1. Buy here:
http://theperfecthomework.com/ccjs-321-project-1-md/
Project 1
Scenario Characters:
You: Information Security Specialist, Greenwood Company
Hubert Jenkins: Human Resources Director, Greenwood Company
Mike McBride: (former) engineer, New Product’s Division, Greenwood Co.
**Characters will carry through Project 1, 2 and the Final Project. However, please remain
conscience of who you are/what roll you play in EACH project and in regards to specific
questions.
For the purposes of this project, imagine you are an Information Security (InfoSec)
Specialist, an employee of the Greenwood Company, assigned to the company’s Incident
Response Team.
In this case, you have been notified by Mr. Hubert Jenkins, Human Resources Director for
the Greenwood Company, that the company has just terminated Mr. Mike McBride, a former
engineer in the company’s New Products Division, for cause (consistent tardiness and
absences from work). Mr. Jenkins tells you that at Mr. McBride’s exit interview earlier that
day, the terminated employee made several statements to the effect of “it is okay because I
have a new job already and they were VERY happy to have me come from Greenwood, with
ALL I have to offer.” McBride’s statements made Mr. Jenkins fear he might be taking
Greenwood’s intellectual property with him to his new employer (undoubtedly a Greenwood
competitor). In particular, Mr. Jenkins is worried about the loss of the source code for
“Product X,” which the company is counting on to earn millions in revenue over the next
three years. Mr. Jenkins provides you a copy of the source code to use in your investigation.
Lastly, Mr. Jenkins tells you to remember that the Company wants to retain the option to
refer the investigation to law enforcement in the future, so anything you do should be with
thought about later potential admissibility in court.
2. The 4th
Amendment to the U.S. Constitution reads, “The right of the people to be secure in
their persons, houses, papers, and effects, against unreasonable searches and seizures,
shall not be violated, and no warrants shall issue, but upon probable cause, supported by
oath or affirmation, and particularly describing the place to be searched, and the persons or
things to be seized.” While the 4th
Amendment is most commonly interpreted to only
affect/restrict governmental power (e.g., law enforcement), the fact that a formal criminal
investigation is a possibility (and the Company has no desire to be named in a civil lawsuit)
means you must consider its effect your actions.
With the above scenario in mind, thoroughly answer the following questions (in paragraph
format, properly citing outside research, where appropriate).
1. Prior to any incident happening, it is important for any company to implement a
“forensic readiness” plan. Discuss the benefits of a forensic readiness plan and
name what you believe are the top 3 requirements to establish forensic
readiness within a private sector business. Support your answers. (Please note
that while cyber security and digital forensics have overlaps in incident response
preparation, please limit your answers here to forensic readiness in the digital
forensic arena, not cyber security.)
2. Mr. Jenkins, out of concern for the theft/sharing of the “Product X” source code,
is pushing requesting that you or your supervisor start searching the areas in
which Mr. McBride had access within the building. Can (or Mr. McBrides’s
supervisor) search McBrides’s assigned locker in the Company’s on-site gym for
digital evidence? Support your answer.
3. Can (or Mr. McBrides’s supervisor) use a master key to search McBrides’s
locked desk for digital evidence after McBride has left the premises? Support
your answer.
4. The police have not been called or involved yet, however, Ms. Jenkins asks how
involving the police will change your incident response. Develop a response to
Mr. Jenkins that addresses how the parameters of search and seizure will
change by involving the police in the investigation at this time. Support your
answer.
5. There is a page in the Company’s “Employee Handbook” that states that
anything brought onto the Company’s property, including the employees
themselves, is subject to random search for items belonging to the Company.
There is a space for the employee to acknowledge receipt of this notice. Mr.
McBride has a copy of the handbook but never signed the page. Does that
matter? Explain.
6. Greenwood Company uses a security checkpoint at the entrance to the building.
A sign adjacent to the checkpoint states that the purpose of the checkpoint is for
security staff to check for weapons or other materials that may be detrimental to
the working environment or employee safety. Screening is casual and usually
consists of verification of an employee’s Company ID card. Can security staff at
3. this checkpoint be directed to open Mr. McBrides’s briefcase and seize any
potential digital evidence? Support your answer.
7. You know that it is important to document the details of your investigation if the
company wants to insure admissibility of any evidence collected in the future.
However, Mr. Jenkins has never heard of the term “chain of custody.” Write an
explanation to Mr. Jenkins of what the chain of custody is, why it is important,
and what could occur if the chain of custody is not documented. Support your
answer.