arrow_back_ios View all videos

ONCAMPUS Experts Talk: Information Security at Royal Holloway, University of London

Jorge Blasco Alis, MSc Information Security Programme Director, Royal Holloway, University of London:

The first thing when talking about Information Security is probably, and many people may not know actually what Information Security means. So I wanted to give you two examples of what Information Security has to do with our lives. I mean, every day now we are using a lot of Zoom and we are using a lot of these kind of technologies. The first example of this has to do with WannaCry, and then this happened three years ago. So it's probably already well known. But many of you may unfortunately know what ransomware is. So Information Security, for example, one of the things that Information Security does is, it tries to deal with ransonware of different dimensions. Trying to avoid companies from being affected by the blowing security systems, but at the same time also training the employee so they don't click on the link that infects the computer with ransomware and gets the whole company infected, because that may not only affect a company like in this case, Telefonica, which is a big company, but it may also affect, like in the case of the UK, the NHS, if this happened today, we will be in big trouble because of the systems already constrained by COVID. Imagining having to deal at the same time with a cyber attack is something that we cannot afford. Today unfortunately, most of these problems we have with ransomware is because there are a lot of criminal gangs behind them and just this example is from the 27th of January and this is how this is just to show us how international cooperation has allowed these forces to basically assist the creators of a very well known ransomware family, which was called Emotet. This was used to infect computers and also ask for ransom from those computers.

So when we talk about information security, we not only talk about computer science, we not only talk about how we build these systems that are secure and how we build systems to secure other systems, but we also talk about other fields and I think this is important because when we see or we discuss anything in information security, you will see that some of the modules we have and also inside the entry requirements are not specifically focused on Computer Science. So we accept students coming from Computer Science. We expect students coming from Mathematics because, of course, we need, in order for information to be secure, we need to apply certain mathematical formulas to encrypt that information, so only people with the corresponding keys can access it. But it's not only that, it's also, as I was saying earlier, it also has to do with management. So we get a lot of Management students coming from a manager or business management side, because information is also about organising companies and managing organisations. So the employees within the organisation do things securely. So you need to accommodate a budget for what you will spend on security and the programmes you will be buying, you need to teach employees how to deal with information technology and how to work in a secure way online and those things come from a management side and you need to know how to deal with people in order also to deal with security. And finally, it's also about Law and Regulation because we need to, in Europe, we have data protection and we have the GDPR, which is very important for privacy. And whatever you are running a business, you also need to make sure that you are running the business according to law and regulation, because that it's also a very important thing for the business to be successful and what we do in information security and what students will learn when they are in our MSc, they will learn how to use all of these disciplines  and how to apply them to secure information and other assets that are within an organisation, of course, you can apply this also to your real life. But we teach our students to succeed in the professional life as well.

So the first thing to know is that the Information Security degree within Royal Hollaway is taught by the Information Security Group and this is also another important aspect, because we are not the regular computer science department, we are an information security department and that means that the department has computer scientists as myself. But we will also have social scientists, we will have engineers working the Department and we have different disciplines, but all of them focussed on information security. It's actually oneof the largest departments in the world that has information security staff only. We have like 20 full time staff, 12 researchers at different disciplines, professional Fellows and with our research centres focussed on the specific security aspect, like smart cards, IoT, software.

These are just a few pictures of the campus just to see how nice it is actually to study there.

We are an Academic Centre of Excellence  in Cyber Security Research. We are one of the first eight that was awarded in the UK and this kind of certification is given by the National Cyber Security Centre, which is basically, like the UK spies, if you know, more or less about the US and US movies, you have the NSA. So the NCSC is like the UK NSA. We also won the Queen Anniversary Prize, a little time ago, but we are still current on the kind of things that we do are still current and are still funded by the latest research and a good way of showing that actually is that yesterday we received the reaccreditation for our programmes. So if you study with us, the MSc, the program itself has been checked by the National Cyber Security Centre and has been certified by the National Cyber Security Centre. So they have to checked that what we thought is current and it's been informed by the latest trends in research. And at the same time is also it provides you with the tools to succeed in the professional life. In 2018 we got the best award for having the best cyber security students in the UK, which is something we are also very proud of.

In terms of the specific information and the information security. As I was saying, it's certified, it's accredited by NCSC. It was the first programme in the world back in 1992 but we are noticing the same things because a lot of things have changed. And actually one of the best things we have  is that we actually update the contents of the modules every year. We have accepted students coming from a very diverse backgrounds, including, for example, Law. And yes, I mean, I remember like a couple of years ago of my private students, she came with a Law degree and she got a Distinction at the end. So even coming from a non-technical background, you can still succeed.

In terms of modules, just to give you a quick glance. We talked at the beginning, I talked about management. You have security management. I also talked about computer science. You have computer security and network security and I also talked about maths. So you have cryptography. It will be for students, a multidisciplinary view in information security so they can focus on what they want and they will focus when they select their optional modules. And in a similar way, if you see here when talking about optional modules, you will be able to specialise in aspects to the most technical aspects, like software security or digital forensics, but you can also specialise in the more human and social aspects. So, it's not only a computer science degree, but it's a multidisciplinary degree.

In terms of teaching, this year we don't know if there would be restrictions or not, but we are aiming for having face-to-face activities, as usual, lectures online, and that's one of the good things, we had to work a lot to create, like online lectures, online tutorials, virtual tutorials and so on. So all the material that we have developed for this past year will be also available for our new students. So it won't only be a face-to-face activities, but also face-to-face activities will be enriched with online activities that can be done at home during the students own time. I want to give a quick overview of how the cyber security industry is and also the kind of links we have with industry. So we have what we would be calling producer, regulator and end-users or customers and of course, we have the adversary. When we talk about these entities, the adversary or the criminals are the people who want to take advantage of other people, the producer, what we could call the cybersecurity company regulator are basically governments and the customers or end-users are either organisations and end users and the best thing about studying information security is that you may end up working in either with a producer, with a regulator, or with a customer or an end-user.

Our alumni today, they are working on these kind of companies. So you basically have the major consultancy companies, but also you have technological companies like Visa, Sony or Amazon AWS. We have very strong links with industry and in fact, many of our alumni will come later after they finish their degree to give guest lectures. So, it's not really that you will receive teaching that is informed by the research, but also of the people that are working for companies, will also come and teach you during your degree, which help the students to become one of the alumni, that may end up working in one of these companies.

Thank you for your time. I tried to keep it short and quick and I hope that it was a nice overview of what a student can expect when joining or doing a degree in Information Security at Royal Holloway.