Information Security MSc

This MSc will equip you to become a security expert of the future, broadening your awareness and expert knowledge with in-depth, practice-oriented technical skills in cyber and information security.


Why Surrey?

Our Information Security MSc benefits from the internationally visible, high-quality research activity and multiple links with academia and industry provided by the Department of Computer Science and Surrey Centre for Cyber Security. Our course is taught by experts, and equips you with the solid theoretical background and hands-on experience demanded by the information-security sector.

Programme overview

The electronic collection, transmission, processing, storage and retrieval of digital information are present in all spheres of our modern computerised society. Most existing commercial and private services can no longer be imagined without the underlying infrastructure and technology for handling the digital information. As such, protection of digital information from unauthorised access and use (as well as resilience of the underlying network infrastructure and systems to various sorts of attacks and their proactive protection against the prevalent cyber threat) has become one of the main challenges of the technological development of our society.

The science behind our Information Security MSc connects various disciplines (from computer science, electronic engineering and mathematics) and aims to design concepts, mechanisms and technologies for effective protection of digital information, communication infrastructures and computing systems.

Focused on key information security concepts, mechanisms and technologies, our MSc examines fundamental and advanced topics in important areas of modern information security, striving to achieve a balance between theoretical foundations and practical experience.

The programme consists of six compulsory (C) modules which span:

  • Information security principles, challenges and goals
  • Network security (incl. Internet security protocols and technologies, e.g. PKI)
  • Cryptographic algorithms and protocols
  • Information hiding (incl. multimedia data protection, watermarking and steganography)
  • Digital forensics (incl. concepts, technologies, tools)
  • Security of operating systems and software (incl. malware)
  • Security of Web and mobile applications
  • Security of cyber-physical systems (incl. wireless security)
  • Privacy-enhancing technologies (incl. online privacy protection and anonymity)
  • Human-centered and usable security, security economics
  • Security applications and technologies

Module overview

C - Compulsory, O - Optional
Taught modules Type Semester
Information and Network Security C 1
Symmetric Cryptography C 1
Asymmetric Cryptography C 1
Information Security Management C 1
Multimedia Security and Digital Forensics C 2
Secure Systems and Applications C 2
Information Security for Business and Government O 2
Project Management and Business Strategy O 2
Database Systems O 2
Cloud Computing O 2

You choose the remaining two modules from four optional (O) modules in Semester 2. These optional modules cover additional security-related topics or more general topics from computer science.

In your final dissertation projects you will be able to individually apply your knowledge of learned concepts and techniques, or conduct original research work on the design and development of innovative security mechanisms and applications. 

Compulsory modules

Information and Network Security

This module taught in Semester 1 covers basic concepts of information security and introduces a range of important security protocols that are currently used in practice to protect digital communications and network infrastructures. The module starts with the definition of general information security goals and overview of network protocols and attacks. It then details important network security protocols such as Kerberos, Internet Key Exchange (IKE) and IPsec, and introduces the concept of Public Key Infrastructures (PKI) and X.509 certificates.

Symmetric Cryptography

This module taught in Semester 1 introduces basic cryptographic concepts and algorithms in the area of private-key (or symmetric) cryptography. Following a short overview of historical ciphers this module will introduce concepts of perfect secrecy (e.g. one-time pad), one-way functions, pseudorandomness, block ciphers (e.g. 3DES, AES), collision-resistant hash functions (e.g. SHA) and message authentication codes (e.g. HMAC). Formal security definitions of these primitives will be introduced alongside with their general constructions and practical realizations.

Asymmetric Cryptography

This module taught in Semester 1 introduces basic cryptographic concepts, algorithms, and protocols in the area of public-key (or asymmetric) cryptography. Following an introduction of required mathematical concepts from number theory (e.g. modular arithmetic, integer factorization) and discrete mathematics (e.g. cyclic groups, discrete logarithms) this module will cover cryptographic algorithms for public-key encryption and digital signatures (e.g. ElGamal, RSA), cryptographic protocols for the establishment of secret keys (e.g. Diffie-Hellman) as well as a selection of advanced cryptographic protocols (e.g. threshold cryptography, identification protocols, zero-knowledge proofs). Formal security definitions of these algorithms will be introduced alongside with their constructions and practical realizations.

Information Security Management

This module offered in Semester 1 covers main concepts and methods for information security management and risk analysis and aims at raising the awareness for the wide range of security issues, incl. technical and organisational challenges a business must face when building a secure solution. The module starts with general information security goals for various parts of an information system. It then details the areas of risk management and security planning processes and focuses on technical and non-technical aspects of information security project management.  

Multimedia Security and Digital Forensics

This module taught in Semester 2 focuses on digital protection and forensic analysis of multimedia content and information hiding using signal processing techniques. Following an introduction of required fundamental multimedia processing techniques this module will cover two main branches of information hiding: steganography and digital watermarking The module will further explain concepts and technologies behind digital forensics for various types of data including both textual, binary and multimedia data.

Secure Systems and Applications

This module taught in Semester 2 covers concepts and technologies for building secure and usable systems. The different lectures of the module focus on access control mechanisms, security mechanisms for software and operating systems (e.g. Android), threats and countermeasures for Web applications, human-centred security concepts such as user authentication (e.g. passwords), social engineering attacks (e.g. phishing), usability and economics of security, protection mechanisms for user privacy and anonymity as well as selected security applications such as secure e-voting.

Optional modules

Information Security for Business and Government

This module offered in Semester 2 contains a series of lecture talks and is taught in the style of a seminar. The talks are given by security professionals from academia and industry on modern topics of information security and its applications.  

Project Management and Business Strategy

This module offered in Semester 2 provides students with understanding and skills that are necessary to manage IT projects and operations in industry. In addition to theoretical foundations this modules illustrates tools and techniques for effective project management and assistance in various strategy forming processes.

Databases Systems

This module offered in Semester 2 first develops the necessary skills and familiarity for using use state-of-the-art technologies to design, implement and manage database systems and then shows how to use a range of data mining and information retrieval tools to discover data patterns and retrieve information from databases.

Cloud Computing

This module offered in Semester 2 introduces key concepts and technologies behind Cloud Computing that are used in a variety of academic and industrial contexts (e.g. Amazon EC2, Google App Engine, Apache Hadoop, Eucalyptus, OpenStack, Condor). The module covers cloud computing architectures, systems, supporting software applications, resource management and information services.

(Please note that these modules are subject to change. Check with Admissions for the latest details of modules offered.)

Dissertation project

The MSc dissertation project makes up one third of the degree programme, starting towards the end of the first semester and completing at the end of the summer. During the project, you are supervised by a member of academic staff to advise and guide you to completion. At the end of the project, you must submit your bound dissertation, which forms a complete record of the project.

The project focuses in depth on a subject at the leading edge of computing. For example, projects can undertake the development of a software system to solve a particular problem, possibly in collaboration with an industrial partner.

Alternatively, projects can be research-based, in which case an aspect of computing is investigated, perhaps to evaluate particular techniques or propose a new algorithm. These projects are usually closely linked to the Department’s research strengths.

Whatever the topic, you are expected to develop a critical understanding of the methods and technologies needed, then implement and evaluate your chosen solution to a professional standard. Project planning and time management is an important part of the experience.

Teaching and assessment

Taught Masters programmes in the Department of Computer Science utilise our research-active staff in conjunction with state-of-the-art facilities. We provide a range of learning experiences, including lectures, tutorials, directed study, practical laboratories and project work, which prepare graduates for their professional life. Students of the MSc Information Security programme will have access to a modern Applied Security Lab that features modern computer infrastructure that can support a variety of security-related experiments and research activities.

We are particularly keen to develop, in all our students, a broad range of generic skills to complement the core technical or scientific competencies of their chosen subject area. Our modular programme format, coupled with the increasing use of innovative teaching and learning strategies involving e-learning, provides a flexible study environment whilst maintaining academic rigour and quality.

What our students say

Why not read about the experiences of our past and present students, including Andy SmithGeorge Kapetanios and Arati Gurung?


Professional recognition

Our MSc in Information Security programme has been evaluated by the British Government Communications Headquarters (GCHQ) and awarded GCHQ-certified status. The present certification status of provisional reflects the relative recency of the programme, and full status will be sought. For more information about GCHQ certification, please visit:

Related programmes

Postgraduate (Taught)

Related departments/schools

Related research areas

Programme leader

Dr Lee Gillam

Find out more

General enquiries:

+44 (0)1483 681 681

Admissions enquiries:


Programme facts

Type of programme:


Programme length:

  • Full-time: 12 months
  • Part-time: 36 months

Start date:

Sep 2016

Entry Requirements

Candidates should have a first degree in computing or cognate discipline from a UK university or the international equivalent. They should have obtained the degree at 2.2 level or higher. In exceptional circumstances, work experience may also be considered if the candidate has achieved less than a 2.2.

View entry requirements by country

English language requirements

We offer intensive English language pre-sessional courses, designed to take you to the level of English ability and skill required for your studies here.


Study mode Start date UK/EU fees Overseas fees
Full-time Sep 2016 £8,000 £18,000
Part-time Sep 2016 £4,000 £9,000

Please note these fees are for the academic year 2016/2017 only. Annual fees will rise by four per cent (rounded up to the nearest £100) for each year of study.

A complete list of all fees for our Masters Programmes


Discounts for Surrey graduates

Thinking of continuing your education at Surrey? As an alumnus of Surrey you may be eligible for a ten per cent discount on our taught Masters programme fees. Learn more.

For more details

GREAT Surrey Scholarships India

For for all postgraduate taught courses starting in February 2017 within the Faculty of Engineering and Physical Sciences, the University is offering graduates from India the opportunity to apply for one of three scholarships worth £5,000 through the GREAT Scholarships - India programme. 

For more details

Admissions Information

Our Admissions Policy provides the basis for admissions practice across the University and gives a framework for how we encourage, consider applications and admit students.

Further information for applicants

Postgraduate Study Advice

Steps to Postgraduate Study is an official, independent guide for anyone considering a taught postgraduate course. The guide is produced by the Higher Education Funding Council for England (HEFCE), the Higher Education Funding Council for Wales, the Scottish Funding Council and the Department for Employment and Learning, Northern Ireland.

Find out more


Modules listed are indicative, reflecting the information available at the time of publication. Please note that not all modules described are compulsory and may be subject to teaching availability and/or student demand.

Our alumni