Universities highlight IT forensics boom

Looking for a security qualification? Universities report burgeoning interest in computer forensics courses

Universities offering postgraduate courses for IT professionals claim to be seeing increasing interest in computer forensics skills, both from employers and from applicants.

Speaking to ZDNet at the Infosecurity Europe conference in London on Tuesday, Dr Ivan Flechais, a lecturer at Oxford University's software engineering centre, said he is seeing the term appear in many more job descriptions. "This is one area that is really picking up, and we're looking at it, trying to gauge if it is just the latest fad or whether it will prove more enduring."

"A lot of [the interest] seems to be from companies interested in trying to figure out how someone broke into their systems," he said.

Dr J Philip Evans, who runs the centre for research into information technology security at the University of Westminster, said he also believes that forensics is an "in" subject. "Companies want to find out what they will find out when they bring external consultants in," he said. "They are worried that they might get reported to the authorities in the same way that a tax accountant or solicitor looking at your tax records would be obliged to report you to the police if they found anything suspicious."

Evans added that there is no protection of privacy once companies bring outside entities in to look at their accounts, and companies are worried that this may apply to their security, too.

Budgets for postgraduate training seem to have increased as managers get more anxious about security. But, he cautioned, qualifications will not themselves stop attacks. "How useful qualifications are in their own right I don't know, but they certainly do help when you find yourself in court or defending an industrial tribunal. We also get a lot of interest from people in the police and the army who, on leaving, realise they need a certificate."

Both universities offer courses in IT security. At Oxford, students attend a five-day, full-time course, with a period of pre-study and an assignment to follow. For the security course this might be deconstructing an attack or designing a secure network, for instance. Successful completion of 10 courses will cost £19,000 and earn the student an MSc, and Dr Flechais said the universities offers bursaries to students from SMEs.

At the University of Westminster, students also take week-long courses followed by assignments. "We have 300 applicants for about 40 places, and try to screen out the ones who want to learn to hack," said Dr Evans. "If companies are prepared to pay, take time off unpaid, have 10 years' experience, that is usually a good sign. A lot of it is by word of mouth."