University of Mauritius C-DAC SCHOOL OF ADVANCED COMPUTING

CD 505 MSc Information Security and Forensics
1. RATIONALE Information is the lifeblood of organizations and the vital business IT-enabled world. Access to high-quality, complete, accurate information makes managerial decision-making relatively easy. enhancing the value of information and IT systems have become a objective in most businesses. asset in today’s and up-to-date Protecting and central strategic

Today’s information society requires that everyone be aware of the potential threats to security, the limitations and the respective countermeasures of the extended use of IT. Awareness and training are of utmost importance to ensure that the society is well-equipped with the essential know-how and expertise to handle security risks and threats. Furthermore, comprehensive and reliable information security controls reduce the organization’s overall risk profile. Good information security builds management’s confidence and trust, allowing the organization to progress ahead with business opportunities that might otherwise be too risky to contemplate. All this goes to show that there is an increasing need of security professionals with appropriate knowledge and training. 2. OBJECTIVES The MSc in Information Security and Forensics offers the opportunity to study a wide variety of topics in depth and prepare the students for a rewarding career in several sectors related to information security. The course aims to groom the students to work on current technology scenarios as well as prepare them to keep pace with the challenging face of ICT and its requirements of highest levels of security. The programme endeavors to:      Impart advanced technical and conceptual foundations of information security and forensics. Provide specialized and relevant depth and dimensions to the application of information security and forensics in different realms. Build a clear perception of the information security mechanisms and primitives, threats and counter-measures. Develop an understanding of techniques to analyse security requirements and threats. Generate quality manpower to cater to the needs of industry and research & development organizations.

19

Mature Students who are older in terms of age (>30) and do not have the General Entry Requirements for admission at University of Mauritius but have a minimum of ANY ONE of the following criteria may also be considered:   A recognized undergraduate Diploma in relevant field or any other equivalent qualifications acceptable to the University plus at least 15 years’ of relevant work experience. 4. Skills to initiate research & development with respect to the emerging needs of information security and forensics. PROGRAMME DURATION Programme MSc (Part Time) Normal 1. Different exit options of the programme are provided below: Programme Postgraduate Certificate Postgraduate Diploma MSc Core Modules 12 credits 24 credits 24 credits 20 Dissertation 12 credits Total 12 24 36 . 5. Information Systems or any other Computer related field from a recognized higher education institution acceptable to the University of Mauritius. practical. whichever is applicable. PROGRAMME REQUIREMENTS A degree in Information Technology.5 out of 4 or equivalent. Physics with Electronics. Computer Science. applications and standards. GENERAL ENTRY REQUIREMENTS Successful completion of an undergraduate degree from a recognised higher education institution.Upon completion of the MSc. 3. Mathematics with Computing. with • at least a Second Class or 50%. or • a GPA not less than 2. An understanding of the real-world information security demands of present age organizations and ability to meet these calls. A Third Class or Pass Degree in relevant field plus at least 7 years’ of relevant work experience.5 years (3 semesters) with a maximum of 3 years (6 semesters) subject to the approval of the University of Mauritius. Electronics & Communication Engineering.5 years Maximum 3 years The normal duration of the part-time MSc programme is 1. students will be equipped with:    An advanced level of understanding of information security and forensics concepts and principles with respect to theory. OR alternative qualifications acceptable to the University of Mauritius.

PROGRAMME STRUCTURE SEMESTER 1 Code DAC 6104 DAC 6219 DAC 6107 DAC 6108 Module Name Computer Security Network and Internet Security Secure Programming Enterprise and Database Security SEMESTER 2 Code DAC 6206 DAC 6207 DAC 6208 DAC 6209 Module Name Cyber Forensics Ethical Hacking Cyber Crime and Law Information Security Management SEMESTER 3 Dissertation DAC 6000 Dissertation 12 Hr (L+P) Credits 30+30 30+30 45+0 45+0 3 3 3 3 Hr (L+P) Credits 45+0 45+0 30+30 30+30 3 3 3 3 Workshops and Seminars Non–assessed workshops and seminars shall be organized to guide students in security design. ASSESSMENT Each module will be assessed over 100 marks with details as follows:   A written examination of 3 hours duration carrying a range of 60% to 70% of total marks. Overall total of 40% is required to pass a module. 21 .6.  7. A certificate of participation will be given to all participants. and shall include at least one class test. Continuous assessment carrying a range of 30% to 40% of total marks unless otherwise stated in the program structure. development and management. and/or assignments. It may be based on laboratory works.

Secure Socket Layer (SSL). Digital rights management. Fuzzing. Database Security Models. Writing Computer Forensics Reports. Access Control for DBMS. TCP/IP Exploits: Domain Name Service (DNS). Internet Security: Secure shell. hosting: servers. Attacks and defenses on computer systems. Security Policy Development. access control. Static Analysis Tools for Security. Countermeasures. Secure website design. Preventive techniques. DAC 6219 Network and Internet Security Introduction to Network Security: Risk Analysis and Defense. platforms. Trusted computing systems. Ethical and legal issues in computer security. Manual Code Auditing for Software Security. Overview of Vulnerabilities and Attacks. eCommerce. Forensics Duplication. Wireless Network Security. Reflector Concepts in . Spyware. Encase. Evidence Handling. Computer Forensics Analysis. and filters. Computer System Storage Fundamentals. Trusted operating systems. Probing a Host for Weakness. SQL Command Injection Attacks. Processing Crime and Incident Scenes. Forensic Tools. EDI links with parties within and outside the organization. trojan horses. Spoofing. Remote Trojans. Security problems in network protocols. Data Recovery. Application code: sandboxing and isolation. Object-Oriented Database Protection. NIS. Structure of computer viruses. Intranet. IPv6. Analyzing Network 22 . and protection. Internet. Live Data Collection from UNIX. Collecting Network Based Evidence. Basic cryptography. VPNs. Distributed Database Security. Programming Language Mechanisms and Security. Phishing. Database Security Design. Investigating UNIX Systems. Hardware. Computer Investigations. User interfaces. E-mail and Web Security. intrusion detection. Data Analysis Techniques. Data classifications. Databases and supporting data models. Statistical Database Protection. Web security. Secure system design. Race Conditions. Malicious code: viruses.NET. Password Cracking. Authentication. Network defense tools: firewalls. Live Data Collection from Windows Systems. Key-loggers. OUTLINE SYLLABUS DAC 6104 Computer Security Principles of computer security. In-Band Signalling and Malicious Input. DAC 6107 Secure Programming Basic Principles of Software Security. Virtual Private Networks (VPN). Active Database Protection. Security Organization. worms. Anti-virus programs. Distributed coordinated attacks. User authentication: Password management. network components and security devices and where they are kept.8. Bug exploits. Extranet. Binary Analysis. Malware. Denial of Service Attacks. Reverse Engineering. Router protocols. Secure network protocols. Unwanted traffic: denial of service attacks and spam email. Secure web applications. DAC 6108 Enterprise and Database Security Overview of Database Security. Service and node authentication. Directions in Current Research. Sniffing. Investigating Windows Systems. Network and Device Forensics. DAC 6206 Cyber Forensics Introduction to Computer Forensics. Digital Evidence Controls. Buffer Overflow and Other Memory Corruptions. Buffer.

Laws Related to ICT. National Security. Search. Planning for Contingencies. Web Application Vulnerabilities. War of Ideas. Investigations. Sniffers. Risk Management: Identifying. DAC 6208 Cyber Crime and Law Overview of Cyber Crime. Infrastructure and Information Security. Online Fraud and Identity Theft. Pornography. Information Security Project Management. Information Security Policy. Models and Practices. The project work is carried out individually under the supervision of an expert. Internet Activity Analysis. Trojans and Backdoors. International Aspects and Jurisdiction. Hacking Web Servers. Investigating Cyber Crime. Physical Security. Enumeration. Linux Hacking. Foot Printing. At the end of the third semester the students are required to submit a project dissertation (of 10. DAC 6000 Dissertation The dissertation provides an opportunity for the students to contribute to an original piece of research work. Interception. Hijacking. E-mail DAC 6207 Ethical Hacking Introduction to Ethical Hacking. The students are encouraged to design and undertake a project relevant to information security and forensics. Penetration Testing. SQL Injection. Security Programmes. Database Forensics. Protection Mechanisms and Personnel. Seizure and Surveillance. Intellectual Property Theft. evaluate the outcome and draw valid conclusions. Session. 23 . and are required to plan and execute the work. Cyber Laws. Virtual Crime. Scanning. Steganography and Data Watermarking. Evading Firewalls. Buffer Overflows. Assessing and Controlling Risk. Denial of Service. Investigating Hacker Tools. Cryptography. System Hacking.Traffic.000-14. Computer Intrusions and Attacks. Law and Ethics. Social Engineering. Intrusion of Privacy. Web Based Password Cracking Techniques. Copyright Violation. Hacking Wireless Networks. IDS & Honeypots.000 words) on which a viva-voce will be conducted. DAC 6209 Information Security Management Overview of Information Security Management and Planning. Trade Secret Theft and Economic Espionage. Ethical and Legal Issues. Online Vice Gambling. Information Warfare.