MSc Professional Practice in Digital Forensics and Security Assessment Briefing Introduction This document describes the De Montfort University (DMU) assessments you are likely to encounter should you decide to enrol for an academic top-up to your 7Safe course(s). We aim to be flexible and supportive of your individual learning needs and as such you are quite likely to find that module assessments have fixed and negotiable elements offering the opportunity for assessments to reflect your interests and personal development aspirations. A fundamental design feature of the assessment for each module is to provide not just a pure academic ‘essay type test’, but also to give you the opportunity to undertake a structured practical assessment exercise which demonstrates your mastery of the 7Safe course content. In doing this, the ‘academic top-up’ becomes as much a further learning opportunity as an assessment exercise. If you would like to discuss the assessment for any of the module on this course please feel free to contact the module leader(s) directly – their contact details are provided below in the individual module sections. For enquiries about the course in general please feel free to contact the Course Leader(s) directly at: Dr. Richard Howley rgh@dmu.ac.uk Dr. Helge Janicke heljanic@dmu.ac.uk For enquiries about applying or to find out the current status of your applications contact the course Admissions Coordinator: Joanne Dickie jdickie@dmu.ac.uk Thanks you for taking the time to read this document; we hope you found it interesting and useful. Please do feel free to contact us if you have any questions about the course or the admissions requirements. Richard Howley & Helge Janicke Cyber Security Centre* Department of Computer Technology De Montfort University The Gateway Leicester LE1 9BH *Cyber Security Centre at http://www.dmu.ac.uk/csc Module Specific Assessments CTEC5300 Network Security and Ethical Hacking 1 Those wishing to join this module must have successfully completed the CSTA – Ethical Hacking Hands-on 1 course delivered by 7Safe. The DMU assessment for this module will be negotiated with each student at the commencement of their studies. Contact the module leader for further information. Module Leader: Peter Norris Email: pdn@dmu.ac.uk CTEC5301 Network Security and Ethical Hacking 2 Students must have been awarded the CSTP Ethical Hacking Hands-on 2 by 7Safe to be eligible to apply to join this module. There are two DMU assessments in this module: First a practical element which is designed to demonstrate that the student understands the topic and is able to apply that knowledge to real world scenarios. Secondly an academic element which is designed to allow the student to explore and discuss current research in this arena. The practical element of the module will involve the investigation and penetration of a live web application. Using common web application hacking techniques, the student will test a given website to determine its effectiveness against these attacks and produce a 5000 word vulnerability report of the investigation, which is supported by evidence. This will be worth 60% of the module grade. The academic element of the module will consist of an essay which will discuss one of a number of core themes in this problem domain. The student will conduct relevant research and produce a report which demonstrates a master’s level understanding of the topic. This is worth 40% of the module grade. Module Leader: Clinton Ingrams Email: cfi@dmu.ac.uk CTEC5302 Wireless Security To apply to join this module you must have successfully completed and been awarded the CWSA Wireless Security Hands-on course run and assessed by 7Safe. The assessment for this module will be negotiated with each student at the commencement of their studies. Contact the module leader for further information. Module Leader: Peter Norris Email: pdn@dmu.ac.uk CTEC5303 Forensic Tools and Processes To apply to join this module you should have studied and passed the 7Safe CFIP Forensic Investigation Hands-on course. The DMU assessment of this module involves the production of a Portfolio of Achievement (PoA) consisting of optional and compulsory elements starting off with a personal training needs analysis (TNA) and the creation of a personal action plan for academic and professional skills updating. The academic skills element is compulsory, but there will be room for personal skills development and the integration of professional and academic skills. The professional elements of the portfolio will involve the student identifying a topic in the field of digital forensics not covered on the 7Safe course and for them to research into the area, learn the processes and tools used and demonstrate mastery of the area. A 5000 word report (supported by software artefacts as required) will be produced and assessed that reports and evaluates the outcome of this exercise. (40% of the Portfolio assessment) The academic aspects of the module will consist of an essay addressing one of the core themes in this subject domain. The precise title will be determined as part of the TNA process. (60% of the Portfolio assessment) Module Leader: Richard Howley Email: rgh@dmu.ac.uk CTEC5304 Applied Forensics – Malware Investigations To apply to join this module you should have studied and passed the 7Safe CMI Malware Investigations Hands-on course. There are two assessments in this module, a professional (practical element) and an academic element. The professional element will demonstrate that the student has the practical skills required for such a complex topic and will allow the student to investigate a malware sample in a controlled environment. The academic objective is designed to allow the student to explore the current research in this fast moving domain and to apply a critical eye. The professional element of the module will involve the investigation of a malware sample using both static and dynamic analysis techniques. The student will be responsible for researching and identifying the tools, techniques and processes that are required for such an undertaking. A 5000 word report which will be supported by evidence of the malware analysis will be produced to assess this component (50%). The academic aspect of the module will also consist of an essay which discusses one of a number of core themes of malware analysis. The student will be responsible for conducting research and writing up a report which demonstrates an understanding of the topic and gives an insightful and critical evaluation (50%). Module Leader: Gareth Lapworth Email: glapworth@dmu.ac.uk CTEC5305 Advanced Forensics and Incident Response To apply to join this module you should have studied and passed the 7Safe CSIS Computer Security Incident Investigation Hands-on course. The DMU assessment of this module normally consists of: 1. Designing and undertaking an incident response and or investigation of a network based compromise of digital resources. The results will be presented in a 4-5000 word report and by video as expert testimony. (40% of the Portfolio assessment) 2. A 5000 word essay addressing core themes raised during the module. The precise title will be determined at the point of assessment to ensure that it is ‘current’ and supportive of the individual needs of each learner. (60% of the Portfolio assessment) These assessments will be accompanied by an extensive set of required reading from current text books and journals. Module Leader: Richard Howley Email: rgh@dmu.ac.uk CTEC5306 Security Strategy and Standards To apply to join this module you should have studied and passed the 7Safe CIIP Implementing ISO 27001 course. The DMU assessment of this module consists of two reports: 1. Report 1 focuses on Advances in Security Policy Management and Risk analysis (approximately 2000 words). 2. Report 2 is a critical review of a selected risk management approach with respect to a given scenario to which the approach is applied (approximately 1000 words). Both reports are equally weighted. The assessment covers the indicated learning outcomes of this module in two parts. In the first report, students are required to research and critically review current state of the art methodologies to Security Policy Management and Risk-Analysis. Examples of these are probabilistic risk-modelling and causal analysis techniques. The second assessment requires the students to apply the knowledge gained in study of this module and the outcomes of the first coursework to a concrete case study and critically reflect on this state of the art approach in the light of current standards such as ISO27001. Module Leader: Helge Janicke Email: heljanic@dmu.ac.uk CTEC5264 Advanced Topics in Forensics and Security This module is a distance learning module taken from DMU MSc courses and will normally be studied by students who have already completed at least three of the modules listed above. It also provides support for students about to start the MSc Project/Dissertation module. The nature of the module is to engage the student with current research topics. It is therefore a natural motivational gadget to let the student be self-selecting of the topic which they will investigate. Since their chosen career, be it forensic or security, will necessarily involve communicating complex technical ideas to an audience, producing a report (approx. 2500 words) and presentation (10min) reflects professional practice. Students achieving high grades in their coursework are normally required to present their work at an end of year conference, which can be done via video link or pre-recorded presentation with phone-in for questions; this is a requirement for Distinction grades and desirable for Merit grades. Module Leader: Helge Janicke Email: heljanic@dmu.ac.uk IMAT5314 MSc Project/Dissertation The project is assessed by your Project Management Panel (PMP) members taking into account the following aspects: Understanding of Problem & Requirements This relates to the overall level of understanding of the problem gained through research and evaluation of current literature, and/or an analysis of the current and required system, and evidenced in the terms of reference, the dissertation as a whole and the viva/presentation. Project Development This covers all aspects of project development including evidence of skills in critical analysis and/or systems design using appropriate methodologies. This is reflected in the quality of the report/product and the match with the requirements. The PMP will look for evidence that the candidate has taken ownership of the project and worked to a sensible schedule, managing both time and other resources relevant to the project. Documentation Evidence of ability to present a logical argument and a critical analysis are essential for the award of the MSc. PMP members will also take into account the quality of the dissertation in terms of content, structure, referencing, readability and presentation. Oral Presentation/Viva or Demonstration/Viva Both content and delivery are important.PMP members will look for evidence of understanding and the ability to defend the methods and procedures adopted in the project. The PMP will also seek to confirm that the material presented is the candidate’s own work and take the opportunity to confirm the student’s level of understanding of the problem domain. A formulaic approach is not used at Masters level to assess the project. Assessors independently provide an overall mark for the project taking account of all the available evidence. The first and second reader (i.e., your PMP) will meet to agree a final percentage mark. Module Leader: John Platt Email: jplatt@dmu.ac.uk