Description of the applicant - Appendix D: Required structure of application for Provisional ce

Appendix D: Required structure of application for Provisional certification

2 Description of the applicant

3. ‘Description of the Master’s degree in cyber security’ (up to ten sides of A4, excluding the module descriptions)

4. ‘Assessment materials’ (up to five sides of A4, excluding copies of examination papers and copies of information provided for coursework)

5. ‘Original research dissertations’ (up to five sides of A4)

Documents should be in Word or pdf format with the font size no smaller than 10pt. Unless

specifically asked for, additional pages and other material in addition to that outlined above will not be read and will not therefore form part of the assessment for certification. All information provided will be treated confidentially and used only for the purposes of assessing applications.

1 HEI’s letter of support for the application

Please provide a signed letter from the Vice Chancellor (or equivalent) showing support for the HEI’s application to have a Master’s degree in Digital Forensics considered for certification by GCHQ. For those Master’s degrees that have not yet started, it is important that the HEI confirms the start date for the Master’s degree and that the degree will start by (up to and including) October 2016.

2 Description of the applicant

Please ensure that you cover the following points:

a. The names and structure of the department(s)/group(s)/school(s) responsible for the Master’s degree together with the names, seniority and roles of the members of staff

This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemptions under other UK information legislation. Refer disclosure requests to GCHQ on 01242 221491 x30306, email

[email protected]

responsible for delivering the degree content, setting and marking examinations, supervising projects, etc.

b. Please describe any recent investments from the HEI, government, industry etc. in the groups running the Master’s degree programme.

c. Please describe any external linkages that add value to the Master’s degree: e.g., visiting lecturers with specialist knowledge from other academic departments, government or industry; projects suggested, and monitored, by industry; etc.

d. Please describe the process used to review and re-new the course content in order to keep it up to date, for example: how often is the course content reviewed, by whom, and what external advice is taken (e.g., industrial advisory boards).

e. Please describe the facilities available to Master’s students in general and those dedicated to students undertaking the Master’s degree specifically, for example: computer laboratories, dedicated equipment, library (access to text-books), on-line journal subscription (for research dissertations), etc.

f. For each member of staff named above please provide a CV (up to 2 pages in length) which provides details of:

 academic background

 knowledge and expertise in Digital Forensics and cyber security – e.g., references to recent publications, working with industry and/or government

 esteem indicators – e.g., editorships, invited talks, membership of national and international advisory groups

 relevant professional certifications  etc.

The CVs should go in an appendix to section 2 or be placed in an appendix at the end of the application.

2.1 Criteria to be applied

i. There should be a coherent team responsible for delivering the Master’s, with clear roles and responsibilities.

ii. The team members delivering the modules, setting the examinations and marking papers should have the appropriate technical knowledge and skills in Digital Forensics and cyber security.

iii. The team should be well supported by the HEI. It would be desirable to see that the Master’s has valuable external linkages.

iv. There should be a well-defined process for keeping the Master’s degree up to date which takes account of appropriate internal and external advice.

v. Students undertaking the Master’s should have access to well-equipped modern computer laboratories with easy access to information on the latest developments in Digital Forensics and cyber security.

[email protected]

3 Description of the Master’s degree in Digital Forensics

Please ensure that you cover the following points:

a. Please provide a high-level description of the Master’s degree. This should include:  the name of the degree and the specific degree awarded (e.g., MSc etc.)

 the objectives and expected learning outcomes of the degree as a grounding for a Master’s qualification

 how the degree satisfies the QAA qualification framework for Master’s level

 if applicable, the number of academic years the degree has been running, whether it has recently been updated, and whether it is being delivered in academic year 2014 – 2015

 if applicable, the start date for the new/revised degree

 the overall structure of the degree – e.g., the set of taught modules, which modules are core and which are optional, the number of credits awarded for each module, the number of credits awarded for the original research dissertation

 any professional certifications attained as part of the degree, if applicable

 a description of how the degree is structured to accommodate part-time students, if applicable

b. Please provide a table (Table 3.1) that shows for each taught module23:  the member(s) of staff delivering the module

 which Subject Area(s) (Appendix B) the module covers – if it does not cover a Subject Area please state NONE

 the number of credits in the module

 the percentage of the module addressing the Subject Areas

 the number of credits in the module that can be considered to be addressing the Subject Areas – obtained from the product of the answers to the 3rd and 4th bullet points

c. In Table 3.1, please also clarify the estimated total number of credits addressing the Subject Areas and the total number of credits in the taught component of the degree. Please express the ratio of these figures as your estimate of the percentage of the taught component of the Master’s degree that can be mapped to the Subject Areas.

Applicants may find it helpful to refer to the document ‘Certification General Masters QandAs 01 May 2014’ available at http://www.cesg.gov.uk/awarenesstraining/academia/Pages/Masters-Degrees.aspx. The document describes the process to be used for determining the percentage of the taught modules addressing the Subject Areas.

[email protected] Module Member(s) of staff Subject Area(s) covered Number of credits in module Estimated percentage of module addressing Subject Areas Estimated number of credits in module addressing Subject Areas Module 1 ….. Module n Total Table 3.1

d. For each module that addresses a Subject Area, please provide a module description to include the syllabus/topics covered and the expected learning outcomes. Please include in each module description a list of the Core Topics and Other Indicative Topics (Appendix B) that the module covers. The module descriptions should be placed in an appendix to section 3.

e. With reference to Appendix B, please provide an overview of how the topic coverage required for a Master’s degree in Digital Forensics is achieved by completing Table 3.2 of the following form covering Subject Areas 1 to 7:

Subject Area Core Topics24 Modules covering

Core Topics25

Other Indicative Topics Modules covering Other Indicative

Topics

1. Foundations of Digital Forensics

 scope of digital forensics

 forensic perspective device architectures  principles of data storage media

 foundations data structures and algorithms

 principles of OSs and OS forensics  principles of networks and NW forensics  mobile device forensics

 file system analysis

 m1  m2  m3  m4  m5  m6  m7  m8

 OS-specific forensics, e.g.: o Windows o Linux o Mac OS o mobile OS o cloud based o embedded systems  m1 2. Digital Forensic analysis

 methodologies acquisition digital media  understanding file and data formats  understanding effect of OS, applications

and hardware  investigative techniques  m1  m2  m1  m4  anti-forensic techniques  malicious code  reverse engineering  intrusion investigation  heuristics-based analysis  m1  m2  m3  m4  m5 24

For brevity some of the descriptions of Topics have been shortened. In case of doubt, please refer to Appendix B for the full description. 25

Subject Area Core Topics Modules covering

Core Topics

Other Indicative Topics Modules covering Other Indicative Topics 3. Digital Forensic practice  investigation process  evidence collection  using digital forensic tools  ethics and good practice  evidence reporting  forensic readiness

 managing forensic capabilities

 m1  m2  m3  m4  m5  m6  m7

 forensics case studies  investigation methods  risk management  testing and verification

 m1  m2  m3  m4 4. An application of Digital Forensics

 one or more of: o investigations o data discovery o data recovery o information assurance o e-discovery o incident response  m1

Subject Area Core Topics Modules covering

Core Topics

Other Indicative Topics Modules covering Other Indicative

Topics

5. Legal process

 understanding relevant law  rules of evidence  giving evidence  evidential integrity  m1  m2  m3  m4  trial process  presenting evidence  courtroom role play  expert witness role  understanding legal frameworks  m1  m2  m3  m4  m5

6. Information security  principles and practice of securing

sensitive information

 m1  standards

 rules and procedures

 m1

 m2

7. Evidence handling and management

 ACPO good practice guide  Police and Criminal Evidence Act  crime scene management  chain of evidence  m1  m2  m3  m4  evidence archiving  m1 Table 3.2

[email protected]

f. For Master’s degrees with core and optional modules please identify the permitted combinations of core and optional taught modules that DO cover all of the Core Topics in Table 3.2.

g. For Master’s degrees in which the original research dissertation accounts for more than 45% of the credits available, please clarify how the remainder of the degree adequately covers all of the Core Topics.

h. Please describe how Security Discipline J, Professional Skills (Appendix B), is addressed in the Master’s degree. By way of example, describe how team-working, communication skills etc. are covered within the degree programme as a whole – it is not a requirement to have a separate dedicated module covering Professional Skills.

3.1 Criteria to be applied

i. The objectives and anticipated learning outcomes for students undertaking the Master’s should be clearly articulated.

ii. New/revised Master’s degrees that have not yet started must start by (up to and including) October 2016.

iii. The degree satisfies the QAA qualification framework for Master’s level.

iv. Part-time students should cover the same breadth and depth of content as one-year, full time students.

v. The completed Table 3.1 must show that at least one of the following options is met:  at least 70% of the taught modules in the Master’s must be able to be mapped to

Subject Areas 1 to 7

 for Master’s degrees that comprise a broad set of optional modules from which students can choose, it must be the case that students can select a set of taught modules in which at least 70% of the modules in the set can be mapped to Subject Areas 1 to 7

vi. The completed Table 3.2 must show that the taught modules provide coverage of all the Core Topics.

vii. Permitted combinations of core and optional modules that DO cover all the Core Topics in Table 3.2 must be clearly identified. There must be at least one combination of core and optional modules that covers all the Core Topics listed in Tables 3.2.

viii. For the case of Master’s degrees where the original research dissertation accounts for more than 45% of the credits available, it must be clear that the remainder of the degree is able to adequately cover the all of the Core Topics.

ix. Under the Professional Skills Security Discipline (Discipline J, Appendix B), the Master’s degree should address the following topics: team-working, communication skills, leadership and decision making

[email protected]

4 Assessment materials

Please ensure you cover the following:

a. Please describe the overall approach to assessment of the taught modules on the Master’s degree. This should include:

 assessment methodology  marking scheme

 the pass mark for individual modules and the taught part of the degree overall b. Please describe how the overall mark for the degree as a whole is worked out from the

taught component and research dissertation component. Please describe the mark required to achieve pass, merit and distinction (where appropriate) of the overall degree.

c. For each of the modules identified in section 3 that address Subject Areas 1 to 7, please describe the process (to be) used for assessment (e.g., examination, coursework, practical exercises, etc.). Please provide a copy of examination paper(s) that students have sat or specimen paper(s) of the examinations they will sit. For assessed coursework, please provide copies of the information (to be) provided to students and the assessment criteria used by the HEI. This information should be placed in an appendix to section 4.

4.1 Criteria to be applied

i. The overall approach to the assessment of the taught component to the Master’s should be clear and coherent. The marking scheme should make it clear what students have to

demonstrate in their work in order to be awarded the relevant marks/grades.

ii. The examination and assessment process must rigorously test students’ understanding of the Subject Areas and Core Topics shown in Appendix B.

In document Certification of Master s Degrees in Digital Forensics (Page 32-40)