[24/2/2020]: Course schedule updated
[21/2/2020]: Course Outline released
- Course Code: COMP9447
- Term: 2020 T1
- Course Title: Security Engineering Workshop
- Convenor: Richard Buckland
- Course Admin: Christopher Shi
- Contact: cs9447@cse.unsw.edu.au
- Units of Credit: 6
- Handbook Entry: https://www.handbook.unsw.edu.au/postgraduate/courses/2020/COMP9447/
AWS Work Integrated Learning is running under COMP9447, an applied workshop course on security engineering. Students will develop a product in conjunction with the Amazon Web Services that will attempt to solve a challenge/problem faced by their customers and industry partners.
Knowledge of the following areas will be useful
- Security
- Cloud computing / platforms
- Computer networks
- Databases
- Operating systems
- Web development
After completing this course, students should be able to have:
- The ability to make trade-off decisions with regard to cost, security, and deployment complexity given a set of application requirement
- A working knowledge of AWS security services and how to provide a secure production environment
- An understanding of AWS security best practices and how to implement them
- An understanding of data encryption methods and AWS mechanisms to implement them
- An understanding of incident response techniques in the cloud
- The ability to work through practical real world cloud challenges
The course will involve an indicative:
- one working day per week (estimated 8 hours) of hands-on onsite participation at AWS
- an additional estimated 8 hours per week of offsite independent/collaborative work
Attendance is not compulsory, however we highly encourage you to attend as you will get the most out of this experience. Weekly consultations are provided on Tuesday from 12PM to 2PM.
If you cannot attend a working day or would like to book a university room for offsite work, please email the course contacts.
This course (COMP9447) is designed to give students an opportunity to apply their knowledge and theory to real world experience working in security engineering. Therefore, engaging external expertise is a primary part of this course
Working with AWS allows students to apply their knowledge in a practical environment and gain working experience to build a real product for the highly evolving cloud computing area.
A core part of work integrated learning is to engage the expertise of individuals that have experience in this field. Beyond immediate mentorship and support from AWS, this course also seeks the guidance of other experts within AWS and previous students.
The Student Code of Conduct (Information , Policy) sets out what the University expects from students as members of the UNSW community. As well as the learning, teaching and research environment, the University aims to provide an environment that enables students to achieve their full potential and to provide an experience consistent with the University's values and guiding principles. A condition of enrolment is that students inform themselves of the University's rules and policies affecting them, and conduct themselves accordingly.
In particular, students have the responsibility to observe standards of equity and respect in dealing with every member of the University community. This applies to all activities on UNSW premises and all external activities related to study and research. This includes behaviour in person as well as behaviour on social media, for example Facebook groups set up for the purpose of discussing UNSW courses or course work. Behaviour that is considered in breach of the Student Code Policy as discriminatory, sexually inappropriate, bullying, harassing, invading another's privacy or causing any person to fear for their personal safety is serious misconduct and can lead to severe penalties, including suspension or exclusion from UNSW.
If you have any concerns, you may raise them with your lecturer, or approach the School Ethics Officer , Grievance Officer , or one of the student representatives.
Plagiarism is defined as using the words or ideas of others and presenting them as your own. UNSW and CSE treat plagiarism as academic misconduct, which means that it carries penalties as severe as being excluded from further study at UNSW. There are several on-line sources to help you understand what plagiarism is and how it is dealt with at UNSW:
Plagiarism and Academic Integrity UNSW Plagiarism Procedure Make sure that you read and understand these. Ignorance is not accepted as an excuse for plagiarism. In particular, you are also responsible that your assignment files are not accessible by anyone but you by setting the correct permissions in your CSE directory and code repository, if using. Note also that plagiarism includes paying or asking another person to do a piece of work for you and then submitting it as your own work.
UNSW has an ongoing commitment to fostering a culture of learning informed by academic integrity. All UNSW staff and students have a responsibility to adhere to this principle of academic integrity. Plagiarism undermines academic integrity and is not tolerated at UNSW. Plagiarism at UNSW is defined as using the words or ideas of others and passing them off as your own.
If you haven't done so yet, please take the time to read the full text of
UNSW's policy regarding academic honesty and plagiarism The pages below describe the policies and procedures in more detail:
Student Code Policy Student Misconduct Procedure Plagiarism Policy Statement Plagiarism Procedure You should also read the following page which describes your rights and responsibilities in the CSE context:
Essential Advice for CSE Students
Please familiarise yourself with the AWS Acceptable Usage Policy
- 25% Final Product, marked as a group
- 25% Group Report, marked as a group
- 25% Final Presentation, marked individually
- 25% Individual Self Reflection, marked individually
These artefacts are all due at the end of the term. Specific due dates and relevant marking criteria will be released by the end of Week 2.
Please consult the marking criteria for each artefact/deliverable for more information.
Includes:
- Code repository (Github)
- Supporting documentation
- Any other supporting material (that is required for the final product to be classified as minimum viable product (MVP))
A written business-case style report contributed to by all members of the team that documents their experience through this course and the project that they have been working on. This should include a evaluation of the project as a group, the challenges/breakthroughs you faced, what you liked/disliked about the whole experience, etc.
A presentation (slide deck) presented at AWS at the end of the project detailing the functionality of the final product and the value it presents to solving an issue faced by AWS customers and partners.
At the end of the term students are expected to perform a self reflection on their progress and work output. Part of this self reflection should include a journal that students keep updated throughout the term as a record of their individual progress and learnings for this course.
Date | Week | Location | Topic |
---|---|---|---|
20th Feb | 1 | UNSW | Introduction |
27th Feb | 2 | AWS | Immersion Day |
5th Mar | 3 | AWS | |
12th Mar | 4 | AWS | |
19th Mar | 5 | AWS | |
26th Mar | 6 | AWS | AWS Summit Week |
9th Apr | 7 | AWS | |
16th Apr | 8 | AWS | |
23rd Apr | 9 | AWS | |
30th Apr | 10 | AWS |
// TODO Dates for deliverables
- NIST Computer Security Incident Handling Guide
- NIST Guidelines on Security and Privacy in Public Cloud Computing
- SOC / IEC 27035:2016 – Information Security Incident Management
- AWS Security Incident Response Guide
- AWS creating an Incident response run book
- AWS re:Invent 2019: DIY guide to runbooks, incident reports, and incident response (SEC318-R1)
- Automating Incident Response and Forensics in AWS
- Automated Response and Remediation with AWS Security Hub
Applications for Special Consideration are handled by UNSW Student Support and Services, not by subject staff.
Any points of feedback for the course can be emailed directly to cs9447@cse.unsw.edu.au. Weekly surveys will be sent out to you asking for ideas and suggestions on how the course can be improved. At the end of the course, you will be asked to complete the myExperience survey, which provides the university with a key source of student evaluative feedback.
In previous iterations of this course, issues that students have pointed out include:
- Releasing marking criteria late
- Vague course outline, learning outcomes
This has been addressed during the 20T1 offering.
- Course specific: cs9447@cse.unsw.edu.au
- AWS Point of Contact: liddlep@amazon.com
- Course Admin: christopher.shi@unsw.edu.au
- SECedu General: secedu@unsw.edu.au