Computer crime has increased tremendously in the last few years; even commercial giants are getting hacked, resulting in the loss of personally identifiable information. Many universities offer information assurance courses, but the availability of qualified professionals cannot keep up with the demand.
Lang et al. attempt to design a standardized digital forensics (DF) curriculum that can demonstrate to employers that students are qualified in this technology field. The authors discuss the difficulties in setting up such a curriculum, including balancing theory and practice, expensive tools, the availability of DF textbooks and qualified faculty, laboratory setup expenses, lack of prerequisites, and lack of curriculum standards. To prepare the curriculum, a cross-functional group of experts was consulted in fields such as computer security, computer networks, law, civil and criminal justice, fraud investigation, and psychology. The authors also reviewed different programs at other universities. Their proposed curriculum consists of an introductory course in digital forensics and an advanced course (to be developed in 2015) leading to a digital forensics certificate. Their pilot course was offered to computer science and law students. The authors evaluated the aspects of the course and made recommendations to increase the quality of the introductory course, based on comments received from students. The results indicated that a background in technical concepts should be required.
It is important to understand that digital forensics is just one topic required by practicing information assurance professionals. Topics such as access control, cryptography and encryption, networking and protocols, telecommunications and network security, and threats and vulnerabilities, among others, are not typically covered in a DF course. Employers would certainly welcome students with a DF certificate, but other certifications are more far reaching, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and others. This excellent paper would be of interest to faculty attempting to define certificates in DF or similar computer security areas.