Development and Dissemination of a New Multidisciplinary Undergraduate Curriculum in Digital Forensics

The Information Trust Institute (ITI) at the University of Illinois at Urbana-Champaign is developing an entirely new multidisciplinary undergraduate curriculum on the topic of digital forensics, and this paper presents the findings of the development process, including initial results and evaluation of a pilot offering of the coursework to students. The curriculum consists of a four-course sequence, including introductory and advanced lecture courses with parallel laboratory courses, followed by an advanced course. The content has been designed to reflect both the emerging national standards and the strong multidisciplinary character of the profession of digital forensics, and includes modules developed collaboratively by faculty experts in multiple fields of computer science, law, psychology, social sciences, and accountancy. A preliminary plan for the introductory course was presented to a workshop of digital forensics experts in May 2013 and received their strong approval. Pilot versions of the introductory and introductory lab courses were taught to a mixture of computer science and law students at the University of Illinois in the fall of 2013, and were very positively received by the students, who made it clear that they appreciated the multidisciplinary approach. The curriculum, which is designed to obviate the need for expensive labs or team-teaching by specialized faculty, will be made available to other colleges and universities in order to improve the content and quality of existing digital forensics programs, to inspire and greatly facilitate the creation of new programs, and, ultimately, to increase the number of educated practitioners. The developed resources can be used as the basis for future academic programs, distance learning, and multidisciplinary, multi-institutional programs that meet evolving digital forensics educational standards. Much of the material, including a virtual laboratory, will be provided on-line. Introductory course materials will be distributed to other institutions beginning in the summer of 2014; advanced course materials should be available for distribution in 2015. Related outreach activities have been undertaken and will be continued. Keywords: Digital forensics, Computer forensics, Curriculum development, Curriculum standards, Education standards, Training standards, Undergraduate education, Interdisciplinary studie

Digital Forensics in the Next Five Years

Cyber forensics has encountered major obstacles over the last decade and is at a crossroads. This paper presents data that was obtained during the National Workshop on Redefining Cyber Forensics (NWRCF) on May 23-24, 2017 supported by the National Science Foundation and organized by the University of New Haven. Qualitative and quantitative data were analyzed from twenty-four cyber forensics expert panel members. This work identified important themes that need to be addressed by the community, focusing on (1) where the domain currently is; (2) where it needs to go and; (3) steps needed to improve it. Furthermore, based on the results, we articulate (1) the biggest anticipated challenges the domain will face in the next five years; (2) the most important cyber forensics research opportunities in the next five years and; (3) the most important job-ready skills that need to be addressed by higher education curricula over the next five years. Lastly, we present the key issues and recommendations deliberated by the expert panel. Overall results indicated that a more active and coherent group needs to be formed in the cyber forensics community, with opportunities for continuous reassessment and improvement processes in place

Constructing a Methodology for Developing a Cybersecurity Program

This paper serves to introduce the problem of constructing a methodology to develop a cybersecurity program. The goal of the program is to prepare students graduating from an accredited two-year college for success in cybersecurity careers. Several challenges must be addressed such as program accreditation, workforce development, and DHS/NSA Center of Academic Excellence in Cyber Defense (CAE-CD) designation. All of these serve as inputs in constructing a methodology to develop such a program to meet local industry needs for cyber professional

Towards a framework for the integration of information security into undergraduate computing curricula

Information is an important and valuable asset, in both our everyday lives and in various organisations. Information is subject to numerous threats, these can originate internally or externally to the organisation and could be accidental, intentional or caused by natural disasters. As an important organisational asset, information should be appropriately protected from threats and threat agents regardless of their origin. Organisational employees are, however, often cited as the “weakest link” in the attempt to protect organisational information systems and related information assets. Additionally to this, employees are one of the biggest and closest threat-agents to an organisation’s information systems and its security. Upon graduating, computing (Computer Science, Information Systems and Information Technology) graduates typically become organisational employees. Within organisations, computing graduates often take on roles and responsibilities that involve designing, developing, implementing, upgrading and maintaining the information systems that store, process and transmit organisational information assets. It is, therefore, important that these computing graduates possess the necessary information security skills, knowledge and understanding that could enable them to perform their roles and responsibilities in a secure manner. These information security skills, knowledge and understanding can be acquired through information security education obtained through a qualification that is offered at a higher education institution. At many higher education institutions where information security is taught, it is taught as a single, isolated module at the fourth year level of study. The problem with this is that some computing students do not advance to this level and many of those that do, do not elect information security as a module. This means that these students may graduate and be employed by organisations lacking the necessary information security skills, knowledge and understanding to perform their roles and responsibilities securely. Consequently, this could increase the number of employees who are the “weakest link” in securing organisational information systems and related information assets. The ACM, as a key role player that provides educational guidelines for the development of computing curricula, recommends that information security should be pervasively integrated into computing curricula. However, these guidelines and recommendations do not provide sufficient guidance on “how” computing educators can pervasively integrate information security into their modules. Therefore, the problem identified by this research is that “currently, no generally used framework exists to aid the pervasive integration of information security into undergraduate computing curricula”. The primary research objective of this study, therefore, is to develop a framework to aid the pervasive integration of information security into undergraduate computing curricula. In order to meet this objective, secondary objectives were met, namely: To develop an understanding of the importance of information security; to determine the importance of information security education as it relates to undergraduate computing curricula; and to determine computing educators’ perspectives on information security education in a South African context. Various research methods were used to achieve this study’s research objectives. These research methods included a literature review which was used to define and provide an in-depth discussion relating to the domain in which this study is contained, namely: information security and information security education. Furthermore, a survey which took the form of semi-structured interviews supported by a questionnaire, was used to elicit computing educators’ perspectives on information security education in a South African context. Argumentation was used to argue towards the proposed framework to aid the pervasive integration of information security into undergraduate computing curricula. In addition, modelling techniques were used to model the proposed framework and scenarios were used to demonstrate how a computing department could implement the proposed framework. Finally, elite interviews supported by a questionnaire were conducted to validate the proposed framework. It is envisaged that the proposed framework could assist computing departments and undergraduate computing educators in the integration of information security into their curricula. Furthermore, the pervasive integration of information security into undergraduate computing curricula could ensure that computing graduates exit higher education institutions possessing the necessary information security skills, knowledge and understanding to enable them to perform their roles and responsibilities securely. It is hoped that this could enable computing graduates to become a stronger link in securing organisational information systems and related assets

Global Perspectives on Cybersecurity Education for 2030: A Case for a Meta-discipline

Information security has been an area of research and teaching within various computing disciplines in higher education almost since the beginnings of modern computers. The need for security in computing curricula has steadily grown over this period. Recently, with an emerging global crisis, because of the limitations of security within the nascent information technology infrastructure, the field of “cybersecurity” is emerging with international interest and support. Recent evolution of cybersecurity shows that it has begun to take shape as a true academic perspective, as opposed to simply being a training domain for certain specialized jobs. This report starts from the premise that cybersecurity is a “meta-discipline.” That is, cybersecurity is used as an aggregate label for a wide variety of similar disciplines, much in the same way that the terms “engineering” and “computing” are commonly used. Thus, cybersecurity should be formally interpreted as a meta-discipline with a variety of disciplinary variants, also characterized through a generic competency model. The intention is that this simple organizational concept will improve the clarity with which the field matures, resulting in improved standards and goals for many different types of cybersecurity programs

Cultivating success in forensic molecular biology students by developing laboratory skills

The University of Central Oklahoma’s Forensic Science Institute offers a series of courses for students pursuing a career as a forensic DNA analyst, providing students with the knowledge and experience to prepare them for such a career. One of the courses in the Forensic Molecular Biology series is Advanced Forensic DNA Analysis. This project creates a laboratory component for the Advanced Forensic DNA Analysis course. Addition of a laboratory course will further prepare Forensic Molecular Biology students for the real-world application of methods learned in the course. The laboratory involves experiences working with DNA profiles that vary in composition and complexity to simulate real-life casework. The lab also implements the use of statistical software for DNA analysis of both single source and mixed profiles. The course allows students to develop a working knowledge of interpreting various DNA profiles with a range of complexity, assigning statistical weight to their interpretation, designing standard operating procedures for methodology, and the validation process. The need to implement a laboratory alongside the course was identified through discussion with students and professors, as well as by comparison to similar programs at other universities. The laboratory course is designed with research-based educational methods to maximize student learning and course effectiveness. Professors of the course are provided with a learning framework that is adaptable to continuous improvement of the course to accommodate developments in the field and differing student needs. This project provides students with a greater foundation for success in the field of Forensic DNA Analysis

A Universal Cybersecurity Competency Framework for Organizational Users

The global reliance on the Internet to facilitate organizational operations necessitates further investments in organizational information security. Such investments hold the potential for protecting information assets from cybercriminals. To assist organizations with their information security, The National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NCWF) was created. The framework referenced the cybersecurity work, knowledge, and skills required to competently complete the tasks that strengthen their information security. Organizational users’ limited cybersecurity competency contributes to the financial and information losses suffered by organizations year after year. While most organizational users may be able to respond positively to a cybersecurity threat, without a measure of their cybersecurity competency they represent a cybersecurity threat to organizations. The main goal of this research study was to develop a universal Cybersecurity Competency Framework (CCF) to determine the demonstrated cybersecurity Knowledge, Skills, and Tasks (KSTs) through the NCWF (NICE, 2017) as well as identify the cybersecurity competency of organizational users. Limited attention has been given in cybersecurity research to determine organizational users’ cybersecurity competency. An expert panel of cybersecurity professionals known as Subject Matter Experts (SMEs) validated the cybersecurity KSTs necessary for the universal CCF. The research study utilized the explanatory sequential mixed-method approach to develop the universal CCF. This research study included a developmental approach combining quantitative and qualitative data collection in three research phases. In Phase 1, 42 SMEs identified the KSTs needed for the universal CCF. The results of the validated data from Phase 1 were inputted to construct the Phase 2 semi-structured interview. In Phase 2, qualitative data were gathered from 12 SMEs. The integration of the quantitative and qualitative data validated the KSTs. In Phase 3, 20 SMEs validated the KST weights and identified the threshold level. Phase 3 concluded with the SMEs\u27 aggregation of the KST weights into the universal CCF index. The weights assigned by the SMEs in Phase 3 showed that they considered knowledge as the most important competency, followed by Skills, then Tasks. The qualitative results revealed that training is needed for cybersecurity tasks. Phase 3 data collection and analysis continued with the aggregation of the validated weights into a single universal CCF index score. The SMEs determined that 72% was the threshold level. The findings of this research study significantly contribute to the body of knowledge on information systems and have implications for practitioners and academic researchers. It appears this is the only research study to develop a universal CCF to assess the organizational user’s competency and create a threshold level. The findings also offer further insights into what organizations need to provide cybersecurity training to their organizational users to enable them to competently mitigate cyber-attacks

Towards a Cybersecurity Skills Framework for South Africa

Cybersecurity is an ever-growing area of concern both globally and in South Africa. The increasing number of cyberattacks daily has had a large effect on individuals, organisations, governments, and society at large. The growing need to combat cybercrime is accompanied by the increased need for skilled IT professionals to assist in protecting against cybercrime. Currently, there is a worldwide cybersecurity skills gap and a lack of IT professionals with the requisite cybersecurity skills. Many countries have developed their own taxonomies and common lexicons for IT and cybersecurity work, specifically for their context. This type of common lexicon is important to help assist in the development of skills. However, South Africa does not yet have its own cybersecurity skills framework to serve as a common lexicon for the South African context. Hence, the problem defined for this study is that, without a common lexicon of the cybersecurity knowledge, skills, abilities, and tasks (KSATs) required of IT professionals as they relate to specific IT job roles in South Africa, the cybersecurity skills gap cannot be sufficiently addressed. Such a lexicon could help drive the development of skills in South Africa and, in so doing assist in alleviating the cybersecurity skills gap. This study therefore presents a common lexicon by collecting job postings over a four-month period from 1 October 2020 to 31 January 2021. These job postings were analysed using a thematic content analysis. The results identified 20 common IT job roles, together with the specific KSATs relating to each job role identified. As a result, these job roles form part of a proposed cybersecurity skills framework for South Africa (CSFwSA) which could help and guide South Africa towards more targeted cybersecurity skills development. The proposed framework could also be useful in guiding tertiary educational facilities in the creation of cybersecurity curricula that represent the real-world expectations. This, in turn, could help South Africa to address the cybersecurity skills gap by better preparing IT professionals and ensuring that they are trained and skilled in cybersecurity.Thesis (MIT) -- Faculty of Engineering, the Built Environment and Technology, School of Information Technology, 202

The Advanced Framework for Evaluating Remote Agents (AFERA): A Framework for Digital Forensic Practitioners

Digital forensics experts need a dependable method for evaluating evidence-gathering tools. Limited research and resources challenge this process and the lack of multi-endpoint data validation hinders reliability in distributed digital forensics. A framework was designed to evaluate distributed agent-based forensic tools while enabling practitioners to self-evaluate and demonstrate evidence reliability as required by the courts. Grounded in Design Science, the framework features guidelines, data, criteria, and checklists. Expert review enhances its quality and practicality

Towards a Cybersecurity Skills Framework for South Africa

Cybersecurity is an ever-growing area of concern both globally and in South Africa. The increasing number of cyberattacks daily has had a large effect on individuals, organisations, governments, and society at large. The growing need to combat cybercrime is accompanied by the increased need for skilled IT professionals to assist in protecting against cybercrime. Currently, there is a worldwide cybersecurity skills gap and a lack of IT professionals with the requisite cybersecurity skills. Many countries have developed their own taxonomies and common lexicons for IT and cybersecurity work, specifically for their context. This type of common lexicon is important to help assist in the development of skills. However, South Africa does not yet have its own cybersecurity skills framework to serve as a common lexicon for the South African context. Hence, the problem defined for this study is that, without a common lexicon of the cybersecurity knowledge, skills, abilities, and tasks (KSATs) required of IT professionals as they relate to specific IT job roles in South Africa, the cybersecurity skills gap cannot be sufficiently addressed. Such a lexicon could help drive the development of skills in South Africa and, in so doing assist in alleviating the cybersecurity skills gap. This study therefore presents a common lexicon by collecting job postings over a four-month period from 1 October 2020 to 31 January 2021. These job postings were analysed using a thematic content analysis. The results identified 20 common IT job roles, together with the specific KSATs relating to each job role identified. As a result, these job roles form part of a proposed cybersecurity skills framework for South Africa (CSFwSA) which could help and guide South Africa towards more targeted cybersecurity skills development. The proposed framework could also be useful in guiding tertiary educational facilities in the creation of cybersecurity curricula that represent the real-world expectations. This, in turn, could help South Africa to address the cybersecurity skills gap by better preparing IT professionals and ensuring that they are trained and skilled in cybersecurity.Thesis (MIT) -- Faculty of Engineering, the Built Environment and Technology, School of Information Technology, 202