University of Mauritius C-DAC SCHOOL OF ADVANCED COMPUTING

CD 505 MSc Information Security and Forensics

1. RATIONALE Information is the lifeblood of organizations and the vital business IT-enabled world. Access to high-quality, complete, accurate information makes managerial decision-making relatively easy. enhancing the value of information and IT systems have become a objective in most businesses. asset in todays and up-to-date Protecting and central strategic

Todays information society requires that everyone be aware of the potential threats to security, the limitations and the respective countermeasures of the extended use of IT. Awareness and training are of utmost importance to ensure that the society is well-equipped with the essential know-how and expertise to handle security risks and threats. Furthermore, comprehensive and reliable information security controls reduce the organizations overall risk profile. Good information security builds managements confidence and trust, allowing the organization to progress ahead with business opportunities that might otherwise be too risky to contemplate. All this goes to show that there is an increasing need of security professionals with appropriate knowledge and training. 2. OBJECTIVES The MSc in Information Security and Forensics offers the opportunity to study a wide variety of topics in depth and prepare the students for a rewarding career in several sectors related to information security. The course aims to groom the students to work on current technology scenarios as well as prepare them to keep pace with the challenging face of ICT and its requirements of highest levels of security. The programme endeavors to: Impart advanced technical and conceptual foundations of information security and forensics. Provide specialized and relevant depth and dimensions to the application of information security and forensics in different realms. Build a clear perception of the information security mechanisms and primitives, threats and counter-measures. Develop an understanding of techniques to analyse security requirements and threats. Generate quality manpower to cater to the needs of industry and research & development organizations.

19

Upon completion of the MSc, students will be equipped with: An advanced level of understanding of information security and forensics concepts and principles with respect to theory, practical, applications and standards. An understanding of the real-world information security demands of present age organizations and ability to meet these calls. Skills to initiate research & development with respect to the emerging needs of information security and forensics.

3. GENERAL ENTRY REQUIREMENTS Successful completion of an undergraduate degree from a recognised higher education institution, with at least a Second Class or 50%, whichever is applicable, or a GPA not less than 2.5 out of 4 or equivalent. OR alternative qualifications acceptable to the University of Mauritius. Mature Students who are older in terms of age (>30) and do not have the General Entry Requirements for admission at University of Mauritius but have a minimum of ANY ONE of the following criteria may also be considered: A recognized undergraduate Diploma in relevant field or any other equivalent qualifications acceptable to the University plus at least 15 years of relevant work experience. A Third Class or Pass Degree in relevant field plus at least 7 years of relevant work experience.

4. PROGRAMME REQUIREMENTS A degree in Information Technology, Computer Science, Electronics & Communication Engineering, Mathematics with Computing, Physics with Electronics, Information Systems or any other Computer related field from a recognized higher education institution acceptable to the University of Mauritius. 5. PROGRAMME DURATION Programme MSc (Part Time) Normal 1.5 years Maximum 3 years

The normal duration of the part-time MSc programme is 1.5 years (3 semesters) with a maximum of 3 years (6 semesters) subject to the approval of the University of Mauritius. Different exit options of the programme are provided below: Programme Postgraduate Certificate Postgraduate Diploma MSc Core Modules 12 credits 24 credits 24 credits
20

Dissertation 12 credits

Total 12 24 36

6. ASSESSMENT Each module will be assessed over 100 marks with details as follows: A written examination of 3 hours duration carrying a range of 60% to 70% of total marks. Continuous assessment carrying a range of 30% to 40% of total marks unless otherwise stated in the program structure. It may be based on laboratory works, and/or assignments, and shall include at least one class test. Overall total of 40% is required to pass a module.

7. PROGRAMME STRUCTURE SEMESTER 1 Code DAC 6104 DAC 6219 DAC 6107 DAC 6108 Module Name Computer Security Network and Internet Security Secure Programming Enterprise and Database Security SEMESTER 2 Code DAC 6206 DAC 6207 DAC 6208 DAC 6209 Module Name Cyber Forensics Ethical Hacking Cyber Crime and Law Information Security Management SEMESTER 3 Dissertation DAC 6000 Dissertation 12 Hr (L+P) Credits 30+30 30+30 45+0 45+0 3 3 3 3 Hr (L+P) Credits 45+0 45+0 30+30 30+30 3 3 3 3

Workshops and Seminars Nonassessed workshops and seminars shall be organized to guide students in security design, development and management. A certificate of participation will be given to all participants.

21

8. OUTLINE SYLLABUS DAC 6104 Computer Security Principles of computer security, Basic cryptography, Authentication, Secure network protocols, Bug exploits, Malicious code: viruses, worms, trojan horses, Attacks and defenses on computer systems, Countermeasures, Trusted operating systems, Ethical and legal issues in computer security, Secure system design, access control, and protection, Buffer, Malware, Spyware, Key-loggers, Fuzzing, Application code: sandboxing and isolation, Web security, Secure website design, User authentication: Password management, Phishing, User interfaces, Security problems in network protocols, Network defense tools: firewalls, VPNs, intrusion detection, and filters, Unwanted traffic: denial of service attacks and spam email, Trusted computing systems, Digital rights management. DAC 6219 Network and Internet Security Introduction to Network Security: Risk Analysis and Defense, Security Policy Development, Security Organization, Structure of computer viruses, Anti-virus programs, Preventive techniques, TCP/IP Exploits: Domain Name Service (DNS), NIS, Router protocols, Service and node authentication, Probing a Host for Weakness, Remote Trojans, Denial of Service Attacks, Distributed coordinated attacks, Sniffing, Spoofing, Internet Security: Secure shell, Secure Socket Layer (SSL), Virtual Private Networks (VPN), IPv6, E-mail and Web Security, Wireless Network Security, Secure web applications. DAC 6107 Secure Programming Basic Principles of Software Security, Overview of Vulnerabilities and Attacks, Buffer Overflow and Other Memory Corruptions, In-Band Signalling and Malicious Input, SQL Command Injection Attacks, Race Conditions, Manual Code Auditing for Software Security, Static Analysis Tools for Security, Programming Language Mechanisms and Security, Reverse Engineering, Binary Analysis, Reflector Concepts in .NET, Directions in Current Research. DAC 6108 Enterprise and Database Security Overview of Database Security, Access Control for DBMS, Database Security Models, Database Security Design, Statistical Database Protection, Active Database Protection, Object-Oriented Database Protection, Distributed Database Security, Intranet, Extranet, Internet, eCommerce, EDI links with parties within and outside the organization, Data classifications, Databases and supporting data models, Hardware, platforms, hosting: servers, network components and security devices and where they are kept. DAC 6206 Cyber Forensics Introduction to Computer Forensics, Writing Computer Forensics Reports, Computer Forensics Analysis, Computer Investigations, Processing Crime and Incident Scenes, Password Cracking, Evidence Handling, Live Data Collection from UNIX, Investigating UNIX Systems, Forensics Duplication, Computer System Storage Fundamentals, Digital Evidence Controls, Live Data Collection from Windows Systems, Investigating Windows Systems, Data Analysis Techniques, Network and Device Forensics, Forensic Tools, Encase, Data Recovery, Collecting Network Based Evidence, Analyzing Network
22

Traffic, Steganography and Data Watermarking, Database Forensics, Investigations, Internet Activity Analysis, Investigating Hacker Tools.

E-mail

DAC 6207 Ethical Hacking Introduction to Ethical Hacking, Foot Printing, Scanning, Enumeration, System Hacking, Trojans and Backdoors, Sniffers, Denial of Service, Social Engineering, Session, Hijacking, Hacking Web Servers, Web Application Vulnerabilities, Web Based Password Cracking Techniques, SQL Injection, Hacking Wireless Networks, Physical Security, Linux Hacking, Evading Firewalls, IDS & Honeypots, Buffer Overflows, Cryptography, Penetration Testing. DAC 6208 Cyber Crime and Law Overview of Cyber Crime, Computer Intrusions and Attacks, Online Fraud and Identity Theft; Intrusion of Privacy, Intellectual Property Theft, Copyright Violation, Virtual Crime, Online Vice Gambling, Pornography; International Aspects and Jurisdiction, Infrastructure and Information Security, Investigating Cyber Crime, Interception, Search, Seizure and Surveillance, Information Warfare, War of Ideas, Trade Secret Theft and Economic Espionage, National Security, Cyber Laws, Laws Related to ICT, Ethical and Legal Issues. DAC 6209 Information Security Management Overview of Information Security Management and Planning, Planning for Contingencies, Information Security Policy, Security Programmes, Models and Practices, Risk Management: Identifying, Assessing and Controlling Risk, Protection Mechanisms and Personnel, Law and Ethics, Information Security Project Management. DAC 6000 Dissertation The dissertation provides an opportunity for the students to contribute to an original piece of research work. The students are encouraged to design and undertake a project relevant to information security and forensics, and are required to plan and execute the work, evaluate the outcome and draw valid conclusions. The project work is carried out individually under the supervision of an expert. At the end of the third semester the students are required to submit a project dissertation (of 10,000-14,000 words) on which a viva-voce will be conducted.

23