INM385 - Information security assurance and digital forensics
This module can be taken as part of a Postgraduate course or as a 5 day Continuous Professional Development (CPD) course.Rationale
Corporate IT resources are often subjected to different kinds of insider's and/or outsider's attacks.
Consequences of the attacks have different severity and corporate IT services should be able to reduce the incident likelihood, to detect the incident, properly classify it and respond appropriately when it happens. Digital evidence needs to be properly identified, preserved, acquired, analysed, interpreted and presented to the corporate decision and / or policy makers.
Thus, corporate information and computing services have a responsibility to implement and maintain information security management systems and digital forensic facilities and procedures as well as assess the achieved level of information assurance.
Technical staff of the services should be aware of the information assurance process and digital forensic procedures as well as to be able to classify incidents, preserve the evidence for subsequent external investigation or conduct internal digital forensic investigation if necessary. Failure to do this may lead to the loss of evidence, impossibility to reconstruct and investigate the incident, failure to prevent similar incidents from happening again and finally to substantial financial losses.
Educational Aims
This module aims to enable an IT or engineering graduate to:
- understand and implement the concepts and process of information assurance;
- understand, implement and apply the principles, tools and procedures of digital forensics;
- understand, implement and apply the principles and procedures of incident response.
Module Learning Outcomes
Upon successful completion of this programme, a student will be expected to be able to
Knowledge and understanding
- Outline the role of information assurance process and professionals in organisations
- Select and apply relevant standards, regulations and guidelines to improve information assurance
- Identify information risks, select relevant security controls and plan their implementation
- Apply some digital forensic tools and procedures taught, and understand the implications of all the important techniques, for risk, safety, security analysis
Values and Attitudes
- Exhibit rigour and tact in assessing digital risks and investigating incidents
- Consider the interests of all stakeholders in digital risk assessment and management
Cognitive/Intellectual Skills
- Critically evaluate research and literature relating to information assurance, digital forensics and incident response
- Evaluate and use appropriate tools and techniques
- Undertake critical evaluation (theoretical and empirical) of alternative design solutions
Subject Specific Skills
- Identify digital risks and relevant information assurance controls
- Identify and explain the human and organisational factors affecting information assurance
- Identify the implications of applicable regulations and standards for an information assurance management problem
Transferable Skills
- Create professional reports of performed research
- Take into account psychological and social factors in the operation of systems and organisations
- Research and use scientific literature for research purposes
Content
Basic Concepts of Information assurance, information security management systems and digital forensics; Standards, guidelines and legislation; Types of attacks and intrusions; Information assurance controls: selection, implementation, assessment Information security management systems; Cryptographic primitives, protocols and systems; Digital evidence and computer crimes Incidents and incident response Evidence acquisition, preservation analysis, interpretation and presentation Anti-forensics