Back to list of courses

Back to Cyber Security

Rigour in Secure System Development & Assessment

Course details

Book course online button


This module aims to provide a unifying framework in which the taught content of the cyber-security programme can be brought to bear. It addresses the context for secure systems including security management and legal issues, together with rigorous approaches to assurance in such systems. It aims to equip the students with knowledge of the mechanics of how secure systems are evaluated, certified and reach deployment and provide hands on experience of processes used to evaluate security. It aims to identify crucial issues that are not yet well developed, e.g. determining return on investment.

By the end of this course you will:

  • Understand the concept of assurance in system development, including how mathematical rigour can be brought to bear to achieve high assurance systems and products
  • Understand the concept of a security lifecycle and how secure systems come to be justifiably deployed.
  • Analyse threats to systems, identify and evaluate countermeasures.
  • Evaluate different approaches to risk assessment and the tradeoffs between different established approaches to evaluation.
  • Evaluate rigorous approaches to creating security cases (arguments for security) using Goal Structured Notation (GSN)
  • Be familiar with a variety of regulatory processes for secure system development evaluation and certification.
  • Understand how financial return-on-investment decisions are incorporated in security judgements.

Who is the course for?

This course is suitable for:

  • practitioners across all domains including aerospace, military, railway, automotive, civil nuclear, civil maritime, medical devices, healthcare, and so on;
  • cyber security consultants;
  • risk analysist/risk managers;
  • those responsible for threat and incident manangers;
  • research analysts.


Typically you will come from a strong computing background, with a degree in computing or relevant experience. If you are unsure about your prior experience, please email us with your details.

How is the course taught?

The course takes place over one week at the University of York. This week consists of a mixture of lectures and practicals, but we expect you to put in around 30 hours of private study.

Over the week, there will be a series of lectures and a number of case studies. The case studies give you the chance to work through an example to reinforce your learning from the lectures. This is also a chance to gain other insights from the experience and knowledge of other delegates. You will also be able to call on the experience and knowledge of our specialised teaching staff during these sessions.  

The module ends with an assessed exercise, which you have the option of completing. It takes approximately 35 hours in addition to the scheduled teaching time and can be completed on or off site. All assessed exercises are open (so you won't take an exam in supervised conditions), and comprise a report, case study, or documented piece of software.

If you choose to take and pass your assessment, your results can count towards the completion of the MSc Cyber Security.

Book your place

 Book your place

Make sure you book your place for the next course w/c 7th January 2019.

Before booking please read our Booking Conditions (PDF  , 104kb).

To book your place, please complete the booking form: CPD Booking Form (MS Word  , 92kb) and the accompanying payment form: CPD Payment Form (MS Word  , 50kb) and return to Heather Taylor, our CPD & Postgraduate Programmes Administrator. Payment for your place can be made via credit/debit card or invoice (please email Heather Taylor).

If you have any queries, please contact our course administrator on or call 01904 325536.



Image of CPD Student