solutions with the industry through an Integrated Team Project.
Industry Certification Module: To further enhance their industry relevance, students will also be required to obtain at least one industry certification as part of the curriculum. This Industry Certification Module aims to promote life-long learning and inculcate students with the habit of keeping up with advances in technology even after graduation through industry certifications.
Integrated Work Study Programme (IWSP): To facilitate the seamless transition of graduates into the industry, a key feature of the curriculum is the IWSP. Students will embark on a year-long IWSP during their final year when they will take on real work and meaningful capstone projects with their host organisations.
To integrate the study component into their work experience, students will return to the university two mornings a week: one morning to consult their professors on their capstone project and to highlight their progress at work, and the other to attend flipped classes. During flipped classes, students will be able to bring their real work experience into the classroom for discussions. Ideas and solutions generated from these classroom discussions can then be brought back to their host organisations to promote innovation in the company.
After completing the degree programme, the students should satisfy the following Student Learning Outcomes (SLOs) as specified by the Engineering Accreditation Board (EAB):
Accreditation of the programme will be sought with the EAB.
This programme will equip its graduates with the required academic knowledge and professional skill sets to take up specialist jobs in Information Security including, (and not limited to) Malware Analyst, Cyber Security Specialist, Information Security Systems Engineer, Pentester, Technical Information Security Officer, Application Security Analyst, IT Security Consultant, and IT Infrastructure Architect. Other than these specialist jobs, as the students are also well-grounded in generic computer science, they are not only employable in the field of Information Security but could also take on generic ICT job opportunities that are available to computer science graduates as well.
Eligibility and Exemption
Diploma holders from any of the five local polytechnics and A-Level graduates are welcome to apply.
Holders of BCA Academy Diploma in Construction IT are eligible to apply.
Subject to approval, diploma holders may be granted exemptions for up to 10 modules based on modules taken during their diploma course. Exemptions may also be considered for relevant professional or industrial certifications.
To be updated.
This module is intended to be at an introductory level to provide an overview of the different modules taught in the ICT programme. The purpose is to enable students to appreciate the relevance and interrelationships of the different modules without being lost in the details, as well as to instil an ICT mindset in them. Specifically, this module covers a wide variety of topics ranging from binary systems, the building blocks of hardware, the building blocks of software, operating systems, to computer networks and security.
Programming is one of the most basic and essential skills for any professional in the field of Information and Communication Technologies (ICT).
This module is intended for students with no prior computing knowledge or experience beyond basic familiarity with the operation of a personal computer and can be taken by any student interested in acquiring basic programming skills. In the context of the ICT programmes, the module is intended to be taken by students in their first term.
The foundations provided in this module are essential in most modules of the following terms in the ICT programmes. The topics covered in this module include Introduction to the historical and social context of computing, Basic concepts in programming (Data types, Control structures, Functions, Arrays, pointers, Files), Running, Testing and Debugging scripts and programs, Overview of Programming paradigms.
Programming concepts are demonstrated in a variety of languages and practised in a scripting language (Python) as well as a standard programming language (C).
This is a foundation module whose main focus is on the characteristics and development of relatively high level ‘building’ blocks of a computer system. The highest level learning objective is to make clear how a computer program written in text is actually ‘executed’ by a computer, regardless of it being a mainframe, desktop or embedded system. A myriad of basic lower-level topics include explaining how a central processor operates, the characteristics of different memory subsystems, data representations and measurements of system performance will be covered. To ensure in-depth coverage of the topics, students will be exposed to assembly language programming and may be given the opportunity to experiment with a micro-controller based system during the course of the module. This module will also introduce some higher-level languages (such as C) that serve as a precursor for the "Embedded Systems Programming" module.
IT applications are increasingly web-based. This module covers the essential web technologies to equip students with the useful skills to build websites for web-based IT applications.
To begin, an overview of the web architecture will be presented to clarify the myriad and rapidly evolving web technologies. Next, the popular web technologies will be covered in details.
Mathematics is the foundation of any computing discipline, including Information Communications Technology (ICT). Hence, it is essential for students to acquire a level of mathematical maturity to help them better understand the ICT modules in their studies.
This module will equip students with the core mathematical knowledge in two broad focus areas: discrete mathematics, and probability and statistics. For discrete mathematics, topics covered include basic logic, functions, relations and sets, graphs and trees, and sequences and series. For probability and statistics, topics include descriptive statistics, probability theory, probability distributions, sampling distributions, and inferential statistics.
This module provides an introduction to information and communications technology within the organizational and social context, and the role technology plays in managing businesses and delivering services.
Technology trends towards greater complexity, networking and mobility, methods for improving business competitiveness, and creation of new value via technology in the current networked and global climate will be discussed. Other topics include processes, policy implications, ethics and social responsibility are also covered. The focus will be on the management and strategy aspects of computer systems.
The content will be explored through case studies and discussions, workshops and team projects. There may be invited guest lectures provided occasionally over the semester.
Operating Systems are an essential part of any computer system. It defines an abstraction of hardware behaviour with which programmers can control the hardware. It also manages the convenient and efficient resource sharing among the computer’s users.
In the context of the ICT programmes, the module is intended to be taken by students in their second trimester. The foundations provided in this module are essential in most modules of the following terms in the ICT programmes.
The topics covered in this module include: Introduction to the Operating Systems, their structure, what they do and how they are designed and constructed, Process Management, Process concept, Process Scheduling, Threads, Multithreaded Programming, Synchronisation, Mutex Locks and Semaphores, Deadlocks, Memory Management, Memory Hierarchy and Memory Management Unit, Linking and Memory Allocation, Fragmentation, Paging, Segmentation, Virtual Memory Management, Demand Paging, Page Replacement, Thrashing, File System Management and Storage Management, File Attributes, Directory Structure, File System Structure, Mass Storage Structure, I/O Systems, Protection and Security, Case Study on The Linux System.
Operating Systems concepts are demonstrated in an instructional operating system that is similar to modern Unix systems but being simpler and smaller, as well as programming in C/C++ programming language.
This module introduces the fundamental concepts of data structures and the complexity analysis of algorithms that operate on them.
Topics include recursion, fundamental data structures (including arrays, linked lists, stacks, queues, hash tables, trees, heaps and graphs), and efficient algorithms for manipulation and searching of data in these data structures (e.g. sorting, hashing, searching, etc.).
The inner workings of the different data structures and algorithms introduced in this course are demonstrated using a programming language such as Java.
The aim of this introductory module is to enable students to learn the basic language constructs and APIs of Java and C++ and apply them to construct practical software components.
The module gives coverage of fundamental algorithmic constructs in Java and C++ that realize logical, arithmetical, execution flow control and data manipulation behaviours in code.
Essential APIs and code specification will be covered to encourage reusability for more efficient, scalable programming. Students will also be introduced via hands-on assignments to the application of basic object-oriented concepts that include class, inheritance and polymorphism.
Basic testing using JUnit and CPPUnit will be covered.
Upon completion of this course, students will be able to apply what they have learnt to implement object-oriented software applications. They will also have an understanding of the benefits of code documentation and reusability.
Computer networks and the Internet are ubiquitous. Many IT applications are now web-based and are dependent on the networks. This module covers the technologies of computer networks, using the Internet as a real-world reference.
The topics covered include the OSI and TCP/IP networking models, the ideas of layering, encapsulation, communication protocols, network infrastructures (LANs and WANs), the interconnection of networks with switches and routers, IP addressing and routing, TCP, UDP, common application layer protocols like DHCP, DNS and HTTP, socket programming, and network management.
In addition, practical lab exercises using network simulator and protocol analyser will be introduced to enhance the understandings of the students.
Upon completion of this module, students should also be ready to sit for the industry CCENT/CCNA Routing and Switching certification.
The aim of this introductory module is to enable students to learn and apply the basic principles and processes of software engineering. It gives broad coverage of important terminologies, concepts and techniques in software engineering including commonly used software life-cycle process models (e.g. agile, waterfall, spiral, V-Model, etc.). Upon completion of this course, students will be able to perform basic requirements engineering and design, particularly using UML and be able to adopt appropriate process models for software development projects. They will also have a basic understanding of requirements engineering, software architecture, testing, software maintenance and project planning.
Active learning lectures will be reinforced by flipped tutorials and project-driven labs. For tutorials, students will work in teams to solve pre-assigned problems before the class sessions, and thereby present and defend their solutions during the sessions. In the labs, students will work in teams on client-based projects and utilize a suitable software development life cycle to realize the software products. Besides learning to apply module knowledge during their tutorials and in their development project, students will have the opportunity to learn to make decisions, work, cooperate and communicate with others in a team. As part of the module assessment, each team will develop the client-specified product along with associated deliverables, conduct a software product demonstration as well as undergo individual performance evaluation and peer group evaluation.
This module will teach the student about the processes and technologies used to recover, preserve and analyse data from digital sources e.g. hard disks, memory and mobile phones. Students will also learn about the legal, ethical and testimonial aspects that are found in practical scenarios.
Topics covered include Introduction to Forensics and Anti-Forensics; Data recovery from encrypted, obscured, or deleted sources; Preservation of Data as Evidence; Data Integrity Verification; Analysis of preserved data; Mobile Phone Forensics; Issues in Anti-Forensics; Topics on Law, Ethics and Testimony in Forensics; Tools and Techniques; Case Studies.
This module will teach the student about the security aspects of networks based on the 7-layer OSI model and will focus on security issues spanning layers 1 through 5.
Students will learn about weaknesses in the network, how they can be exploited as well as tools, devices and techniques that can be used to protect the network.
Topics covered include Network-based Attacks and Threats; Layer-specific Attack Vectors and Security Issues; Designing Network Perimeter Security, Defense in Depth, De-Militarized Zones and Screened Subnets, Border Router, Packet Filtering, Firewalls, Host Hardening, Intrusion Detection and Prevention Systems; Tools and Techniques; Case Studies.
This module will teach the student about processes and technologies used to perform penetration tests and fuzzing on IT systems and networks (layers 6 and 7).
Students will also learn how to analyze and report the information uncovered during the pentest.
Topics covered include Security Attacks and Threats to Systems and Applications; Best Practices; Analyzing Security - Attack Vectors and Surfaces; Tools and Techniques; Penetration Test Overview – Process and Methodology; Organization and Reporting; Passive and Active Reconnaissance; Scanning; Gaining and Maintaining Access; Exit Housekeeping; System and Application Hacks; Case Studies.
This module will teach the student about the cryptographic algorithms and protocols used in the protection of real-world systems.
Topics covered include symmetric-key cryptography, public-key cryptography, public key infrastructure, hash functions, message authentication codes, key management, presentation layer process, authentication protocols, key establishment protocols, and real-world applications of these cryptographic primitives; Cryptanalysis and Cryptographic Attacks
This module introduces students to the domain of web security, with focus on web application security, and the security of web application servers and infrastructure. Students will be introduced to common web application vulnerabilities, and how such vulnerabilities could be exploited to, e.g., steal data, bypass authentication and business logic, to more severe situations such as remotely launching executable codes on the server.
Students will be given the opportunity to try these attacks out themselves using tools and techniques taught, and learn approaches to mitigate such threats. Students will also learn about web application servers and infrastructure, and how to configure them for security, as well as policy and governance aspects pertaining to web security.
The module consists of lectures and practical sessions, and students are assessed completely via practical assessments and assignments.
This module will teach the student about the security aspects of specified smart mobile phones.
Topics covered include mobile phone computing architecture; debugging environment; smartphone attack surface and specific vulnerabilities; messaging security; browser security; kernel security; file-based security; fuzzing strategies and techniques; firmware dumps and reverse engineering; emulators, tools and techniques; case studies.
This module will teach the student about the leadership, organizational structures and processes that safeguard information.
Topics covered include: aligning information security program with business needs, developing a security strategy, establishing security management structure, security governance with reference to security frameworks such as ISO/IEC 27000 series, COBIT and ITIL, creating effective security policies, risk management processes, risk mitigation, laws and regulations such as Sarbanes-Oxley (SOX) and PCI-DSS, security compliance and audit, cloud computing policy, risk and governance, compliance and legal considerations for the cloud, case studies.
Possible Text: Information Security Governance Simplified: From the Boardroom to the Keyboard, by Todd Fitzgerald, CRC Press, 2011.
ICT is an ever-evolving area where cutting-edge developments are common and ICT professionals have to consistently keep up with the global trends and advances to progress well in their careers.
As such, this GREAT programme aims to expose students to the advances in Software Engineering through a series of activities including an overseas study trip to the one or more leading international software companies or institutions.
This study trip will also enable students to broaden their horizons and gain valuable global/regional insights to software engineering practices in the industry.
This is the first of the two compulsory value-added programmes that aim to develop the “soft” skills that would allow the ICT graduates to successfully transit from a student to an ICT professional.
This module will consist of a series of workshops covering various topics to develop the skills necessary for the students to successfully gain employment in the ICT sector.
Topics will include Career planning & management, Self-discovery, Personal branding, Job search strategies, resume writing & cover letter, Interview skills, Business etiquette, Networking skills and Managing online image.
Industry talks from companies from various ICT sectors will also be conducted to aid the student in better understanding the different ICT sectors as well as their potential career advancements in each sector.
This module focuses on the skills required by IT professionals to work effectively and ethically in a business environment.
In accordance with the professional guidelines set by Association for Computing Machinery (ACM) and IEEE Computer Society, the module exposes students to professional, ethical, legal, security and social issues and responsibilities of IT professionals.
It is designed for students in their second year of Higher Education studies and assumes familiarity with various technical aspects of ICT as a profession.
The module consists of a series of workshops designed to develop the necessary skills for students to better integrate into the ICT workforce and progress in their careers while advancing the integrity and reputation of the profession of Software Engineering.
Topics covered include Ethical decision making, Professional codes of conduct, Ethical issues encountered by IT professionals, information security and issues in the management of information technology, Performance management and Effective teamwork. Students will also be attending career talks and interviews for their IWSP placements as part of this module.
To keep up-to-date with the advances in technology, it is common for ICT professionals to attend courses during their careers. Some of these courses may also lead to internationally recognised certifications that are highly-valued by the industry. To inculcate the student with this approach to life-long learning and career advancement, this module requires the student to pass at least one of the certification courses offered by various industry majors or certification bodies. The list of certification courses accepted will be updated regularly to cover the areas that are in demand by the industry. Such areas may include data analytics, cloud solutions architectures, open-source software development and cyber-security.
Students will be grouped into teams of 5-6 and will be working on an integrated team project utilising all the foundation knowledge and skills obtained from the modules that they have covered so far. The students will work to provide a solution for a real problem that will be solicited from industry (e.g. prototyping for a SME). This project will enable students to develop the required skills for working as a team. As this project will run through the entire duration of the semester, some students may be taking their breaks or holidays. Thus, this creates an opportunity for the teams to make use of online collaboration tools as well as practice coordination of team projects where members have heterogeneous abilities and schedules.
This module will teach the student about the practical aspects of operations security and management of security incidents.
Students will learn to identify threats to an organization and to develop contingency plans to detect, respond and recover from attacks.
Topics covered include business impact analysis, resource protection, patch and vulnerability management, incidence response plan, disaster recovery plan (DRP), business continuity plan (BCP), DRP/BCP in the cloud; case studies.
This module will teach the student about existing and advanced malware types, how to reverse engineer captured malware and reveal their behaviour and also how to analyze and classify them into various families.
Topics covered include Introduction to Assembly Language Subset; Implementing, testing, executing and debugging assembly language programs; Malware Types and Behavioral Differences; Tools and Techniques; Packers and Unpackers; Reverse Engineering of Malware; Static and Dynamic Analyses; Malware Classification Techniques and Heuristics, Anti-Malware Defense Techniques, Memory Scanning and Disinfection; Case-Studies.
As more organisations are dependent upon the software for their operations, insecure software can be one of the biggest threat that may cripple an entire organisation and potentially lead to massive losses.
Thus, there is a need for software engineers to recognise this and build secure software at the onset.
This module will cover the process of building secure software, and the techniques and tools that can be applied at each stage of the software development lifecycle, including security requirements analysis, secure design, threat modelling, secure coding and security verification.
Reference may be made to some industry methodologies, for example, Microsoft Security Development Lifecycle.
This module will teach the student about data analytics techniques and algorithms and how to apply them to evaluate a computing/communication domain’s attack surface quantitatively and qualitatively. Topics covered include: Identification of Data Collection Sources; Security Monitoring – Blacklists, Whitelists, APT Tagged Domains; Virtualized Appliances and Environments etc; Security Intelligence Mining; Security Analytics Warehouse; Dashboards, Tools and Techniques; Case-Studies.
With the availability of Massively Open Online Course (MOOC) such as Coursera, Udacity, Edx, etc., there is now a wealth of knowledge that can be tapped from the Internet.
This is further supplemented by other sources of online contents such as Wikipedia as well as easily-usable search engines like Google.
The purpose of this module is to expose the student to this emerging trend and train them to be independent learners.
Students will be teamed into groups of 2-4 and each team will have to decide on a non-ICT subject in another industry sector (e.g. accountancy, taxation, nursing practice, hotel management, etc) of their common interest.
Students will have to self-learn on the selected subject and each team will have to create their own e-Learning portal that will be scored by other teams as well as the international community.
This is a major individual project that is to be undertaken by the student that utilises the technical capabilities, professional skills and the academic knowledge obtained during the course of this degree programme. The project has to be of reasonable complexity and allows scope for the student to demonstrate the various aspects of software engineering. As the capstone project will be carried out concurrently with the student’s placements, hosting organisations may also propose capstone projects which may lead to actual industrial usage.
Students have to perform a year-long work placement to integrate the skills and knowledge obtained from the course in the real world. Students will be working all afternoons (or equivalent) in a company with an ICT-related job-scope. Integrated studies (the Flip Modules, ICT4003, ICT4004 & ICT4005) during their placements will also be carried out to promote lifelong learning.
The module highlights the importance of productivity and the different ways of measuring and managing it. It introduces productivity improvement programs such as action learning, quality circles, and inter-firm comparisons, and offers information on the most important areas in which productivity can be improved (quality maintenance, waste reduction and human resource management). The course will also cover key knowledge areas in processes, tools, techniques and best practices in productivity management. As students are taking this module during their IWSP, they could practice many of the topics covered to help analyse and optimise the productivity at their host organisation.
Instead of the traditional problem-based thinking that many engineers are accustomed to, this module introduces an alternative methodology that focuses on a solution-based approach. This module will introduce the student to the basic principles of design thinking including reframing, collaborative exploration, user understanding, ideation, prototyping and integrative thinking. A solution-based approach allows for ideas to be quickly conceptualised and improved upon. It is intended that the student will apply theses design thinking methodologies during their IWSP, thus, inculcating their host organisation with an alternative approach to innovation that can be utilised in their products as well as their business operations.
This course aims to teach the students about the concepts of change management, drawing to three levels namely societal, organizational and individual. The students will be introduced to a number of change management theories and apply the theories at different levels. As this module is going to be carried out concurrently with the student’s placement, the student would also be able to analyse and reflect how changes took place at the hosting organizational as well as at the individual level. The student should also be able to develop, after taking this module, individualised strategies when dealing with change in the future.