Colin J. Armstrong

Digital Forensics: Defining an Education Agenda

While many fields have well-defined education agendas, this is not the case for digital forensics. A unique characteristic of the evolution of digital forensics is that it has been largely driven by practitioners in the field. As a result, the majority of the educational experiences have been developed in response to identified weaknesses in the system or to train individuals on the use of a specific tool or technique, rather than as a result of educational needs assessments based on an accepted common body of knowledge. In June, 2008 a group of digital forensics researchers, educators and practitioners met as a working group at the Colloquium for Information Systems Security Education (CISSE 2008) to brainstorm ideas for the development of a research, education, and outreach agenda for Digital Forensics. This paper presents the research in education needs that the group identified associated with the development of a digital forensics education agenda.

Mapping information security curricula to professional accreditation standards

The alignment of information security education curricula with national and international accreditation standards is a fast growing area of activity. This paper discusses several prominent professional accreditation standards in the area of information assurance in the USA and information security worldwide. Body of knowledge and student learning outcome recommendations by professional computing organizations for the discipline of information security form the basis of much of the education curricula design at present. Key topic areas in standards used for accreditation and certification in information security are also included in curricula design. This paper presents the findings from an exercise to identify areas of specific interest within information security reflected in a group of US national and international standards and discusses their relevance to education curricula design and evaluation.

Mastering computer forensics

This paper discusses the importance of computer forensics to both business and law enforcement environments and describes the passage along the path from act of crime to the court. It highlights the need for computer forensic training and education and gives an overview of the computer forensic course taught in a Masters degree at Curtin University.

An Approach to Visualising Information Security Knowledge

This paper discusses the application of international standards and guidelines together with vendor sponsored accreditation programs in the development of information security curriculum and an approach for visualising that knowledge.

Modeling Forensic Evidence Systems Using Design Science

This paper presents an overview of the application of design science research to the tactical management of forensic evidence processing. The opening discussion addresses the application of design science techniques to specific socio-technical information systems research in regard to processing forensic evidence. The discussion then presents the current problems faced by those dealing with evidence and a conceptual meta-model for a unified approach to forensic evidence is developed. Any practical application of the suggested model would be predominantly law enforcement driven; evaluation of sections of the model has been carried out by law enforcement participants in several international jurisdictions.

Mapping Social Media Insider Threat Attack Vectors

Of the many possible insider threat attack vectors the increasing adoption of social media technologies and applications and the changing generational mindset of young prospective employees poses a particular challenge for maintaining security. This paper discusses an approach using network science techniques to map attack vectors and seeing the security problem as either a puzzle to be resolved or a mystery in need of better understanding.

Including Stakeholder Perspectives in Digital Forensic Programs

An investigation due to adverse outcomes in a computer incident encapsulates stakeholders acting in specific roles. These stakeholders will have a unique worldview, based upon their association with other actors or the items of evidence. The worldviews of each actor will lean either side of neutrality towards either the prosecution or defense perspective. This paper discusses the inclusion of stakeholder perspectives into a traditional university program for a digital forensic curriculum.

The Role of Information Security Industry Training and Accreditation in Tertiary Education

This paper presents a proposal for a working group session on the role of industry training and professional certification in information security education at the tertiary level. The main question posed is Does industry training and professional certification have a place in university information security courses? If so, What industry training and professional accreditation courses are appropriate? and What is the place of these in academic courses and why? The discussion will centre on three areas: first, the nature of the linkage between industry requirements and academic offerings at university, and secondly the relevance of industry training and professional certification, and thirdly, the role industry training and certification should play in information security university courses.

On the matter of classifying node connections

Traditional network classification has focused on four aspects; structure, node, link, and dynamics. The purpose of this paper is to consider a node individually and to base classification on the types of links it possesses. A basic network provides only three possibilities with the ‘Mutual, Asynchronous, Null’ MAN system providing for sixteen different combinations of link patterns. This paper introduces a concept to resolve an unsatisfactory situation and to determine the significance of a ‘null’ link. The proposed extension of the MAN system provides thirty two different combinations of link patterns, and a system for acknowledging proportional combinations of node links, thereby facilitating a potentially more refined classification of node link pattern.

Virtual Penetration Testing: A Joint Education Exercise across Geographic Borders

This paper describes an exercise that combines the business case for penetration testing with the application of the testing and subsequent management reporting. The exercise was designed for students enrolled in information systems and computer science courses to present a more holistic understanding of network and system security within an organization. This paper explains the objectives and structure of the exercise and its planned execution by two groups of students, the first group being information systems students in Australia and the second group comprising students enrolled in a computer security course in the United States.