- Cyber Security
MSc — 2025 entry Cyber Security
There is a growing demand for skilled cyber security professionals across various industries. Our Cyber Security MSc degree provides students with the knowledge, skills, and practical experience needed to pursue a successful career in this field.
Why choose
this course?
In an expanding digital age, protecting our data is of vital importance. Our Cyber Security MSc (formerly Information Security MSc) sits within our renowned School of Computer Science and Electronic Engineering and our outstanding Surrey Centre for Cyber Security.
The Surrey Centre for Cyber Security is an Academic Centre of Excellence in Cyber Security Research. The University, meanwhile, has been recognised as a gold-standard Academic Centre of Excellence in Cyber Security Education. Both accreditations were awarded by the National Cyber Security Centre (NCSC), which is a part of the Government Communications Headquarters. This means your teaching will be informed by world-class research conducted by nationally and globally rated experts in the subject. You’ll also benefit from our strong links with local and international industry.
This course is fully certified by the NCSC. It will equip you with the theoretical knowledge and hands-on experience necessary to pursue a successful career in this sector.
Statistics
96%
of our computer science postgraduate students go on to employment or further study (Graduate Outcomes 2024, HESA).
Certified
What you will study
Protecting digital information from unauthorised access and use and ensuring the resilience of supporting network infrastructure and systems are significant challenges for the continued technological development of our society.
The science behind this MSc connects various disciplines, from computer science, mathematics and business to design and critical analysis of concepts, mechanisms and technologies used in the depth and breadth of cyber security.
You’ll learn the foundations of systems and information security such as cryptography, and you’ll also be educated on advanced and state-of-the-art concepts linked to electronic payments or distributed ledgers. You will apply your knowledge in practice, for example through interacting with and programming secure applications using trusted platform modules (TPMs), which are mounted on Raspberry Pi computers in our labs.
The University has strong, established links with many national and international businesses and institutions. These include:
- Airbus
- BAE Systems
- CGI Group
- DSTL
- IBM
- Infineon
- Microsoft
- Sophos
- Sky TV.
Professional recognition
MSc - National Cyber Security Centre (NCSC)
Our course has received Full Certification from NCSC, is taught by experts, and equips you with the theoretical grounding and hands-on experience demanded by the cyber security sector.
Facilities
Our key facilities include:
- £1.7m multi-purpose Computer Science Laboratory with state-of-the-art audio-visual equipment. View a video tour
- Six open access PC labs and four dedicated specialist labs
- Specialist desktop solutions, including development software, research packages and dedicated printing.
The structure of our programmes follows clear educational aims that are tailored to each programme. These are all outlined in the programme specifications which include further details such as the learning outcomes:
Modules
Modules listed are indicative, reflecting the information available at the time of publication. Modules are subject to teaching availability, student demand and/or class size caps.
The University operates a credit framework for all taught programmes based on a 15-credit tariff, meaning all modules are comprised of multiples of 15 credits, up to a maximum of 120 credits.
Course options
Year 1
Semester 1
Compulsory
The module covers concepts and technologies for building secure and usable systems. The different lectures of the module focus on access control mechanisms, software and operating systems security, malware, threats and countermeasures for Web applications and databases, web and user authentication protocols, security of cyber-physical systems, human-centred security aspects such as social engineering and usability, security economics, privacy protection and trusted computing technologies.
View full module detailsThe module introduces general cryptographic concepts, challenges and goals and then focuses on foundational cryptographic primitives and algorithms in the fields of symmetric (a.k.a. private-key) and asymmetric (a.k.a. public-key) cryptography. The module will introduce mathematical foundations that are essential for the functionality and security of cryptographic algorithms and then focus on the security definitions and constructions of concrete algorithms for authentication, confidentiality and integrity. In labs students will develop and test their understanding of the material and learn how to implement and use existing algorithms from symmetric and asymmetric cryptography.
View full module detailsOptional
Integrating security components into an information system to identify, protect, detect, respond and recover from an increasingly diverse set of threats has become more complex with new computing concepts such as cloud infrastructure, cloud native applications and edge computing. Organisations need a systematic approach to defining security for information systems that integrate processes, people and technology. The Architectural Thinking for Security module is designed to teach concepts and practice techniques that Security Architects can apply to delivering consistent and effective security solutions. The architectural thinking process can be applied either acting as an adviser to a project or a primary security solution architect. The course will introduce an architectural thinking process that a Security Architect would use to protect the data at the centre of a business. As part of this process the security architect needs to think about the integration of security controls to protect the confidentiality, integrity and availability of business data. This module provides insights into both the theory and the practical aspects of this process allowing students to critically evaluate the cyber security posture of an organisation and define a solution that can be described to key decision makers within an organisation.
View full module detailsDigital technology influences every aspect of daily life, shaping the way that individuals live, work and socialise (and therefore also inevitably matters of civil law, such as contract and tort) but it has a less positive aspect as it has also transformed criminal behaviour. This module considers the legal, regulatory and commercial issues relating to the internet and digitisation as well as the dark side of technology that has led to the growth of online crime. It reflects on the ensuing impact on the digital economy, platforms and the wider business community plus the legal regulation thereof taking account of the unprecedented transformation in the digitisation of the law and the way business is conducted in the 21st century. The module encourages critical engagement with the way in which the law operates in an effort to both facilitate digitisation as well as combat cybercrime. It brings together theoretical ideas about the function of law with the practical considerations of the impact of criminal behaviour on society. It also engages with the challenges of preventing online crime and policing the internet.
View full module detailsThis module introduces general concepts of privacy enhancing technologies and aligns with key concepts recommended by the CyBoK. It will motivate the need for privacy in the modern world and touch on legal considerations, introduce concepts of transparency, control and confidentiality for privacy, and look at privacy preserving and democratic values. This module will also explore how these are realised in a range of applications.
View full module detailsThe module teaches digital forensics models and techniques used by analysts and law enforcement officers in practice. It also teaches the theory and application of real-world digital forensics tools and puts an emphasis on data recovery and the analysis of multimedia artifacts. Relationships and links between multimedia security, digital forensics and broader cyber security topics are also covered.
View full module detailsSemester 2
Compulsory
Security is probably the greatest challenge for computer and information system in the near future. Many users have lost data due to viruses, both on home and business computers. Most of us have seen a range of emails messages attempting different kinds of fraud. Vulnerabilities are everywhere. Some are obvious or well-known; others are obscure and harder to spot. Security is not limited to secrecy and confidentiality, but also involves problems like integrity, availability, and effectiveness of information. Moreover, security issues can potentially affect all of us, from innocent home users to companies and even governments. Security is not just a technical problem but needs to be embedded throughout an organisation to be effective. As such good security solutions build on a complete understanding of the values at stake, and the supporting business processes and requirements. This includes people as well as information systems and physical resources. Consequently, raising security awareness and embedding security within roles and policies is as important, if not more, as secure software. In short, secure solutions can only be implemented with both good technical skills and a good understanding of cultures and people skills. This module aims at raising the awareness for the wide range of security issues present in today’s connected world and the managerial and organisational challenges a business must face when building a secure solution.
View full module detailsThe module introduces general information and network security principles, challenges and goals and then focuses on main security mechanisms and protocols for protecting network communication across different layers of the Internet protocol stack. This will include discussion on various attacks on the networks, penetration testing tools and possible countermeasures to ensure protection of authentication, confidentiality and end-to-end security of communications. In labs students will be able to practice experience with various network security protocols and tools.
View full module detailsOptional
Key to modern business operation is Risk Management, and a modern entrant on any Risk Register maintained by the executive of an organisation is the risk posed from falling victim to cybercrime and civil litigation resulting from, for example, data breaches. In order to understand how best to shape and evolve an organisation’s response to the cyber security threat, the module will cover what the more detailed operations in cyber security involve. The module will introduce the key disciplines that we are likely to encounter in the real-world. It will provide an industry perspective on the common practices, latest innovations, technologies and the problems and concerns associated with information security. The module will show that cyber security is not just technical subject, but is a truly multidisciplinary function. The module looks broadly at the implications of regulations on the cyber crime landscape. It also brings together the issues of cyber from a high-level perspective. It will also equip students with an awareness of what is very current out there in terms of leading-edge applications of information security. The module uniquely accesses leading international speakers in their field, draws on the significant expertise of leading industrialists and through shaping the module into distinct learning blocks we are also able to ensure that our students will be directed to key industry reports, regulations and best practice guidance that shapes current industry thinking in information security for business and government.
View full module detailsThis module teaches cloud computing concepts and the security of the cloud platform to enable students to understand how to secure workloads on cloud. The topics including basic concepts and the core security services needed to secure workloads and the processing of sensitive data. To re-enforce learning, the module will require students to work in teams to configure the cloud platform using infrastructure automation.
View full module detailsThe study of cybercrime and cybersecurity not only represents one of the key emerging areas of research within contemporary criminology but is also a crucial problem of national policy and crime control. Recent (2016) data from the Crime Survey for England and Wales suggest that cybercrime may now be the most prevalent form of criminality in the UK and repeated breaches to key infrastructures across most jurisdictions have emphasized why it is has also become one of the main threats to international peace and security. This module will introduce students to the key themes within the study of cybercrime and cybersecurity – including, offence types and their prevalence; typical victims and perpetrators; policing and control measures; varieties of cybersecurity responses and the ‘human’ problem in making these resilient.
View full module detailsThis module introduces students to the techniques and tools to discover known vulnerabilities in systems and applications, and use appropriate techniques to carry out attacks. A practical project-based assessment allows students to demonstrate their ability to successfully exploit vulnerable systems to exfiltrate data and circumvent access controls. The module will introduce students to the legal and ethical considerations of ethical hacking, as well as the processes by which vulnerabilities are reported, classified, documented, and mitigated by security practitioners.
View full module detailsAcross academic years
Core
The dissertation consists of a substantial written report. This report is based on a major piece of work that involves applying material encountered in the taught component of the degree, and extending that knowledge with the student's contribution, under the guidance of a supervisor. The dissertation usually involves a substantial literature survey on a specific topic, followed by the identification of a problem to tackle, and thereafter the development of a technical solution, and experimental or theoretical evaluation of the achievement.
View full module detailsOptional modules for Year 1 (full-time) - FHEQ Level 7
Students must choose 2 optional modules in semester 1 and 2 optional module in semester 2.
Year 1
Semester 1
Compulsory
The module covers concepts and technologies for building secure and usable systems. The different lectures of the module focus on access control mechanisms, software and operating systems security, malware, threats and countermeasures for Web applications and databases, web and user authentication protocols, security of cyber-physical systems, human-centred security aspects such as social engineering and usability, security economics, privacy protection and trusted computing technologies.
View full module detailsThe module introduces general cryptographic concepts, challenges and goals and then focuses on foundational cryptographic primitives and algorithms in the fields of symmetric (a.k.a. private-key) and asymmetric (a.k.a. public-key) cryptography. The module will introduce mathematical foundations that are essential for the functionality and security of cryptographic algorithms and then focus on the security definitions and constructions of concrete algorithms for authentication, confidentiality and integrity. In labs students will develop and test their understanding of the material and learn how to implement and use existing algorithms from symmetric and asymmetric cryptography.
View full module detailsOptional
Integrating security components into an information system to identify, protect, detect, respond and recover from an increasingly diverse set of threats has become more complex with new computing concepts such as cloud infrastructure, cloud native applications and edge computing. Organisations need a systematic approach to defining security for information systems that integrate processes, people and technology. The Architectural Thinking for Security module is designed to teach concepts and practice techniques that Security Architects can apply to delivering consistent and effective security solutions. The architectural thinking process can be applied either acting as an adviser to a project or a primary security solution architect. The course will introduce an architectural thinking process that a Security Architect would use to protect the data at the centre of a business. As part of this process the security architect needs to think about the integration of security controls to protect the confidentiality, integrity and availability of business data. This module provides insights into both the theory and the practical aspects of this process allowing students to critically evaluate the cyber security posture of an organisation and define a solution that can be described to key decision makers within an organisation.
View full module detailsDigital technology influences every aspect of daily life, shaping the way that individuals live, work and socialise (and therefore also inevitably matters of civil law, such as contract and tort) but it has a less positive aspect as it has also transformed criminal behaviour. This module considers the legal, regulatory and commercial issues relating to the internet and digitisation as well as the dark side of technology that has led to the growth of online crime. It reflects on the ensuing impact on the digital economy, platforms and the wider business community plus the legal regulation thereof taking account of the unprecedented transformation in the digitisation of the law and the way business is conducted in the 21st century. The module encourages critical engagement with the way in which the law operates in an effort to both facilitate digitisation as well as combat cybercrime. It brings together theoretical ideas about the function of law with the practical considerations of the impact of criminal behaviour on society. It also engages with the challenges of preventing online crime and policing the internet.
View full module detailsThis module introduces general concepts of privacy enhancing technologies and aligns with key concepts recommended by the CyBoK. It will motivate the need for privacy in the modern world and touch on legal considerations, introduce concepts of transparency, control and confidentiality for privacy, and look at privacy preserving and democratic values. This module will also explore how these are realised in a range of applications.
View full module detailsThe module teaches digital forensics models and techniques used by analysts and law enforcement officers in practice. It also teaches the theory and application of real-world digital forensics tools and puts an emphasis on data recovery and the analysis of multimedia artifacts. Relationships and links between multimedia security, digital forensics and broader cyber security topics are also covered.
View full module detailsSemester 2
Compulsory
Security is probably the greatest challenge for computer and information system in the near future. Many users have lost data due to viruses, both on home and business computers. Most of us have seen a range of emails messages attempting different kinds of fraud. Vulnerabilities are everywhere. Some are obvious or well-known; others are obscure and harder to spot. Security is not limited to secrecy and confidentiality, but also involves problems like integrity, availability, and effectiveness of information. Moreover, security issues can potentially affect all of us, from innocent home users to companies and even governments. Security is not just a technical problem but needs to be embedded throughout an organisation to be effective. As such good security solutions build on a complete understanding of the values at stake, and the supporting business processes and requirements. This includes people as well as information systems and physical resources. Consequently, raising security awareness and embedding security within roles and policies is as important, if not more, as secure software. In short, secure solutions can only be implemented with both good technical skills and a good understanding of cultures and people skills. This module aims at raising the awareness for the wide range of security issues present in today’s connected world and the managerial and organisational challenges a business must face when building a secure solution.
View full module detailsThe module introduces general information and network security principles, challenges and goals and then focuses on main security mechanisms and protocols for protecting network communication across different layers of the Internet protocol stack. This will include discussion on various attacks on the networks, penetration testing tools and possible countermeasures to ensure protection of authentication, confidentiality and end-to-end security of communications. In labs students will be able to practice experience with various network security protocols and tools.
View full module detailsOptional
Key to modern business operation is Risk Management, and a modern entrant on any Risk Register maintained by the executive of an organisation is the risk posed from falling victim to cybercrime and civil litigation resulting from, for example, data breaches. In order to understand how best to shape and evolve an organisation’s response to the cyber security threat, the module will cover what the more detailed operations in cyber security involve. The module will introduce the key disciplines that we are likely to encounter in the real-world. It will provide an industry perspective on the common practices, latest innovations, technologies and the problems and concerns associated with information security. The module will show that cyber security is not just technical subject, but is a truly multidisciplinary function. The module looks broadly at the implications of regulations on the cyber crime landscape. It also brings together the issues of cyber from a high-level perspective. It will also equip students with an awareness of what is very current out there in terms of leading-edge applications of information security. The module uniquely accesses leading international speakers in their field, draws on the significant expertise of leading industrialists and through shaping the module into distinct learning blocks we are also able to ensure that our students will be directed to key industry reports, regulations and best practice guidance that shapes current industry thinking in information security for business and government.
View full module detailsThis module teaches cloud computing concepts and the security of the cloud platform to enable students to understand how to secure workloads on cloud. The topics including basic concepts and the core security services needed to secure workloads and the processing of sensitive data. To re-enforce learning, the module will require students to work in teams to configure the cloud platform using infrastructure automation.
View full module detailsThe study of cybercrime and cybersecurity not only represents one of the key emerging areas of research within contemporary criminology but is also a crucial problem of national policy and crime control. Recent (2016) data from the Crime Survey for England and Wales suggest that cybercrime may now be the most prevalent form of criminality in the UK and repeated breaches to key infrastructures across most jurisdictions have emphasized why it is has also become one of the main threats to international peace and security. This module will introduce students to the key themes within the study of cybercrime and cybersecurity – including, offence types and their prevalence; typical victims and perpetrators; policing and control measures; varieties of cybersecurity responses and the ‘human’ problem in making these resilient.
View full module detailsThis module introduces students to the techniques and tools to discover known vulnerabilities in systems and applications, and use appropriate techniques to carry out attacks. A practical project-based assessment allows students to demonstrate their ability to successfully exploit vulnerable systems to exfiltrate data and circumvent access controls. The module will introduce students to the legal and ethical considerations of ethical hacking, as well as the processes by which vulnerabilities are reported, classified, documented, and mitigated by security practitioners.
View full module detailsAcross academic years
Core
The dissertation consists of a substantial written report. This report is based on a major piece of work that involves applying material encountered in the taught component of the degree, and extending that knowledge with the student's contribution, under the guidance of a supervisor. The dissertation usually involves a substantial literature survey on a specific topic, followed by the identification of a problem to tackle, and thereafter the development of a technical solution, and experimental or theoretical evaluation of the achievement.
View full module detailsOptional modules for Year 1 (full-time) - FHEQ Level 7
Students must choose 2 optional modules in semester 1 and 2 optional module in semester 2.
Year 1
Semester 1
Compulsory
The module covers concepts and technologies for building secure and usable systems. The different lectures of the module focus on access control mechanisms, software and operating systems security, malware, threats and countermeasures for Web applications and databases, web and user authentication protocols, security of cyber-physical systems, human-centred security aspects such as social engineering and usability, security economics, privacy protection and trusted computing technologies.
View full module detailsThe module introduces general cryptographic concepts, challenges and goals and then focuses on foundational cryptographic primitives and algorithms in the fields of symmetric (a.k.a. private-key) and asymmetric (a.k.a. public-key) cryptography. The module will introduce mathematical foundations that are essential for the functionality and security of cryptographic algorithms and then focus on the security definitions and constructions of concrete algorithms for authentication, confidentiality and integrity. In labs students will develop and test their understanding of the material and learn how to implement and use existing algorithms from symmetric and asymmetric cryptography.
View full module detailsOptional
Integrating security components into an information system to identify, protect, detect, respond and recover from an increasingly diverse set of threats has become more complex with new computing concepts such as cloud infrastructure, cloud native applications and edge computing. Organisations need a systematic approach to defining security for information systems that integrate processes, people and technology. The Architectural Thinking for Security module is designed to teach concepts and practice techniques that Security Architects can apply to delivering consistent and effective security solutions. The architectural thinking process can be applied either acting as an adviser to a project or a primary security solution architect. The course will introduce an architectural thinking process that a Security Architect would use to protect the data at the centre of a business. As part of this process the security architect needs to think about the integration of security controls to protect the confidentiality, integrity and availability of business data. This module provides insights into both the theory and the practical aspects of this process allowing students to critically evaluate the cyber security posture of an organisation and define a solution that can be described to key decision makers within an organisation.
View full module detailsDigital technology influences every aspect of daily life, shaping the way that individuals live, work and socialise (and therefore also inevitably matters of civil law, such as contract and tort) but it has a less positive aspect as it has also transformed criminal behaviour. This module considers the legal, regulatory and commercial issues relating to the internet and digitisation as well as the dark side of technology that has led to the growth of online crime. It reflects on the ensuing impact on the digital economy, platforms and the wider business community plus the legal regulation thereof taking account of the unprecedented transformation in the digitisation of the law and the way business is conducted in the 21st century. The module encourages critical engagement with the way in which the law operates in an effort to both facilitate digitisation as well as combat cybercrime. It brings together theoretical ideas about the function of law with the practical considerations of the impact of criminal behaviour on society. It also engages with the challenges of preventing online crime and policing the internet.
View full module detailsThis module introduces general concepts of privacy enhancing technologies and aligns with key concepts recommended by the CyBoK. It will motivate the need for privacy in the modern world and touch on legal considerations, introduce concepts of transparency, control and confidentiality for privacy, and look at privacy preserving and democratic values. This module will also explore how these are realised in a range of applications.
View full module detailsThe module teaches digital forensics models and techniques used by analysts and law enforcement officers in practice. It also teaches the theory and application of real-world digital forensics tools and puts an emphasis on data recovery and the analysis of multimedia artifacts. Relationships and links between multimedia security, digital forensics and broader cyber security topics are also covered.
View full module detailsSemester 2
Compulsory
Security is probably the greatest challenge for computer and information system in the near future. Many users have lost data due to viruses, both on home and business computers. Most of us have seen a range of emails messages attempting different kinds of fraud. Vulnerabilities are everywhere. Some are obvious or well-known; others are obscure and harder to spot. Security is not limited to secrecy and confidentiality, but also involves problems like integrity, availability, and effectiveness of information. Moreover, security issues can potentially affect all of us, from innocent home users to companies and even governments. Security is not just a technical problem but needs to be embedded throughout an organisation to be effective. As such good security solutions build on a complete understanding of the values at stake, and the supporting business processes and requirements. This includes people as well as information systems and physical resources. Consequently, raising security awareness and embedding security within roles and policies is as important, if not more, as secure software. In short, secure solutions can only be implemented with both good technical skills and a good understanding of cultures and people skills. This module aims at raising the awareness for the wide range of security issues present in today’s connected world and the managerial and organisational challenges a business must face when building a secure solution.
View full module detailsThe module introduces general information and network security principles, challenges and goals and then focuses on main security mechanisms and protocols for protecting network communication across different layers of the Internet protocol stack. This will include discussion on various attacks on the networks, penetration testing tools and possible countermeasures to ensure protection of authentication, confidentiality and end-to-end security of communications. In labs students will be able to practice experience with various network security protocols and tools.
View full module detailsOptional
This module teaches cloud computing concepts and the security of the cloud platform to enable students to understand how to secure workloads on cloud. The topics including basic concepts and the core security services needed to secure workloads and the processing of sensitive data. To re-enforce learning, the module will require students to work in teams to configure the cloud platform using infrastructure automation.
View full module detailsThe study of cybercrime and cybersecurity not only represents one of the key emerging areas of research within contemporary criminology but is also a crucial problem of national policy and crime control. Recent (2016) data from the Crime Survey for England and Wales suggest that cybercrime may now be the most prevalent form of criminality in the UK and repeated breaches to key infrastructures across most jurisdictions have emphasized why it is has also become one of the main threats to international peace and security. This module will introduce students to the key themes within the study of cybercrime and cybersecurity – including, offence types and their prevalence; typical victims and perpetrators; policing and control measures; varieties of cybersecurity responses and the ‘human’ problem in making these resilient.
View full module detailsThis module introduces students to the techniques and tools to discover known vulnerabilities in systems and applications, and use appropriate techniques to carry out attacks. A practical project-based assessment allows students to demonstrate their ability to successfully exploit vulnerable systems to exfiltrate data and circumvent access controls. The module will introduce students to the legal and ethical considerations of ethical hacking, as well as the processes by which vulnerabilities are reported, classified, documented, and mitigated by security practitioners.
View full module detailsOptional modules for Year 1 (part-time) - FHEQ Level 7
Students take compulsory modules only in year 1.
Year 2
Semester 1
Compulsory
The module covers concepts and technologies for building secure and usable systems. The different lectures of the module focus on access control mechanisms, software and operating systems security, malware, threats and countermeasures for Web applications and databases, web and user authentication protocols, security of cyber-physical systems, human-centred security aspects such as social engineering and usability, security economics, privacy protection and trusted computing technologies.
View full module detailsThe module introduces general cryptographic concepts, challenges and goals and then focuses on foundational cryptographic primitives and algorithms in the fields of symmetric (a.k.a. private-key) and asymmetric (a.k.a. public-key) cryptography. The module will introduce mathematical foundations that are essential for the functionality and security of cryptographic algorithms and then focus on the security definitions and constructions of concrete algorithms for authentication, confidentiality and integrity. In labs students will develop and test their understanding of the material and learn how to implement and use existing algorithms from symmetric and asymmetric cryptography.
View full module detailsOptional
Integrating security components into an information system to identify, protect, detect, respond and recover from an increasingly diverse set of threats has become more complex with new computing concepts such as cloud infrastructure, cloud native applications and edge computing. Organisations need a systematic approach to defining security for information systems that integrate processes, people and technology. The Architectural Thinking for Security module is designed to teach concepts and practice techniques that Security Architects can apply to delivering consistent and effective security solutions. The architectural thinking process can be applied either acting as an adviser to a project or a primary security solution architect. The course will introduce an architectural thinking process that a Security Architect would use to protect the data at the centre of a business. As part of this process the security architect needs to think about the integration of security controls to protect the confidentiality, integrity and availability of business data. This module provides insights into both the theory and the practical aspects of this process allowing students to critically evaluate the cyber security posture of an organisation and define a solution that can be described to key decision makers within an organisation.
View full module detailsDigital technology influences every aspect of daily life, shaping the way that individuals live, work and socialise (and therefore also inevitably matters of civil law, such as contract and tort) but it has a less positive aspect as it has also transformed criminal behaviour. This module considers the legal, regulatory and commercial issues relating to the internet and digitisation as well as the dark side of technology that has led to the growth of online crime. It reflects on the ensuing impact on the digital economy, platforms and the wider business community plus the legal regulation thereof taking account of the unprecedented transformation in the digitisation of the law and the way business is conducted in the 21st century. The module encourages critical engagement with the way in which the law operates in an effort to both facilitate digitisation as well as combat cybercrime. It brings together theoretical ideas about the function of law with the practical considerations of the impact of criminal behaviour on society. It also engages with the challenges of preventing online crime and policing the internet.
View full module detailsThis module introduces general concepts of privacy enhancing technologies and aligns with key concepts recommended by the CyBoK. It will motivate the need for privacy in the modern world and touch on legal considerations, introduce concepts of transparency, control and confidentiality for privacy, and look at privacy preserving and democratic values. This module will also explore how these are realised in a range of applications.
View full module detailsThe module teaches digital forensics models and techniques used by analysts and law enforcement officers in practice. It also teaches the theory and application of real-world digital forensics tools and puts an emphasis on data recovery and the analysis of multimedia artifacts. Relationships and links between multimedia security, digital forensics and broader cyber security topics are also covered.
View full module detailsSemester 2
Compulsory
Security is probably the greatest challenge for computer and information system in the near future. Many users have lost data due to viruses, both on home and business computers. Most of us have seen a range of emails messages attempting different kinds of fraud. Vulnerabilities are everywhere. Some are obvious or well-known; others are obscure and harder to spot. Security is not limited to secrecy and confidentiality, but also involves problems like integrity, availability, and effectiveness of information. Moreover, security issues can potentially affect all of us, from innocent home users to companies and even governments. Security is not just a technical problem but needs to be embedded throughout an organisation to be effective. As such good security solutions build on a complete understanding of the values at stake, and the supporting business processes and requirements. This includes people as well as information systems and physical resources. Consequently, raising security awareness and embedding security within roles and policies is as important, if not more, as secure software. In short, secure solutions can only be implemented with both good technical skills and a good understanding of cultures and people skills. This module aims at raising the awareness for the wide range of security issues present in today’s connected world and the managerial and organisational challenges a business must face when building a secure solution.
View full module detailsThe module introduces general information and network security principles, challenges and goals and then focuses on main security mechanisms and protocols for protecting network communication across different layers of the Internet protocol stack. This will include discussion on various attacks on the networks, penetration testing tools and possible countermeasures to ensure protection of authentication, confidentiality and end-to-end security of communications. In labs students will be able to practice experience with various network security protocols and tools.
View full module detailsOptional
This module teaches cloud computing concepts and the security of the cloud platform to enable students to understand how to secure workloads on cloud. The topics including basic concepts and the core security services needed to secure workloads and the processing of sensitive data. To re-enforce learning, the module will require students to work in teams to configure the cloud platform using infrastructure automation.
View full module detailsThe study of cybercrime and cybersecurity not only represents one of the key emerging areas of research within contemporary criminology but is also a crucial problem of national policy and crime control. Recent (2016) data from the Crime Survey for England and Wales suggest that cybercrime may now be the most prevalent form of criminality in the UK and repeated breaches to key infrastructures across most jurisdictions have emphasized why it is has also become one of the main threats to international peace and security. This module will introduce students to the key themes within the study of cybercrime and cybersecurity – including, offence types and their prevalence; typical victims and perpetrators; policing and control measures; varieties of cybersecurity responses and the ‘human’ problem in making these resilient.
View full module detailsThis module introduces students to the techniques and tools to discover known vulnerabilities in systems and applications, and use appropriate techniques to carry out attacks. A practical project-based assessment allows students to demonstrate their ability to successfully exploit vulnerable systems to exfiltrate data and circumvent access controls. The module will introduce students to the legal and ethical considerations of ethical hacking, as well as the processes by which vulnerabilities are reported, classified, documented, and mitigated by security practitioners.
View full module detailsAcross academic years
Core
The dissertation consists of a substantial written report. This report is based on a major piece of work that involves applying material encountered in the taught component of the degree, and extending that knowledge with the student's contribution, under the guidance of a supervisor. The dissertation usually involves a substantial literature survey on a specific topic, followed by the identification of a problem to tackle, and thereafter the development of a technical solution, and experimental or theoretical evaluation of the achievement.
View full module detailsOptional modules for Year 2 (part-time) - FHEQ Level 7
Students must choose 2 optional modules in semester 1 and 2 optional module in semester 2.
Year 3
Across academic years
Core
The dissertation consists of a substantial written report. This report is based on a major piece of work that involves applying material encountered in the taught component of the degree, and extending that knowledge with the student's contribution, under the guidance of a supervisor. The dissertation usually involves a substantial literature survey on a specific topic, followed by the identification of a problem to tackle, and thereafter the development of a technical solution, and experimental or theoretical evaluation of the achievement.
View full module detailsGeneral course information
Contact hours
Contact hours can vary across our modules. Full details of the contact hours for each module are available from the University of Surrey's module catalogue. See the modules section for more information.
Timetable
Course timetables are normally available one month before the start of the semester.
New students will receive their personalised timetable in Welcome Week, and in subsequent semesters, two weeks prior to the start of semester.
Please note that while we make every effort to ensure that timetables are as student-friendly as possible, scheduled teaching can take place on any day of the week (Monday – Friday). Wednesday afternoons are normally reserved for sports and cultural activities. Part-time classes are normally scheduled on one or two days per week, details of which can be obtained from Academic Administration.
Location
Stag Hill is the University's main campus and where the majority of our courses are taught.
We offer careers information, advice and guidance to all students whilst studying with us, which is extended to our alumni for three years after leaving the University.
This course leads to a huge range of career opportunities across the cyber security and IT sectors. Recent graduates have secured jobs at:
- Bosch
- Ernst and Young
- Hewlett Packard Enterprise
- IBM UK
- RGA Consulting.
96 per cent of our computer science postgraduate students go on to employment or further study (Graduate Outcomes 2024, HESA).
UK qualifications
A minimum of a 2:2 UK honours degree in either computer science, electrical or electronic engineering, mathematics, physics, related disciplines with demonstrable exposure to programming and mathematics, or other alternative subjects related to data analysis, data science or informatics, or a recognised equivalent international qualification.
We'll also consider relevant work experience if you don't meet these requirements.
English language requirements
IELTS Academic: 6.5 overall with 6.0 in writing and 5.5 in each other element.
These are the English language qualifications and levels that we can accept.
If you do not currently meet the level required for your programme, we offer intensive pre-sessional English language courses, designed to take you to the level of English ability and skill required for your studies here.
Recognition of prior learning
We recognise that many students enter their course with valuable knowledge and skills developed through a range of ways.
If this applies to you, the recognition of prior learning process may mean you can join a course without the formal entry requirements, or at a point appropriate to your previous learning and experience.
There are restrictions for some courses and fees may be payable for certain claims. Please contact the Admissions team with any queries.
Scholarships and bursaries
Discover what scholarships and bursaries are available to support your studies.
Fees per year
Explore UKCISA’s website for more information if you are unsure whether you are a UK or overseas student. View the list of fees for all postgraduate courses.
September 2025 - Full-time - 1 year
- UK
- £12,400
- Overseas
- £24,900
September 2025 - Part-time - 3 years
- UK
- £6,200
- Overseas
- £12,500
- If you are on the three-year part-time masters programme, the annual fee is payable in Year 1 and Year 2 of the programme
- These fees apply to students commencing study in the academic year 2025-26 only. Fees for new starters are reviewed annually.
Payment schedule
- Students with Tuition Fee Loan: the Student Loans Company pay fees in line with their schedule (students on an unstructured self-paced part-time course are not eligible for a Tuition Fee Loan).
- Students without a Tuition Fee Loan: pay their fees either in full at the beginning of the programme or in two instalments as follows:
- 50% payable 10 days after the invoice date (expected to be October/November of each academic year)
- 50% in January of the same academic year.
- Students on part-time programmes where fees are paid on a modular basis: cannot pay fees by instalment.
- Sponsored students: must provide us with valid sponsorship information that covers the period of study.
The exact date(s) will be on invoices.
Additional costs
Books/stationery/admin: Costs may be incurred associated with the purchase of writing paper and associated stationery.
Funding
You may be able to borrow money to help pay your tuition fees and support you with your living costs. Find out more about postgraduate student finance.
Apply online
To apply online first select the course you'd like to apply for then log in.
Select your course
Choose the course option you wish to apply for.
Sign in
Create an account and sign into our application portal.
Please note that we may have to close applications before the stated deadline if we receive a high volume of suitable applications. We advise you to submit your application as soon as it is ready.
ApplyPlease note that we may have to close applications before the stated deadline if we receive a high volume of suitable applications. We advise you to submit your application as soon as it is ready.
ApplyAdmissions information
Once you apply, you can expect to hear back from us within 14 days. This might be with a decision on your application or with a request for further information.
Our code of practice for postgraduate admissions policy explains how the Admissions team considers applications and admits students. Read our postgraduate applicant guidance for more information on applying.
About the University of Surrey
Need more information?
Contact our Admissions team or talk to a current University of Surrey student online.
Terms and conditions
When you accept an offer to study at the University of Surrey, you are agreeing to follow our policies and procedures, student regulations, and terms and conditions.
We provide these terms and conditions in two stages:
- First when we make an offer.
- Second when students accept their offer and register to study with us (registration terms and conditions will vary depending on your course and academic year).
View our generic registration terms and conditions (PDF) for the 2023/24 academic year, as a guide on what to expect.
Disclaimer
This online prospectus has been published in advance of the academic year to which it applies.
Whilst we have done everything possible to ensure this information is accurate, some changes may happen between publishing and the start of the course.
It is important to check this website for any updates before you apply for a course with us. Read our full disclaimer.