SlideShare ist ein Scribd-Unternehmen logo

Cyber forensic readiness cybercon2012 adv j fick

Jacqueline Fick
Jacqueline Fick

Cyber Forensic Readiness: An Integrated approach

Recht
1 von 21
Downloaden Sie, um offline zu lesen
Cyber Forensic Readiness: An Integrated Approach Adv Jacqueline Fick PwC: Forensic Technology Solutions
Agenda • Cybercrime: What statistics have shown • Key trends that impact on the environment organisations operate in • What is cyber forensic readiness? - Cyber forensic readiness defined - Why do organisations need to be ‘cyber incident ready’? - What happens to the potential evidence prior to the decision to undertake an investigation? - Managing the risks: why digital evidence and potential disputes are important - Why should organisations be concerned about cyber forensic readiness? • Key questions to ask • Closing remarks
“In a world where cyber crime is constantly increasing, pervasive computing is on the rise and information is becoming the most sought after commodity making an effective and efficient Information Security architecture and program essential. With this improved technology and infrastructure, ongoing and pro-active computer investigations are now a mandatory component of the IS enterprise. Corporate governance reports require that organizations should not only apply good corporate governance principles, but also practice good IT governance and specially IS governance. Organizations develop their security architectures based on current best practices for example ISO 17799 and COBIT. These best practices do not consider the importance of putting controls or procedures in place that will ensure successful investigations. There is a definite need to adapt current IS best practices to include for example certain aspects of Digital Forensics readiness to the current best practices to address the shortcomings.” (Grobler and Louwrens Digital Forensic Readiness as a Component of Information Security Best Practice)
Cybercrime: What statistics has shown • Cybercrime: Protecting against the growing threat (PwC Global Economic Crime Survey, November 2011) • Organisations face serious internal and external threats from cyber criminals. • Cybercrime now ranks as one of the top four economic crimes. • Cyber security issues now top the list of risks to watch, ahead of weapons of mass destruction and resource security. (World Economic Forum Global Risks 2011 report) • Traditionally leaders have pigeonholed cyber security as an IT problem. But that is a risk approach that could leave them open to attack.
Reputational damage is the biggest fear for 40 % of respondents Two in five respondents had not received any cyber security training 60 % said their organisation doesn’t keep an eye on social media sites A quarter of respondents said there is no regular formal review of cybercrime threats by the CEO and the Board Four in ten respondents say that their organisation does not have the capability to prevent and detect cybercrime The majority of respondents do not have, or are not aware of having a cyber crisis response plan in place
Key trends that impact on the environment organisations operate in Globalisation Changing workforce demographics and diversity Increasing regulation Expectations of demonstrable governance Rapid technology innovation Changing attitudes to privacy Infrastructure Revolution • Increase in availability of high speed broadband and wireless networks • Blurring work/personal life divide • Content rich data – video, audio Data Explosion • Greater sharing of sensitive data between organisations and individuals • More people connected globally • A multiplication of devices and applications generating traffic Always-on, Always- connected world • Greater connectivity between people driven by social networking and other platforms • Increasing information and data mining • Increased Critical National Infrastructure and public services connectivity Mobile device explosion • Increasingly seamless connectivity between devices • ‘Bring Your Own’ approach to enterprise IT • Emergence of digital cash, explosion of Tougher regulation and standards • Broader legislative and regulatory oversight • Increasing standards on Information Management and Governance Life in the cloud • Widespread adoption of cloud-based services in a drive to cut infrastructure and administration costs New identity and trust models • Identity becomes increasingly important in the move to information based security • New models of trust for people, infrastructure and data emerge Macro-economic,SocialandBusinessDrivers
Cyber forensic readiness defined Cyber forensic readiness is the organisations’ potential to maximise the use of digital evidence to aid in an investigation, with the intent of: • Reducing the time taken to respond to an incident. • Maximising the ability to collect credible and meaningful evidence. • Minimising the length/cost of a cyber incident investigation. • Reducing the incident recovery time. • Preventing further losses.
HoneyNet Project • The HoneyNet project shows that the average time spent in a cyber investigation was approximately 34 hours per person to investigate an incident that took an intruder about half an hour. That's about a 60:1 ratio! (http://www.honeynet.org/challenge/results/ index.html) Its not just about IT. Its about HR making sure employees understand the security policies, and recruiting people with the specialist skills to protect the organisation from cyber attacks. Its about legal and compliance making sure laws and regulations are respected. It is about physical security protecting sites and IT equipment. Its about marketing thinking about cyber security when they launch new products. If organisations don’t look at cyber security from all angles they are missing a trick.” (William Beer, Director, Cyber Security Services, PwC UK)
A reactive or tactical approach to Information Security may introduce significant costs and opportunity loss Time TotalCost Reactive approach Proactive approach Cost of Inaction Security Event Total Cost = Security deployment and operation Reputation Value Intellectual Property Value Operational Effectiveness Financial impact of incidents • Hardware/ Software • Staff • Consultancy • Brand Value • Customer satisfaction • Investor confidence • Employee data • Customer data • Partner data • Corporate data (IP) • Innovation • Time to market • Productivity • Direct and indirect costs
Why do organisations need to be ‘cyber incident ready’? • Digital forensic investigations (DFIs) are commonly employed as a post-event response to a serious information security or criminal incident. • The examination is conducted in a systematic, formalised and legal manner to ensure the admissibility of the evidence and subject to considerable scrutiny of both the integrity of the evidence and that of the investigation process. • There is a broad organisational role in the forensic readiness process. This role can be equated to a business continuity process.
People Technology Governance Processes Cyber Forensic Readiness Plan
What happens to the potential evidence prior to the decision to undertake an investigation? • The scenario of a DFI tends to ignore what happens to potential evidence prior to the decision to undertake an investigation. • The necessary evidence either exists, and hopefully is found by the DFI, or it does not exist and a suspect cannot be charged and prosecuted. • When a digital incident occurs there are generally three courses of action that can be taken, generally dependant on the type of organisation within which the incident occurs, or which is responding the event:
Law Enforcement • Secure the crime scene, identify evidentiary sources and dispatch to a specialist laboratory for analysis. Military Infrastructure • Primary goal is one of risk identification and elimination, followed by recovery and possible offensive measures. Commercial Organisations • Where financial impact is caused by an incident, and revenue earning potential is adversely affected, root cause analysis and system remediation is of primary concern, with in-depth analysis of the how and why left until systems have been restored.
• The business environment lends itself to an approach similar to that of the military, namely to be able to identify the incident, patch the necessary system(s) and continue earning revenue. • In the generic (law enforcement) investigative model, there is little leeway for a business’s incident responders to satisfy the need to return the systems to operational status as quickly as possible whilst preserving the necessary evidence and being able to mount a successful prosecution. • These two goals can be mutually exclusive as a thorough investigation needs time and during this time the business will lose revenue by not having its system(s) live.
Managing the risks: Why digital evidence and related disputes are important Recourse to litigation is generally a last resort for most organisations, but digital evidence could help manage the impact of some important business risks: Lend support to internal disciplinary actions Support a legal defence Support good IT governance practices and reporting Show that due care (or due diligence) was taken in a particular process Support a claim to intellectual property rights Verify the terms of a commercial transaction
• Being prepared to gather and use evidence can also act as a deterrent. Staff will know what the organisation’s attitude is toward the policing of corporate systems – how incidents are dealt with and how the organisation deals with offenders. • This also highlights the need for internal policies and procedures that are communicated via effective awareness and training programmes throughout the organisation. • Staff need to know:  Who the perpetrator could be and what to look out for?  What can be done?  Who to call?
• For most organisations the foremost objective is not to secure evidence. It is more important to find the offender, locate the intruder, and more importantly secure the infrastructure by minimising, or if possible, eliminating vulnerabilities. • To ensure that the organisation maintains a pro-active approach it is of great value to conduct simulated cyber incident exercises. This would also facilitate a process of continuous learning and awareness. Cyber forensic readiness claims that the time and cost required for an incident response during a digital forensic investigation should decrease while at the same time maintaining the level of credibility of the digital evidence being collected. Time = money.
Key questions to ask • Do you know if you are able to handle a cyber crime incident and are you able to adapt to the fast pace and new emerging risks of this type of crimes? • Do you know where your threats are most likely to come from? • How often is your staff trained on cyber security? • Do you know the security posture of their systems? • Do you have current knowledge of emerging cyber threats? • Are your policies aligned with the regulatory and legislated requirements? • Do you maintain a proper chain of evidence? • Do you know what information is required to carry out an investigation? • Do you know what an attack signature will look like? • Are you able to carry out an investigation? • Do you have centralised and secure logging facilities? • Do you know who to call and what to do when an incident has occurred? • Do you know your high risk systems? • Are you aware of the legal requirements around the handling of evidence?
Closing Remarks • Being ready for a forensic investigation should form part of any information security strategy. • It is also closely related to incident response and business continuity, ensuring that evidence found in an investigation is preserved and the continuity of evidence is maintained. • Get in the experts: take a detailed look at the organisation's readiness to undertake or support a digital forensics investigation, be this as part of an internal investigation, criminal investigation or as the result of a compliance requirement. • Cyber forensic readiness plans should take cognisance of people, processes, technology and governance aspects. • What needs to be done:
Define the business scenarios that will require digital evidence. When it will be appropriate to gather evidence and when is it not? Identify sources of evidence and what type of evidence it is, and ensure that you have the resources available to look for it. Establish a clear view of what circumstances need to be in place to trigger a full investigation. Provide training for key staff to ensure that evidence handling procedures are adhered to. Provide guidance in the preparation of an example that everyone can run through in advance. Ensure that all parties, including legal, are confident that the correct processes are in place. Develop policies and procedures to ensure compliance. Create learning organisations. Assess the adequacy of the investigation and the utility of the evidence gathered to support it. Incorporate in cross-departmental training initiatives to create and maintain staff awareness across the organisation.
Questions?

Empfohlen

Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
Somya Johri
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your Business
Nicholas Davis
 
Data protection within development
Data protection within developmentData protection within development
Data protection within development
owaspsuffolk
 
Cyber Security 1215
Cyber Security 1215Cyber Security 1215
Cyber Security 1215
Firoze Hussain
 
Database forensics
Database forensicsDatabase forensics
Database forensics
Denys A. Flores, PhD
 
Cyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutions
Capri Insurance
 
Cyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsCyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection tools
N.Jagadish Kumar
 
Cyber Risks
Cyber RisksCyber Risks
Cyber Risks
RickWaldman
 

Empfohlen

Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
Somya Johri
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your Business
Nicholas Davis
 
Data protection within development
Data protection within developmentData protection within development
Data protection within development
owaspsuffolk
 
Cyber Security 1215
Cyber Security 1215Cyber Security 1215
Cyber Security 1215
Firoze Hussain
 
Database forensics
Database forensicsDatabase forensics
Database forensics
Denys A. Flores, PhD
 
Cyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutions
Capri Insurance
 
Cyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsCyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection tools
N.Jagadish Kumar
 
Cyber Risks
Cyber RisksCyber Risks
Cyber Risks
RickWaldman
 
HHS Ransomware and Breach Guidance - Brad Nigh
HHS Ransomware and Breach Guidance - Brad NighHHS Ransomware and Breach Guidance - Brad Nigh
HHS Ransomware and Breach Guidance - Brad Nigh
FRSecure
 
SingHealth Cyber Attack (project)
SingHealth Cyber Attack (project)SingHealth Cyber Attack (project)
SingHealth Cyber Attack (project)
James Neo
 
Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chain
Tarun Gupta,CRISC CISSP CISM CISA BCCE
 
Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3
Lancope, Inc.
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And Security
Constantine Karbaliotis
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
Murray Security Services
 
Ht t17
Ht t17Ht t17
Ht t17
SelectedPresentations
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1
Asad Zaman
 
Flight East 2018 Presentation–Data Breaches and the Law
Flight East 2018 Presentation–Data Breaches and the LawFlight East 2018 Presentation–Data Breaches and the Law
Flight East 2018 Presentation–Data Breaches and the Law
Synopsys Software Integrity Group
 
Cyber Security and Healthcare
Cyber Security and HealthcareCyber Security and Healthcare
Cyber Security and Healthcare
Jonathon Coulter
 
Computer Forensics-An Introduction of New Face to the Digital World
Computer Forensics-An Introduction of New Face to the Digital WorldComputer Forensics-An Introduction of New Face to the Digital World
Computer Forensics-An Introduction of New Face to the Digital World
rahulmonikasharma
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
North Texas Chapter of the ISSA
 
How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacy
TechSoup Canada
 
Healthcare Cyber Security Webinar
Healthcare Cyber Security WebinarHealthcare Cyber Security Webinar
Healthcare Cyber Security Webinar
HealthCareManagement
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
pdewitte
 
Powerpoint v7
Powerpoint v7Powerpoint v7
Powerpoint v7
Veronica Pereira
 
Security Awareness
Security AwarenessSecurity Awareness
Security Awareness
Dinesh O Bareja
 
Incident response process
Incident response processIncident response process
Incident response process
Bhupeshkumar Nanhe
 
Cyber Security and the National Central Banks
Cyber Security and the National Central BanksCyber Security and the National Central Banks
Cyber Security and the National Central Banks
Community Protection Forum
 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1
misecho
 
Creating cyber forensic readiness in your organisation
Creating cyber forensic readiness in your organisationCreating cyber forensic readiness in your organisation
Creating cyber forensic readiness in your organisation
Jacqueline Fick
 
V mware operational readiness for cloud computing service
V mware operational readiness for cloud computing serviceV mware operational readiness for cloud computing service
V mware operational readiness for cloud computing service
solarisyougood
 

Weitere ähnliche Inhalte

Was ist angesagt?

Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1
Asad Zaman
 
Computer Forensics-An Introduction of New Face to the Digital World
Computer Forensics-An Introduction of New Face to the Digital WorldComputer Forensics-An Introduction of New Face to the Digital World
Computer Forensics-An Introduction of New Face to the Digital World
rahulmonikasharma
 
How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacy
TechSoup Canada
 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1
misecho
 

Was ist angesagt? (20)

HHS Ransomware and Breach Guidance - Brad Nigh
HHS Ransomware and Breach Guidance - Brad NighHHS Ransomware and Breach Guidance - Brad Nigh
HHS Ransomware and Breach Guidance - Brad Nigh
 
SingHealth Cyber Attack (project)
SingHealth Cyber Attack (project)SingHealth Cyber Attack (project)
SingHealth Cyber Attack (project)
 
Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chain
 
Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And Security
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
 
Ht t17
Ht t17Ht t17
Ht t17
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1
 
Flight East 2018 Presentation–Data Breaches and the Law
Flight East 2018 Presentation–Data Breaches and the LawFlight East 2018 Presentation–Data Breaches and the Law
Flight East 2018 Presentation–Data Breaches and the Law
 
Cyber Security and Healthcare
Cyber Security and HealthcareCyber Security and Healthcare
Cyber Security and Healthcare
 
Computer Forensics-An Introduction of New Face to the Digital World
Computer Forensics-An Introduction of New Face to the Digital WorldComputer Forensics-An Introduction of New Face to the Digital World
Computer Forensics-An Introduction of New Face to the Digital World
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
 
How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacy
 
Healthcare Cyber Security Webinar
Healthcare Cyber Security WebinarHealthcare Cyber Security Webinar
Healthcare Cyber Security Webinar
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
 
Powerpoint v7
Powerpoint v7Powerpoint v7
Powerpoint v7
 
Security Awareness
Security AwarenessSecurity Awareness
Security Awareness
 
Incident response process
Incident response processIncident response process
Incident response process
 
Cyber Security and the National Central Banks
Cyber Security and the National Central BanksCyber Security and the National Central Banks
Cyber Security and the National Central Banks
 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1
 

Andere mochten auch

Creating cyber forensic readiness in your organisation
Creating cyber forensic readiness in your organisationCreating cyber forensic readiness in your organisation
Creating cyber forensic readiness in your organisation
Jacqueline Fick
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
Sonu Sunaliya
 
Emirates Forensic Presentation
Emirates Forensic PresentationEmirates Forensic Presentation
Emirates Forensic Presentation
Emirates Forensic
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating procedures
Soumen Debgupta
 
Real time trade surveillance in financial markets
Real time trade surveillance in financial marketsReal time trade surveillance in financial markets
Real time trade surveillance in financial markets
Hortonworks
 
Chfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays WorldChfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays World
gueste0d962
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes
Kranthi
 

Andere mochten auch (20)

Creating cyber forensic readiness in your organisation
Creating cyber forensic readiness in your organisationCreating cyber forensic readiness in your organisation
Creating cyber forensic readiness in your organisation
 
V mware operational readiness for cloud computing service
V mware operational readiness for cloud computing serviceV mware operational readiness for cloud computing service
V mware operational readiness for cloud computing service
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
 
Emirates Forensic Presentation
Emirates Forensic PresentationEmirates Forensic Presentation
Emirates Forensic Presentation
 
Digital Forensic
Digital Forensic Digital Forensic
Digital Forensic
 
Dracos forensic flavor
Dracos forensic flavorDracos forensic flavor
Dracos forensic flavor
 
BDO Forensic Services
BDO Forensic ServicesBDO Forensic Services
BDO Forensic Services
 
MobilePolicing –Investing in Mobile Technology to Produce an Efficient and Ag...
MobilePolicing –Investing in Mobile Technology to Produce an Efficient and Ag...MobilePolicing –Investing in Mobile Technology to Produce an Efficient and Ag...
MobilePolicing –Investing in Mobile Technology to Produce an Efficient and Ag...
 
Raising performance in composites bonding - Highlight
Raising performance in composites bonding - HighlightRaising performance in composites bonding - Highlight
Raising performance in composites bonding - Highlight
 
M.Tech. Cyber Security & Incident Response
M.Tech. Cyber Security & Incident ResponseM.Tech. Cyber Security & Incident Response
M.Tech. Cyber Security & Incident Response
 
EC-Council Computer Hacking Forensic Investigator v9
EC-Council Computer Hacking Forensic Investigator v9EC-Council Computer Hacking Forensic Investigator v9
EC-Council Computer Hacking Forensic Investigator v9
 
Cyber fraud in banks
Cyber fraud in banksCyber fraud in banks
Cyber fraud in banks
 
Workshop Digital Forensic - Cyber Security Community
Workshop Digital Forensic - Cyber Security CommunityWorkshop Digital Forensic - Cyber Security Community
Workshop Digital Forensic - Cyber Security Community
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating procedures
 
Cyber crime and forensic
Cyber crime and forensicCyber crime and forensic
Cyber crime and forensic
 
Real time trade surveillance in financial markets
Real time trade surveillance in financial marketsReal time trade surveillance in financial markets
Real time trade surveillance in financial markets
 
Chfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays WorldChfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays World
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes
 
Utilizing Internet for Fraud Examination and Investigation
Utilizing Internet for Fraud Examination and InvestigationUtilizing Internet for Fraud Examination and Investigation
Utilizing Internet for Fraud Examination and Investigation
 
Securing the Internet from Cyber Criminals
Securing the Internet from Cyber CriminalsSecuring the Internet from Cyber Criminals
Securing the Internet from Cyber Criminals
 

Ähnlich wie Cyber forensic readiness cybercon2012 adv j fick

Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014
 
Cyber capability brochureCybersecurity Today A fresh l.docx
Cyber capability brochureCybersecurity Today A fresh l.docxCyber capability brochureCybersecurity Today A fresh l.docx
Cyber capability brochureCybersecurity Today A fresh l.docx
faithxdunce63732
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
IT Governance Ltd
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
TechSoup Canada
 
f6_cyber_security_and_your_agency.pdf
f6_cyber_security_and_your_agency.pdff6_cyber_security_and_your_agency.pdf
f6_cyber_security_and_your_agency.pdf
Surendhar57
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The Ugly
Resilient Systems
 

Ähnlich wie Cyber forensic readiness cybercon2012 adv j fick (20)

Best practices to mitigate data breach risk
Best practices to mitigate data breach riskBest practices to mitigate data breach risk
Best practices to mitigate data breach risk
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
Resume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsResume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and Controls
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
 
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkins
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. HawkinsSteel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkins
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkins
 
NextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive BriefingNextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive Briefing
 
Cyber capability brochureCybersecurity Today A fresh l.docx
Cyber capability brochureCybersecurity Today A fresh l.docxCyber capability brochureCybersecurity Today A fresh l.docx
Cyber capability brochureCybersecurity Today A fresh l.docx
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk Governance
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
 
Enabling Science with Trust and Security – Guest Keynote
Enabling Science with Trust and Security – Guest KeynoteEnabling Science with Trust and Security – Guest Keynote
Enabling Science with Trust and Security – Guest Keynote
 
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
f6_cyber_security_and_your_agency.pdf
f6_cyber_security_and_your_agency.pdff6_cyber_security_and_your_agency.pdf
f6_cyber_security_and_your_agency.pdf
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The Ugly
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the Boardroom
 

Mehr von Jacqueline Fick

Cataleya-Security-Feature_SAWC_April2016page-20-23
Cataleya-Security-Feature_SAWC_April2016page-20-23Cataleya-Security-Feature_SAWC_April2016page-20-23
Cataleya-Security-Feature_SAWC_April2016page-20-23
Jacqueline Fick
 
Women in law enforcement 2014
Women in law enforcement 2014Women in law enforcement 2014
Women in law enforcement 2014
Jacqueline Fick
 
Mr SIM Swap Gone Phishing
Mr SIM Swap Gone PhishingMr SIM Swap Gone Phishing
Mr SIM Swap Gone Phishing
Jacqueline Fick
 

Mehr von Jacqueline Fick (12)

Expanding your horizons how traditional crime can turn hi tech adv j fick
Expanding your horizons how traditional crime can turn hi tech adv j fickExpanding your horizons how traditional crime can turn hi tech adv j fick
Expanding your horizons how traditional crime can turn hi tech adv j fick
 
A day in the life of a cyber syndicate
A day in the life of a cyber syndicateA day in the life of a cyber syndicate
A day in the life of a cyber syndicate
 
Cataleya-Security-Feature_SAWC_April2016page-20-23
Cataleya-Security-Feature_SAWC_April2016page-20-23Cataleya-Security-Feature_SAWC_April2016page-20-23
Cataleya-Security-Feature_SAWC_April2016page-20-23
 
Integrating the prevention of cyber crime into the overall anti-crime strateg...
Integrating the prevention of cyber crime into the overall anti-crime strateg...Integrating the prevention of cyber crime into the overall anti-crime strateg...
Integrating the prevention of cyber crime into the overall anti-crime strateg...
 
Understanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisationUnderstanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisation
 
International trends in mobile law
International trends in mobile lawInternational trends in mobile law
International trends in mobile law
 
A kings' ransom iod directorship jan2010
A kings' ransom iod directorship jan2010A kings' ransom iod directorship jan2010
A kings' ransom iod directorship jan2010
 
Cyber training 23 5 2012
Cyber training 23 5 2012Cyber training 23 5 2012
Cyber training 23 5 2012
 
Cyber crime 101
Cyber crime 101Cyber crime 101
Cyber crime 101
 
Cybercrime in government
Cybercrime in governmentCybercrime in government
Cybercrime in government
 
Women in law enforcement 2014
Women in law enforcement 2014Women in law enforcement 2014
Women in law enforcement 2014
 
Mr SIM Swap Gone Phishing
Mr SIM Swap Gone PhishingMr SIM Swap Gone Phishing
Mr SIM Swap Gone Phishing
 

Kürzlich hochgeladen

一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
Airst S
 
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
A AA
 
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
e9733fc35af6
 
Code_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.pptCode_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.ppt
JosephCanama
 
3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt
seri bangash
 
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
Airst S
 
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
Airst S
 
一比一原版(UM毕业证书)密苏里大学毕业证如何办理
一比一原版(UM毕业证书)密苏里大学毕业证如何办理一比一原版(UM毕业证书)密苏里大学毕业证如何办理
一比一原版(UM毕业证书)密苏里大学毕业证如何办理
F La
 
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
e9733fc35af6
 
买(rice毕业证书)莱斯大学毕业证本科文凭证书原版质量
买(rice毕业证书)莱斯大学毕业证本科文凭证书原版质量买(rice毕业证书)莱斯大学毕业证本科文凭证书原版质量
买(rice毕业证书)莱斯大学毕业证本科文凭证书原版质量
acyefsa
 
一比一原版赫瑞瓦特大学毕业证如何办理
一比一原版赫瑞瓦特大学毕业证如何办理一比一原版赫瑞瓦特大学毕业证如何办理
一比一原版赫瑞瓦特大学毕业证如何办理
Airst S
 
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
e9733fc35af6
 
一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理
Airst S
 

Kürzlich hochgeladen (20)

一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
 
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
 
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy NovicesIt’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
 
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURYA SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
 
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
 
Code_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.pptCode_Ethics of_Mechanical_Engineering.ppt
Code_Ethics of_Mechanical_Engineering.ppt
 
3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt
 
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
 
Performance of contract-1 law presentation
Performance of contract-1 law presentationPerformance of contract-1 law presentation
Performance of contract-1 law presentation
 
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation StrategySmarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
 
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
 
Reason Behind the Success of Law Firms in India
Reason Behind the Success of Law Firms in IndiaReason Behind the Success of Law Firms in India
Reason Behind the Success of Law Firms in India
 
一比一原版(UM毕业证书)密苏里大学毕业证如何办理
一比一原版(UM毕业证书)密苏里大学毕业证如何办理一比一原版(UM毕业证书)密苏里大学毕业证如何办理
一比一原版(UM毕业证书)密苏里大学毕业证如何办理
 
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
 
买(rice毕业证书)莱斯大学毕业证本科文凭证书原版质量
买(rice毕业证书)莱斯大学毕业证本科文凭证书原版质量买(rice毕业证书)莱斯大学毕业证本科文凭证书原版质量
买(rice毕业证书)莱斯大学毕业证本科文凭证书原版质量
 
一比一原版赫瑞瓦特大学毕业证如何办理
一比一原版赫瑞瓦特大学毕业证如何办理一比一原版赫瑞瓦特大学毕业证如何办理
一比一原版赫瑞瓦特大学毕业证如何办理
 
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
一比一原版(Carleton毕业证书)加拿大卡尔顿大学毕业证如何办理
 
judicial remedies against administrative actions.pptx
judicial remedies against administrative actions.pptxjudicial remedies against administrative actions.pptx
judicial remedies against administrative actions.pptx
 
Cyber Laws : National and International Perspective.
Cyber Laws : National and International Perspective.Cyber Laws : National and International Perspective.
Cyber Laws : National and International Perspective.
 
一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理
 

Cyber forensic readiness cybercon2012 adv j fick

  • 1. Cyber Forensic Readiness: An Integrated Approach Adv Jacqueline Fick PwC: Forensic Technology Solutions
  • 2. Agenda • Cybercrime: What statistics have shown • Key trends that impact on the environment organisations operate in • What is cyber forensic readiness? - Cyber forensic readiness defined - Why do organisations need to be ‘cyber incident ready’? - What happens to the potential evidence prior to the decision to undertake an investigation? - Managing the risks: why digital evidence and potential disputes are important - Why should organisations be concerned about cyber forensic readiness? • Key questions to ask • Closing remarks
  • 3. “In a world where cyber crime is constantly increasing, pervasive computing is on the rise and information is becoming the most sought after commodity making an effective and efficient Information Security architecture and program essential. With this improved technology and infrastructure, ongoing and pro-active computer investigations are now a mandatory component of the IS enterprise. Corporate governance reports require that organizations should not only apply good corporate governance principles, but also practice good IT governance and specially IS governance. Organizations develop their security architectures based on current best practices for example ISO 17799 and COBIT. These best practices do not consider the importance of putting controls or procedures in place that will ensure successful investigations. There is a definite need to adapt current IS best practices to include for example certain aspects of Digital Forensics readiness to the current best practices to address the shortcomings.” (Grobler and Louwrens Digital Forensic Readiness as a Component of Information Security Best Practice)
  • 4. Cybercrime: What statistics has shown • Cybercrime: Protecting against the growing threat (PwC Global Economic Crime Survey, November 2011) • Organisations face serious internal and external threats from cyber criminals. • Cybercrime now ranks as one of the top four economic crimes. • Cyber security issues now top the list of risks to watch, ahead of weapons of mass destruction and resource security. (World Economic Forum Global Risks 2011 report) • Traditionally leaders have pigeonholed cyber security as an IT problem. But that is a risk approach that could leave them open to attack.
  • 5. Reputational damage is the biggest fear for 40 % of respondents Two in five respondents had not received any cyber security training 60 % said their organisation doesn’t keep an eye on social media sites A quarter of respondents said there is no regular formal review of cybercrime threats by the CEO and the Board Four in ten respondents say that their organisation does not have the capability to prevent and detect cybercrime The majority of respondents do not have, or are not aware of having a cyber crisis response plan in place
  • 6. Key trends that impact on the environment organisations operate in Globalisation Changing workforce demographics and diversity Increasing regulation Expectations of demonstrable governance Rapid technology innovation Changing attitudes to privacy Infrastructure Revolution • Increase in availability of high speed broadband and wireless networks • Blurring work/personal life divide • Content rich data – video, audio Data Explosion • Greater sharing of sensitive data between organisations and individuals • More people connected globally • A multiplication of devices and applications generating traffic Always-on, Always- connected world • Greater connectivity between people driven by social networking and other platforms • Increasing information and data mining • Increased Critical National Infrastructure and public services connectivity Mobile device explosion • Increasingly seamless connectivity between devices • ‘Bring Your Own’ approach to enterprise IT • Emergence of digital cash, explosion of Tougher regulation and standards • Broader legislative and regulatory oversight • Increasing standards on Information Management and Governance Life in the cloud • Widespread adoption of cloud-based services in a drive to cut infrastructure and administration costs New identity and trust models • Identity becomes increasingly important in the move to information based security • New models of trust for people, infrastructure and data emerge Macro-economic,SocialandBusinessDrivers
  • 7. Cyber forensic readiness defined Cyber forensic readiness is the organisations’ potential to maximise the use of digital evidence to aid in an investigation, with the intent of: • Reducing the time taken to respond to an incident. • Maximising the ability to collect credible and meaningful evidence. • Minimising the length/cost of a cyber incident investigation. • Reducing the incident recovery time. • Preventing further losses.
  • 8. HoneyNet Project • The HoneyNet project shows that the average time spent in a cyber investigation was approximately 34 hours per person to investigate an incident that took an intruder about half an hour. That's about a 60:1 ratio! (http://www.honeynet.org/challenge/results/ index.html) Its not just about IT. Its about HR making sure employees understand the security policies, and recruiting people with the specialist skills to protect the organisation from cyber attacks. Its about legal and compliance making sure laws and regulations are respected. It is about physical security protecting sites and IT equipment. Its about marketing thinking about cyber security when they launch new products. If organisations don’t look at cyber security from all angles they are missing a trick.” (William Beer, Director, Cyber Security Services, PwC UK)
  • 9. A reactive or tactical approach to Information Security may introduce significant costs and opportunity loss Time TotalCost Reactive approach Proactive approach Cost of Inaction Security Event Total Cost = Security deployment and operation Reputation Value Intellectual Property Value Operational Effectiveness Financial impact of incidents • Hardware/ Software • Staff • Consultancy • Brand Value • Customer satisfaction • Investor confidence • Employee data • Customer data • Partner data • Corporate data (IP) • Innovation • Time to market • Productivity • Direct and indirect costs
  • 10. Why do organisations need to be ‘cyber incident ready’? • Digital forensic investigations (DFIs) are commonly employed as a post-event response to a serious information security or criminal incident. • The examination is conducted in a systematic, formalised and legal manner to ensure the admissibility of the evidence and subject to considerable scrutiny of both the integrity of the evidence and that of the investigation process. • There is a broad organisational role in the forensic readiness process. This role can be equated to a business continuity process.
  • 12. What happens to the potential evidence prior to the decision to undertake an investigation? • The scenario of a DFI tends to ignore what happens to potential evidence prior to the decision to undertake an investigation. • The necessary evidence either exists, and hopefully is found by the DFI, or it does not exist and a suspect cannot be charged and prosecuted. • When a digital incident occurs there are generally three courses of action that can be taken, generally dependant on the type of organisation within which the incident occurs, or which is responding the event:
  • 13. Law Enforcement • Secure the crime scene, identify evidentiary sources and dispatch to a specialist laboratory for analysis. Military Infrastructure • Primary goal is one of risk identification and elimination, followed by recovery and possible offensive measures. Commercial Organisations • Where financial impact is caused by an incident, and revenue earning potential is adversely affected, root cause analysis and system remediation is of primary concern, with in-depth analysis of the how and why left until systems have been restored.
  • 14. • The business environment lends itself to an approach similar to that of the military, namely to be able to identify the incident, patch the necessary system(s) and continue earning revenue. • In the generic (law enforcement) investigative model, there is little leeway for a business’s incident responders to satisfy the need to return the systems to operational status as quickly as possible whilst preserving the necessary evidence and being able to mount a successful prosecution. • These two goals can be mutually exclusive as a thorough investigation needs time and during this time the business will lose revenue by not having its system(s) live.
  • 15. Managing the risks: Why digital evidence and related disputes are important Recourse to litigation is generally a last resort for most organisations, but digital evidence could help manage the impact of some important business risks: Lend support to internal disciplinary actions Support a legal defence Support good IT governance practices and reporting Show that due care (or due diligence) was taken in a particular process Support a claim to intellectual property rights Verify the terms of a commercial transaction
  • 16. • Being prepared to gather and use evidence can also act as a deterrent. Staff will know what the organisation’s attitude is toward the policing of corporate systems – how incidents are dealt with and how the organisation deals with offenders. • This also highlights the need for internal policies and procedures that are communicated via effective awareness and training programmes throughout the organisation. • Staff need to know:  Who the perpetrator could be and what to look out for?  What can be done?  Who to call?
  • 17. • For most organisations the foremost objective is not to secure evidence. It is more important to find the offender, locate the intruder, and more importantly secure the infrastructure by minimising, or if possible, eliminating vulnerabilities. • To ensure that the organisation maintains a pro-active approach it is of great value to conduct simulated cyber incident exercises. This would also facilitate a process of continuous learning and awareness. Cyber forensic readiness claims that the time and cost required for an incident response during a digital forensic investigation should decrease while at the same time maintaining the level of credibility of the digital evidence being collected. Time = money.
  • 18. Key questions to ask • Do you know if you are able to handle a cyber crime incident and are you able to adapt to the fast pace and new emerging risks of this type of crimes? • Do you know where your threats are most likely to come from? • How often is your staff trained on cyber security? • Do you know the security posture of their systems? • Do you have current knowledge of emerging cyber threats? • Are your policies aligned with the regulatory and legislated requirements? • Do you maintain a proper chain of evidence? • Do you know what information is required to carry out an investigation? • Do you know what an attack signature will look like? • Are you able to carry out an investigation? • Do you have centralised and secure logging facilities? • Do you know who to call and what to do when an incident has occurred? • Do you know your high risk systems? • Are you aware of the legal requirements around the handling of evidence?
  • 19. Closing Remarks • Being ready for a forensic investigation should form part of any information security strategy. • It is also closely related to incident response and business continuity, ensuring that evidence found in an investigation is preserved and the continuity of evidence is maintained. • Get in the experts: take a detailed look at the organisation's readiness to undertake or support a digital forensics investigation, be this as part of an internal investigation, criminal investigation or as the result of a compliance requirement. • Cyber forensic readiness plans should take cognisance of people, processes, technology and governance aspects. • What needs to be done:
  • 20. Define the business scenarios that will require digital evidence. When it will be appropriate to gather evidence and when is it not? Identify sources of evidence and what type of evidence it is, and ensure that you have the resources available to look for it. Establish a clear view of what circumstances need to be in place to trigger a full investigation. Provide training for key staff to ensure that evidence handling procedures are adhered to. Provide guidance in the preparation of an example that everyone can run through in advance. Ensure that all parties, including legal, are confident that the correct processes are in place. Develop policies and procedures to ensure compliance. Create learning organisations. Assess the adequacy of the investigation and the utility of the evidence gathered to support it. Incorporate in cross-departmental training initiatives to create and maintain staff awareness across the organisation.