Post graduate training in information security

In the wake of the Love Bug virus crisis, an MSc in information security could provide the security skills your department needs,...

In the wake of the Love Bug virus crisis, an MSc in information security could provide the security skills your department needs, writes Jane Dudman.

As companies count the cost of the recent Love Bug virus, many IT chiefs are looking at creating or improving security teams to ensure that problems such as viruses are tackled head-on.

IT managers will be overhauling their procedures and trying to ensure that IT teams have the firmest possible grasp of security issues. This could involve extra training and, although there are many expensive commercial courses on information security, there is an alternative approach which provides a cost-effective way to find these important skills - an MSc in information security.

Studying for a masters degree may sound daunting, but there is no shortage of applicants for the courses at Royal Holloway and Westminster universities - the only two UK universities that run fully accredited MSc courses in information security. In fact, applications are flooding in.

"One reason we are seeing such high demand is because we are running a very comprehensive programme, with a lot of lectures given by leading industry experts," says Zbigniew "Chez" Ciechanowicz, MSc course director at Royal Holloway University, which is based in Egham, West London. "Applications are going through the roof, partly because of the reputation of the information security group here at Royal Holloway," he adds.

Royal Holloway's reputation was one reason why Paul Lothian, now responsible for new technology risk management at credit card company Visa International, decided to study there for his PhD. "I was interested in the mathematical aspects of IT security and Royal Holloway has excellent links with industry and other academic institutions," says Lothian. "Industry speakers lecture regularly as part of certain courses and it provides excellent training for a career in IT security."

The Royal Holloway MSc degree comprises four core courses and two further specialist courses, one of which is advanced cryptography. This particular module, admits Ciechanowicz, is more suited to specialists. "In our introductory course in cryptography, the maths is pared to a bare minimum, but the optional advanced cryptography course is another matter," he says. "So, although we are the leading academic institution for cryptography certification in the UK, that is not the focus of our MSc course."

The quality of Royal Holloway's research work into cryptography attracts substantial interest from UK government officials. The university's Information Security Group researches areas such as the design and evaluation of cryptographic algorithms and protocols, smartcards, electronic commerce, security management and the integration of security techniques into specific applications.

On the university's MSc information security and secure e-commerce courses, students come from some of the largest companies in the world, particularly in finance and banking. "We have bankers here from every country in the world, including Brazil, Panama and the US, and from every country in the EU," says Ciechanowicz. "We are a world leader in this area. The US does not have anything like this."

EU students pay £2,800 for the course, while students from overseas countries pay just under £10,000. Applicants for the course generally divide into those who have recently done a first degree in computer science and want to pursue an interest in this area and those already in industry or government posts who want to extend their knowledge of IT security. "People don't necessarily need a degree to come on the course," says Ciechanowicz. "I look at their level of seniority, what kind of exposure they have had to these issues and whether I think they could cope with the course."

Not surprisingly, the course has attracted a lot of interest from the big four IT consulting firms, IT security specialists and the financial sector. "We have trained people at quite a senior level from companies such as Deutsche Bank, NatWest, Abbey National and the Prudential," says Ciechanowicz.

Past alumni of the course, which was set up in 1992, are now working in major companies including British Airways and Reuters.

At the University of Westminster, in Harrow, North London, similar levels of interest are being experienced in MSc courses in IT security and e-commerce. The security courses, which are modular and flexible to enable them to be taken by working professionals, are aimed both at senior professionals wanting to widen and update their experience and at more academically-oriented new graduates. "We have developed this series of short courses to be both practical and academic," says Philip Evans, director of the university's centre for research into IT.

Like the course at Royal Holloway, the Westminster course costs less than £3,000 - a substantial saving over equivalent commercial courses, says Evans, which could cost up to £7,000.

The modules offered by Westminster include introductory topics, such as the need for IT security, which provides background material for both computing and non-computing professionals, and detailed study of topics such as threats, counter-measures, standards and procedures. Non-IT professionals taking the introductory modules include solicitors, police and accountants looking to expand their theoretical and practical knowledge of an area that overlaps their own specialities, says Evans.

Finding the time to do a masters degree in IT security is not going to be possible for everyone. But at a time when this issue is top of IT managers' agendas, such a qualification will be a valuable addition to the CVs of those looking for work in the industry.

A graduate speaks

Wai Khin Hoi is a security analyst working in London at investment bank Schroders - a job he says he got largely as a result of doing a MSc at Royal Holloway last year.

"I chose Royal Holloway because there are well-known professors teaching within the Information Security Group there," says Hoi. "Whenever IT personnel discuss security or certification it will be Royal Holloway they talk about."

Hoi liked the wide range of issues covered by the Royal Holloway course, which he felt complemented his own background in software engineering. The course is well known, not only in the UK, but in South East Asia. Hoi, who is from Singapore, says there were people on his course from Malaysia and Taiwan.

But the key attraction was the high reputation of the course. "Graduates from Royal Holloway do get certain recognition," says Hoi. "I got quite a lot of interviews with Royal Holloway."

Hoi feels his qualification was a major factor in getting his present post at Schroders, despite a lack of experience.

Read more on IT risk management