Gerald M. Santoro, Ph.D. ([email protected]) College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802 (slides developed by Prof. Chao-Hsien Chu) IST 454 Computer and Cyber Forensics Learning by Doing Theory Practice
22
Embed
Gerald M. Santoro, Ph.D. ([email protected]) College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802 (slides.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Gerald M. Santoro, Ph.D. ([email protected])College of Information Sciences and Technology
The Pennsylvania State UniversityUniversity Park, PA 16802
(slides developed by Prof. Chao-Hsien Chu)
IST 454Computer and Cyber Forensics
LearningbyDoing
Theo
ry
Practi
ce
The Needs for Digital ForensicsThe Needs for Digital Forensics
• Incident handling• Identifying policy violations.• Auditing.• Investigating crimes.• Reconstructing computer security incidents.• Troubleshooting operational problems.• Log monitoring.• Recovering from accidental system damage.• Acquiring and retaining data for future use.• Exercising due diligence / regulatory compliance.• …
• Personnel Security• Physical and
Environmental Security• Procurement• Regulatory and
Standards• Risk Management• Strategic Management• System and
Application Security
• Data Security• Digital Forensics• Enterprise Continuity• Incident Management• IT Security Training
and Awareness• IT Systems Operations
and Maintenance• Network Security and
Telecommunications
IT Security EBK: 14 Competency AreasIT Security EBK: 14 Competency Areas
IT Security EBK: ModelIT Security EBK: Model
Knowledge and Skills NeededKnowledge and Skills Needed
• Critical thinking and judgment. 69%• Communications (verbal and written). 68%• Technical knowledge. 66%• Teamwork and collaboration. 52%• Ability to lead change. 52%• Business knowledge/acumen. 40%• Cross functional influence. 35%• Influence. 33%• Facilitation. 24%• Mentoring and coaching. 19%• Strategic business planning. 22%• Industry participation. 13%
SANSInstitute
2005 Survey
Prediction Detection Forensics Response
Defense In Depth of SecurityDefense In Depth of Security
Feedback
IST 451
SRA 111 SRA 468
• IST 451: Network Security
• IST 452: Legal & Regulatory Issues
• IST 453: Computer Forensics Law
• IST 454: Computer & Cyber Forensics
• IST 456: Security & Risk Management
• SRA 111: Security & Risk Analysis• SRA 211:Threats of Crime & Terrorism• SRA 221: Overview of Information Security• SRA 231: Decision Theory• SRA 311: Risk Management• SRA 472: Integration of Privacy & Security• SRA 468: Visual Analytics for Intelligence & Security