Course Outline

MISA 505 : Incident Management and Information Forensics

Preview Workflow

Viewing: MISA 505-WW : Incident Management and Information Forensics

Last approved: Wed, 20 Jan 2016 14:09:51 GMT

Last edit: Wed, 20 Jan 2016 14:09:50 GMT

College of Business (WBUAD)
Incident Management and Information Forensics
The compromise, theft, or sabotage of information systems vital to the organization's activities and objectives can have a profound effect on an enterprise. Investigating such incidents requires a special form of problem-solving that combines technical, legal and organizational skills and insights to solve the right problem without creating more in its wake. This calls for information systems forensics specialists, people who know how to find and follow the evidence, and managers who know why, when and how to put the forensics process to work in defense of the organization.This course explores system forensics processes and tools, and the implications this has both for the information security professional as well as the organization. The first part of the course includes a study of foundational concepts of the nature of security incidents, forensics techniques, and the evidentiary process. It considers the various roles that forensic specialists play in preparing the organization to deal with incidents including controlling, conducting and reporting on the investigation and resolution of information systems incidents. The second part of the course provides an opportunity for students to apply foundation concepts against sample and potential incidents, drawing from case studies and media reports. Students will consider various types of information systems forensic evidence and apply various tools and forensic analysis skills for incident investigation. Additional topics include communicating investigations and findings to organizational leadership as well as emerging technical frontiers of computer forensics. Prequisites: MISA 501 and MISA 502

This course is designed to provide students with the knowledge necessary to understand why and how information systems forensic investigations are conducted, and what organizational management should expect from the forensics process. It establishes an overall management process, from incident detection, planning the investigation, through gathering, protecting and analyzing digital evidence to reporting and using the results of the investigation. The course identifies key management concerns with the science and art of obtaining and analyzing evidence from computers, evidence found on storage devices or found by traces of activity on computer networks. It also provides a framework for examining the type of incidents computer forensics specialists may investigate, and the information gathering tools and techniques may be used. And although technology and law are constantly changing in the fast-paced world of information systems forensics, students will see how time-tested methods of investigation management help preserve and protect the organization’s plans and programs to achieve its goals and objectives.

Explain the importance of executing efficient investigations that directly serve organizational objectives, within ethical, legal or other regulatory constraints, and management’s role in establishing and controlling the scope and direction of forensics activities. Describe the functional and technical roles of a systems forensics specialist, both in pre-incident preparedness and in the conduct of investigating and resolving an incident. Describe the process of planning and conducting a computer forensics-related investigation, and how the chain of custody dictates how evidence is gathered, stored, protected, analyzed and then used in analysis and reporting. Explain how the basic nature of operating systems, applications programs, and data structures provide opportunities for information hiding and the destruction of evidence, while they define both the process and the pitfalls of evidence recovery and analysis. Explain the risks involved with improper digital evidence gathering techniques, both in terms of how easily evidence can be altered by improper technique, and with regards the chain of custody requirements. Understand significant ethical and legal challenges of Information Security Incidents and Investigations.

Located on the Daytona Beach Campus, the Jack R. Hunt Library is the primary library for all students of the Worldwide Campus. The Chief Academic Officer strongly recommends that every faculty member, where appropriate, require all students in his or her classes to access the Hunt Library or a comparable college-level local library for research. The results of this research can be used for class projects such as research papers, group discussion, or individual presentations. Students should feel comfortable with using the resources of the library. 

Web & Chat:
Text: (386) 968-8843
Library Phone:  (386) 226-7656 or (800) 678-9428


Written assignments must be formatted in accordance with the current edition of the Publication Manual of the American Psychological Association (APA) unless otherwise instructed in individual assignments.

ActivityPercent of Grade
Input Grading Item100

Undergraduate Grade Scale

90 - 100% A
80 - 89% B
70 - 79% C
60 - 69% D
0 - 60% F

Graduate Grade Scale

90 - 100% A
80 - 89% B
70 - 79% C
0 - 69% F
Wendi Kappers - 2/24/2015
Aaron Glassman - 2/24/2015
Dr. Bobby McMasters - 2/24/2015
1-5 Master of Science in Information Security and Assurance 1. Understand the interdisciplinary aspects (technical, business, management, and policy) of information assurance and information systems and organizational security.
2. Assess and manage the identification of and response to the changing nature of the information risks and information security challenges that increasingly complex, distributed organizations face.
3. Establish governance policies and management mechanisms necessary to develop, acquire, and operate sustainable, cost-effective secure information infrastructures.
4. Integrate various ethical, legal, technological and professional perspectives, both local and global, along with data protection and information assurance perspectives, throughout the various MIS decision making and managerial and leadership processes.
5. Manage and direct the development and operational use of information security and assurance procedures, policies and technologies throughout the organization.
Key: 330