Protecting digital information from unauthorised access and use, and ensuring the resilience of the underlying network infrastructure and systems, are key challenges for the continued technological development of our society.
The science behind our Information Security MSc connects various disciplines; from computer science, electronic engineering and mathematics, to design concepts, mechanisms and technologies for effective protection of digital information, communication infrastructures and computing systems.
Focused on key information security concepts, mechanisms and technologies, our programme examines fundamental and advanced topics in important areas of modern information security, striving to achieve a balance between theoretical foundations and practical experience.
This programme is studied full-time over one academic year and part-time over three academic years. It consists of eight taught modules and a dissertation.
Example module listing
The following modules are indicative, reflecting the information available at the time of publication. Please note that not all modules described are compulsory and may be subject to teaching availability and/or student demand.
The programme will:
Knowledge and understanding
Students will gain:
Intellectual / cognitive skills
Students will leave the programme with the ability to:
Professional practical skills
Students will gain the ability to:
Key / transferable skills
Students will have:
We often give our students the opportunity to acquire international experience during their degrees by taking advantage of our exchange agreements with overseas universities.
In addition to the hugely enjoyable and satisfying experience, time spent abroad adds a distinctive element to your CV.
The Information Security MSc offers a specialist programme designed to provide a fundamental understanding of information security and to convey practical engineering skills. There are good prospects for highly trained information security professionals and there is a shortage of trained personnel in this area.
Students develop an advanced knowledge of information security and an awareness of the context in which information security operates in terms of safety, environmental, social and economic aspects. They gain a wide range of intellectual, practical and transferable skills, enabling them to develop a flexible professional career in IT.
Students undertake modules to the value of 180 credits.
The programme consists of four core modules (60 credits), four optional modules (60 credits) and a research project (60 credits).
Students choose 60 credits from the following:
Please note: the availability and delivery of optional modules may vary, depending on your selection.
All MSc students undertake an independent research project which culminates in a dissertation (maximum length of 120 pages) and an oral presentation.
Teaching and learning
The programme is delivered through a combination of lectures, seminars, problem classes, tutorials, laboratory classes and projects. Assessment is through written examinations, presentations, vivas, tests, coursework, written reports, formal presentations and the research project.
Further information on modules and degree structure is available on the department website: Information Security MSc
UCL graduates are keenly sought after by the world's leading organisations. UCL Computer Science graduates are particularly valued as a result of the department's strong international reputation, strong links with industry, and ideal location close to the City of London. Our graduates secure careers in a wide variety of organisations, e.g. with global IT consultancies, as IT analysts with City banks, or as IT specialists within manufacturing industries.
Recent career destinations for this degree
Some of the brightest alumni of the degree go on to careers in academia. The majority of our students take jobs in the software and consultancy industries, usually in a security-related role such as security standards compliance, secure software design or security consultancy. Students have the opportunity to do industrially based projects with companies such as BT and McAfee. The department is recognised as an academic centre of excellence on cyber security and further opportunities to expand both academic and industrial contacts arise through the ACE-CS guest lecture series integrated into the degree.
Careers data is taken from the ‘Destinations of Leavers from Higher Education’ survey undertaken by HESA looking at the destinations of UK and EU students in the 2013–2015 graduating cohorts six months after graduation.
UCL Computer Science is recognised as a world leader in teaching and research.
UCL received the highest percentage (96%) for quality of research in Computer Science and Informatics in the UK's most recent Research Excellence Framework (REF2014).
This MSc is taught by academics who conduct world-leading research, most notably in cryptography and human-centred approaches to security, privacy and trust. Access to industry-led projects and guest lecturers from academia and industry will enhance post-graduation opportunities for careers in security-related research, or employment in cyber security roles.
UCL's central London location enables students to enjoy the full benefits of life in a vibrant world city with easy access to excellent scientific and cultural centres.
Information Security has been successfully awarded full certification from the National Cyber Security Centre (NCSC). Students who wish to gain the certification with their degree need to choose COMPGA14 Information Security Management as one of their optional modules.
The Research Excellence Framework, or REF, is the system for assessing the quality of research in UK higher education institutions. The 2014 REF was carried out by the UK's higher education funding bodies, and the results used to allocate research funding from 2015/16.
The following REF score was awarded to the department: Computer Science
96% rated 4* (‘world-leading’) or 3* (‘internationally excellent’)
Learn more about the scope of UCL's research, and browse case studies, on our Research Impact website.
A world renowned programme; the first of its kind in the world, this Information Security course looks at both technical and management aspects of cyber security and teaches you about technologies including cryptography, computer security, fraud detection, and digital forensics.
- You will gain cyber security skills for senior level careers by focusing on principles and issues, and you will learn how information security can best be managed.
- You will benefit from Royal Holloway’s wealth of research, expertise and practical consulting experience, which ensures that the degree is up to date and commercially relevant.
- You can study most modules on a stand alone basis and earn CPE credits. Students come from a variety of backgrounds, ranging from new graduates through to senior security managers in blue chip enterprises seeking a formal qualification in Information Security.
“Achieving the Masters has significantly benefited my career in Information Security; previously, I provided specific technical advice to customers, but now, with the breadth and depth of knowledge gained during the MSc, I also deliver security strategy consulting to senior executives.” Paul Schwarzenberger, MSc Information Security
The programme has been developed by academics within the Information Security Group (ISG) [external link] at Royal Holloway, University of London, one of the foremost academic security groups in the world.
ISG awarded Centre of Excellence status - Royal Holloway, University of London has been recognised for its world class research in the field of cyber security by UK intelligence agencies GCHQ.
The ISG is at the cutting edge of research into the design and evaluation of smart cards, electronic commerce, security management, mobile telecommunications security, and the integration of security techniques into specific applications. The ISG was awarded a Queen's Anniversary Prize in 1998 in recognition of it providing "a unique national resource for the training of information security specialists".
"A pioneering course that continues to provide students with the essential knowledge and understanding of information security, with many graduates going on to fill senior roles." Malcolm Marshall, Partner, KPMG.
Graduates of the programme can be found in many organisations, ranging from large financial institutions to technology and research- oriented organisations, as well as security specialists. The MSc is also a foundation for further postgraduate research.
You can study any of the compulsory core modules, plus the optional module 'Digital forensics', on a stand-alone basis and earn CPE credits. On successful completion of each module you will receive a University of London certificate.
This programme is offered online, enabling you to fit your studies around work and family commitments. To complete in the minimum study period you will need to study 24 hours per week during the academic session (September-April). To complete the degree in four years, which is normal for those in full time employment, you will need to study about 12 hours per week over the academic session.
Fully supported by a Virtual Learning Environment, you will take part in online tutor-supported seminars and discussions; a virtual student cafe allows you to interact and network with other students.
If you have any questions, please contact our Student Advice Centre.
The creation, transmission and storage of huge volumes of electronic data is one of the defining features of our age. Whilst these technologies bring us untold benefits, they also expose businesses, governments and individuals to repeated threats, such as fraud through data manipulation, deliberate sabotage and blackmail. As a result, businesses, governments and individuals around the world rely on the expertise and innovations of information security specialists, without which global communications systems would grind to a halt.
Want to join this expanding field and learn from the very best? Our flagship Information Security programme was the first of its kind in the world. It is certified by GCHQ, the UK Government Communications Headquarters, and taught by academics and industrial partners in one of the largest and most established Information Security Groups in the world. We are a UK Academic Centre of Excellence for cyber security research, and an Engineering and Physical Sciences Research Council (EPSRC) Centre for Doctoral Training in cyber security. We work closely with industry, and much of our curriculum and research is informed and audited by the industry itself. Our teachers are specialists in the field, with backgrounds in computer science, engineering, mathematics, statistics and the social sciences.
Our broad curriculum encompasses cryptography, fraud detection, system security, network security, device security and the study of how security itself should be managed. You will learn about the technical, legal and commercial aspects of the industry and have the chance to complete a supervised dissertation on a topic of your choice. In a typical year you could benefit from lectures and seminars given by as many as 50 different guest speakers. You will also have access to our virtualisation software, for experimenting with network security settings and ideas, as well as to our Penetration Testing Laboratory and industry-sponsored Smart Card Centre.
We offer a friendly, supportive learning environment and you will have a dedicated personal adviser to guide you through your studies. The skills you gain will open up a range of high-level career options and provide a solid foundation if you wish to progress to a PhD. Our graduates are in demand for their cutting-edge grasp of the field as well as their technical expertise and transferrable skills such as data handling, analysis, problem solving and research. The programme can be completed in one year full-time, two years part-time, three to seven years through Continuous Professional Development (CPD), or two to four years through distance learning.
The programme can be completed in one year full-time, two years part-time, three to seven years through Continuous Professional Development (CPD), or two to four years through distance learning.
In addition to these mandatory course units there are a number of optional course units available during your degree studies. The following is a selection of optional course units that are likely to be available. Please note that although the College will keep changes to a minimum, new units may be offered or existing units may be withdrawn, for example, in response to a change in staff. Applicants will be informed if any significant changes need to be made.
We use a range of teaching methods, including seminars, lectures and practical lab work. There is a strong focus on small group teaching. The programme has a flexible, modular structure, combining a sueprvised dissertation and mandatory courses that together make up 120 of the 180 credits required to pass, with a range of optional modules on specialist topics, worth 20 credits each.
During your studies you will be invited to attend an intensive, two-day revision course to prepare for the Certified Information Systems Security Professional (CISSP) exams, which you will then be able to sit on campus, through an established arrangement with (ISC)2.
Assessment is through a combination of end-of-year examinations sat in May or June and the written dissertation, which has to be submitted in September.
By the end of this programme you will possess the knowledge and skills to pursue a career as a cyber security professional, and an ideal basis for moving on to further postgraduate research if you prefer. You will have an advanced knowledge and understanding of the latest breakthroughs and techniques, as well as key challenges and opportunities in the field. This programme will also give you valuable transferable skills such as advanced IT skills, data handling, analysis, research, communication, problem solving, time management, adaptability and self-motivation.
Our graduates are highly employable and in recent years they have gone on to forge successful careers in a wide range of sectors, including: banking, telecommunications, security consultancies, the civil service, public utilities and the retail sector.
You will be assigned a personal advisor to guide you through your studies and advise you on further postgraduate opportunities. The campus Careers team will be on hand to offer advice and guidance on your chosen career and the University of London Careers Advisory Service runs regular sessions on finding summer internships or vacation employment and securing employment after graduation.
Study computer and information systems security on a course that combines academic teaching, industry input and practical skills development.
The course has four main focuses
This course is ideal if you are already working in an information technology environment or if you wish to specialise in the field of information security. After successfully completing it, you gain industry-recognised certifications that will assist you in progressing further in this field.
You focus on both the technical and managerial aspects of information security. The technically-focused modules involve you exploring a range of systems, tools and techniques at the cutting edge of technology. The managerial-focused modules give you an appreciation of the role information security has in an organisation and how it can be implemented and managed.
On this course you
Free training and certification exam
Thanks to our association with BSI Learning, you are entitled to attend the BSI ISO27001 Lead Auditor course and take the official exam which allows you to become accredited as a BSI certified lead auditor.
Our ethical hacking module is aligned with the CREST Practitioner Security Analyst (CPSA) syllabus providing graduates with industry recognised and desired skills.
BSI lead auditor qualification
• ISO27001 Lead Auditor
BSI courses are delivered by approved BSI trainers and qualified ISO27001 lead auditors. As part of the course you receive the same course material as the official BSI training courses.
Guest Speakers from industry
Due to our strong ties with industry we regularly have special guest speakers. Recent speakers have included industry professionals from Mozilla, South Yorkshire Police, RSA and Blackberry.
In 2014 Sheffield Hallam hosted the North of England's first Ethical Hacking Conference Steelcon. This is set to be an annual event with 2015's event already booked.
We developed this course along two main lines.
The first covers the principles and issues of security design concerning systems and systems integration, web and operating system based applications and communication networks.
The second addresses the methodologies and development of skills required to perform security assessments of complex information systems.
Semester one modules
Semester two modules
Semester three modules
You study research methods and do a substantial research project leading to a dissertation.
Group and individual coursework. You also do a range of
On this course, you gain the knowledge, skills and experience you need to work in many different positions, from technical to management roles.
The Institute of Information Security Professionals (IISP) has highlighted the following specialisms in the area.
Strategy, policy, governance
• strategist • policy manager • information technology services officer (ITSO) • department security officer (DSO) • chief information security officer (CISO)
Risk management, verification and compliance
• risk analyst • risk assessor • business information security officer • reviewer • auditor
Incident and threat management and response
• incident manager • threat manager • forensics (computer analyst, mobile and network analyst) • computer security incident response team (CSIRT) • attack investigator • malware analyst • penetration tester • disaster recovery • business continuity
Operations and security management
• network security officer • systems security officer • information security officer • crypto custodian • information manager
Engineering, architecture and design
• architect • designer • development • secure coding • software design and development • applications development • security tools • implementation
Education, training and awareness
• security programme manager
• security researcher
Successful graduates of this course have gone on to work for companies such as HSBC, Citrix, and Price Waterhouse Coopers.
The number of information security incidents, as well as the financial losses relating to such incidents, is increasing. Thus, it is not surprising that information security management, aimed at safeguarding an organisation's information assets, has become a key strategic issue for many organisations.
In today's complex environments, safeguarding an organisation's information assets is difficult and requires more than solely technical skills. In order to facilitate a broad understanding of the field, our programme includes courses considering organisational, social and technical aspects of information security.
During the first year, students will gain a broad understanding of information security and develop advanced knowledge and skills within information security management. The second year aims to develop advanced knowledge and skills in research and investigation. Students will learn how to develop and communicate knowledge within the field of study as well as increase their degree of reflection on research and practice within the field. Teaching is based on case-based learning and flipped classroom pedagogy. These pedagogical methods encourage students to active learning and to develop their problem-solving skills which are necessary to address the complexity of information security management in organisations. By working with cases developed in collaboration with our industry partners, the students gain a deeper understanding and practical field experience.
The Masters in Information Security provides you with a thorough grounding in professional software development, together with experience of conducting a development project, preparing you for responsible positions in the IT industry.
Modes of delivery of the MSc in Information Security include lectures, seminars and tutorials and allow students the opportunity to take part in lab, project and team work.
Depending on staff availability, the optional courses listed here may change.
If you wish to engage in part-time study, please be aware that dependent upon your optional taught courses, you may still be expected to be on campus on most week days.
You will be well qualified for responsible software development positions, not only in the IT sector but also in many other sectors such as education, engineering, health services, financial services, government, manufacturing, retail, and transport. Expertise in information security is particularly prized by employers. You will also be well qualified to proceed to a PhD in computing science.
Graduates of this programme have gone on to positions such as:
Web Developer at Bazookas Studios.
This programme aims to develop research-based practice amongst professionals currently working within the Information Security area. As a result of the rapid growth in both the availability of global information structures (e.g. the Internet) and the number of users, information security professionals are facing major challenges providing services that are accessible yet safe. Keeping business channels flexible and easy to use whilst guarding against the e-criminal is an on-going project.
“Despite the growing space and sophistication of cyber threats there are not enough people equipped with the appreciate knowledge, skills and abilities to protect the information technology for strategic advantage” - Professionalizing Cybersecurity: A Path to universal standards and status (2015).
“81% of IT and Cybersecurity Professionals believe that if the right investments in people, process and technologies were in place, their organisations would be better able to mitigate all future security breaches” - 2014 Ponemon Institute Research Report.