SlideShare ist ein Scribd-Unternehmen logo

Internal Investigations and the Cloud

•Als PPTX, PDF herunterladen•
•
Dan Michaluk
Dan Michaluk

One hour

BusinessTechnologie
1 von 18
Internal Investigations and the Cloud Dan Michaluk ACFI Fraud Conference May 28, 2012
Internal Investigations and the Cloud • What is cloud computing? • Why is it a problem for investigators? • What‟s the solution? • The problem with the consumer cloud • The consumer cloud – personal accounts • Good resources Internal Investigations and the Cloud
What is cloud computing? • Model for delivery of computing services • Services outsourced and accessed through the internet, on demand, at desired scale • Data resides on servers owned by third- parties, often with the data of others and often in one or more foreign countries • Consumer services differ from enterprise services Internal Investigations and the Cloud
What is cloud computing? • It is related to a “data portability” phenomenon • “We‟ve got work information on personal devices and personal information on work devices” • Add to that, multiple companies on physical servers • This creates ambiguity that can be dealt with by contract (and I assume by technology) – i.e. we need to replace physical control with legal control Internal Investigations and the Cloud
Why is it a problem for investigators? • It threatens to timely access to reliable evidence • Providers default to low cost rather than service • Investigations and e-discovery are afterthoughts • Specialized forensic data capture services are rare • Logs and other forensic data can be intermingled • Proprietary software can make interpretation hard • Access restrictions create a chain of custody issue • Law of other jurisdictions may be restrictive Internal Investigations and the Cloud
Why is it a problem for investigators? • Discussion • Do your employers or clients use cloud-based services for business? • Has this affected your investigations? • How? Internal Investigations and the Cloud
What’s the solution? • The solution is simple (in theory) • Outsourcing process requirements definition, vendor selection, due diligence and contracting and administration • You need to insert yourself in all aspects of this process to communicate your requirements and see that they are met • But… be prepared to compromise because the cloud is the cloud and physical control is supreme Internal Investigations and the Cloud
What’s the solution? • The solution is simple (in theory) • Understand the system and the data it generates • Develop investigation scenarios • Develop investigation requirements • Prioritize requirements • Discuss requirements • Ensure requirements can be met • Service level agreement is key, but is not everything Internal Investigations and the Cloud
What’s the solution? • Assume your employer or a client is moving its accounting system to the cloud. As a fraud investigator, what are your key needs? Internal Investigations and the Cloud
What’s the solution? • Key questions (among others) • In what jurisdiction(s) will data reside? • How is data stored at application & system levels? • Can our data be extracted independently from others‟ data? • What forensic data do we want? Will you make it available to us? How? To others? How will that affect us? Internal Investigations and the Cloud
What’s the solution? • Key questions (among others) • Will your employee give evidence to establish the chain of custody? • How fast will you make all this happen? Internal Investigations and the Cloud
The problem with the consumer cloud • It is a data security risk – business information is leeching into personal accounts and home computers • Example – employee sends work home via a web based personal e-mail account • Example – business unit starts using Google docs to collaborate though the company has no enterprise services relationship with Google Internal Investigations and the Cloud
The consumer cloud - personal accounts • The Calgary Police Service case (April 2012) • Internal sexual misconduct investigation • E-mail review… search for “password” • Found login credentials for personal e-mail account • Accessed on “data leakage” theory • Found (unanticipated) evidence of sexual misconduct • Alberta OPIC finds a violation of privacy legislation Internal Investigations and the Cloud
The consumer cloud - personal accounts • Why unauthorized access is a bad idea • Except in extraordinary circumstances it is likely to be a criminal offence – Criminal Code s. 342.1 • A labour arbitrator may exclude evidence • Though not ideal, there is a work-around Internal Investigations and the Cloud
The consumer cloud - personal accounts • The work-around • Finish the covert investigation • Confront the employee • Make a preservation demand • Make a reasonable inspection demand • Be prepared to manage a refusal through an insubordination charge and an adverse inference Internal Investigations and the Cloud
The consumer cloud - personal accounts • “Friending” targets is risky • “Friending” as yourself may not be that helpful • Impersonation is a criminal offence (s. 403) • Do your professional rules prohibit the use of fake profiles to gain information? Internal Investigations and the Cloud
Related Resources • J. Cheng, “IBM‟s Siri ban highlights companies‟ privacy, trade secret challenges” • Digital Forensics Laboratories, “Digital investigations in the Cloud” • T. Harbert, “E-discovery in the Cloud? Not so easy.” • W. Manning, “Investigating in the Clouds” • K. Ruan et al, “Cloud forensics: An overview” • A. Savvas, “Cloud providers cave into more flexible contracts.” • T. Trappler, “In the Cloud, Your Data Can Get Caught Up in Legal Actions” • K. Zetter, “FBI Uses „Sledgehammer‟ to Seize E-Mail Server in Search for Bomb Threat Evidence Internal Investigations and the Cloud
Internal Investigations and the Cloud Dan Michaluk ACFI Fraud Conference May 28, 2012

Empfohlen

Law Practice Management - Organization, Cloud, Social Media and Ethics
Law Practice Management - Organization, Cloud, Social Media and EthicsLaw Practice Management - Organization, Cloud, Social Media and Ethics
Law Practice Management - Organization, Cloud, Social Media and EthicsJennifer Ellis, JD, LLC
 
The Online Court - CTC 2017
The Online Court - CTC 2017The Online Court - CTC 2017
The Online Court - CTC 2017David Harvey
 
Systemising advice
Systemising adviceSystemising advice
Systemising adviceDavid Harvey
 
BYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereBYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereJim Brashear
 
Epiq E Discovery Faq Hong Kong
Epiq E Discovery Faq Hong KongEpiq E Discovery Faq Hong Kong
Epiq E Discovery Faq Hong KongDmitriHubbard
 
How would AI shape Future Integrations?
How would AI shape Future Integrations?How would AI shape Future Integrations?
How would AI shape Future Integrations?Srinath Perera
 
Bangalore Executive Seminar 2015: Case Study - Text Analysis on MongoDB for a...
Bangalore Executive Seminar 2015: Case Study - Text Analysis on MongoDB for a...Bangalore Executive Seminar 2015: Case Study - Text Analysis on MongoDB for a...
Bangalore Executive Seminar 2015: Case Study - Text Analysis on MongoDB for a...MongoDB
 
Trends in Law Practice Management – Calculating the Risks
Trends in Law Practice Management – Calculating the RisksTrends in Law Practice Management – Calculating the Risks
Trends in Law Practice Management – Calculating the RisksNicole Garton
 

Empfohlen

Law Practice Management - Organization, Cloud, Social Media and Ethics
Law Practice Management - Organization, Cloud, Social Media and EthicsLaw Practice Management - Organization, Cloud, Social Media and Ethics
Law Practice Management - Organization, Cloud, Social Media and EthicsJennifer Ellis, JD, LLC
 
The Online Court - CTC 2017
The Online Court - CTC 2017The Online Court - CTC 2017
The Online Court - CTC 2017David Harvey
 
Systemising advice
Systemising adviceSystemising advice
Systemising adviceDavid Harvey
 
BYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereBYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereJim Brashear
 
Epiq E Discovery Faq Hong Kong
Epiq E Discovery Faq Hong KongEpiq E Discovery Faq Hong Kong
Epiq E Discovery Faq Hong KongDmitriHubbard
 
How would AI shape Future Integrations?
How would AI shape Future Integrations?How would AI shape Future Integrations?
How would AI shape Future Integrations?Srinath Perera
 
Bangalore Executive Seminar 2015: Case Study - Text Analysis on MongoDB for a...
Bangalore Executive Seminar 2015: Case Study - Text Analysis on MongoDB for a...Bangalore Executive Seminar 2015: Case Study - Text Analysis on MongoDB for a...
Bangalore Executive Seminar 2015: Case Study - Text Analysis on MongoDB for a...MongoDB
 
Trends in Law Practice Management – Calculating the Risks
Trends in Law Practice Management – Calculating the RisksTrends in Law Practice Management – Calculating the Risks
Trends in Law Practice Management – Calculating the RisksNicole Garton
 
Humans Are The Weakest Link – How DLP Can Help
Humans Are The Weakest Link – How DLP Can HelpHumans Are The Weakest Link – How DLP Can Help
Humans Are The Weakest Link – How DLP Can HelpValery Boronin
 
2010 za con_stephen_kreusch
2010 za con_stephen_kreusch2010 za con_stephen_kreusch
2010 za con_stephen_kreuschJohan Klerk
 
Effective Internal Investigations
Effective Internal InvestigationsEffective Internal Investigations
Effective Internal InvestigationsDaegis
 
Data loss prevention (dlp)
Data loss prevention (dlp)Data loss prevention (dlp)
Data loss prevention (dlp)Hussein Al-Sanabani
 
Research, the Cloud, and the IRB
Research, the Cloud, and the IRBResearch, the Cloud, and the IRB
Research, the Cloud, and the IRBMichael Zimmer
 
Efficiently Handling Subject Access Requests
Efficiently Handling Subject Access RequestsEfficiently Handling Subject Access Requests
Efficiently Handling Subject Access Requestsjcscholtes
 
Let the Trees Live. Go Paperless by KTL Solutions and PaperSave
Let the Trees Live. Go Paperless by KTL Solutions and PaperSaveLet the Trees Live. Go Paperless by KTL Solutions and PaperSave
Let the Trees Live. Go Paperless by KTL Solutions and PaperSaveKTL Solutions
 
TIBCO Innovation Workshop Series: Reducing Decision Latency with Streaming An...
TIBCO Innovation Workshop Series: Reducing Decision Latency with Streaming An...TIBCO Innovation Workshop Series: Reducing Decision Latency with Streaming An...
TIBCO Innovation Workshop Series: Reducing Decision Latency with Streaming An...Nelson Petracek
 
Silicon Valley Code Camp Blockchain Oct 2017
Silicon Valley Code Camp Blockchain Oct 2017Silicon Valley Code Camp Blockchain Oct 2017
Silicon Valley Code Camp Blockchain Oct 2017Nelson Petracek
 
The Ethics of Law Practice and Legal Marketing in a Social Media Environment ...
The Ethics of Law Practice and Legal Marketing in a Social Media Environment ...The Ethics of Law Practice and Legal Marketing in a Social Media Environment ...
The Ethics of Law Practice and Legal Marketing in a Social Media Environment ...Cynthia Sharp
 
Delivering a Linked Data warehouse and realising the power of graphs
Delivering a Linked Data warehouse and realising the power of graphsDelivering a Linked Data warehouse and realising the power of graphs
Delivering a Linked Data warehouse and realising the power of graphsBen Gardner
 
ISSA DLP Presentation - Oxford Consulting Group
ISSA DLP Presentation - Oxford Consulting GroupISSA DLP Presentation - Oxford Consulting Group
ISSA DLP Presentation - Oxford Consulting Groupaengelbert
 
"We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec..."We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec...Jisc
 
The Sherpa Approach: Meeting the Demands of the Digital Age
The Sherpa Approach: Meeting the Demands of the Digital AgeThe Sherpa Approach: Meeting the Demands of the Digital Age
The Sherpa Approach: Meeting the Demands of the Digital AgeSherpa Software
 
Clio logikcull- leveraging e discovery date in legal practice
Clio logikcull- leveraging e discovery date in legal practiceClio logikcull- leveraging e discovery date in legal practice
Clio logikcull- leveraging e discovery date in legal practiceClio - Cloud-Based Legal Technology
 
E-Lock digital signature solutions
E-Lock digital signature solutionsE-Lock digital signature solutions
E-Lock digital signature solutionsE-Lock digital signatures
 
Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Sarfaraz Chougule
 
The Innovation Gap: Why the Justice System Has Failed to Keep Pace with Techn...
The Innovation Gap: Why the Justice System Has Failed to Keep Pace with Techn...The Innovation Gap: Why the Justice System Has Failed to Keep Pace with Techn...
The Innovation Gap: Why the Justice System Has Failed to Keep Pace with Techn...Robert Ambrogi
 
Mobile Security
Mobile Security Mobile Security
Mobile Security James Sutter
 
Kill the Dinosaurs, and Other Tips for Achieving Technical Competence
Kill the Dinosaurs, and Other Tips for Achieving Technical CompetenceKill the Dinosaurs, and Other Tips for Achieving Technical Competence
Kill the Dinosaurs, and Other Tips for Achieving Technical CompetenceAntigone Peyton
 
Managing a security program (when you are not a security expert)
Managing a security program (when you are not a security expert)Managing a security program (when you are not a security expert)
Managing a security program (when you are not a security expert)jikbal
 
Supply Chain Present
Supply Chain PresentSupply Chain Present
Supply Chain PresentUdomsak Suntithikavong
 

Weitere ähnliche Inhalte

Was ist angesagt?

Humans Are The Weakest Link – How DLP Can Help
Humans Are The Weakest Link – How DLP Can HelpHumans Are The Weakest Link – How DLP Can Help
Humans Are The Weakest Link – How DLP Can HelpValery Boronin
 
2010 za con_stephen_kreusch
2010 za con_stephen_kreusch2010 za con_stephen_kreusch
2010 za con_stephen_kreuschJohan Klerk
 
Effective Internal Investigations
Effective Internal InvestigationsEffective Internal Investigations
Effective Internal InvestigationsDaegis
 
Data loss prevention (dlp)
Data loss prevention (dlp)Data loss prevention (dlp)
Data loss prevention (dlp)Hussein Al-Sanabani
 
Research, the Cloud, and the IRB
Research, the Cloud, and the IRBResearch, the Cloud, and the IRB
Research, the Cloud, and the IRBMichael Zimmer
 
Efficiently Handling Subject Access Requests
Efficiently Handling Subject Access RequestsEfficiently Handling Subject Access Requests
Efficiently Handling Subject Access Requestsjcscholtes
 
Let the Trees Live. Go Paperless by KTL Solutions and PaperSave
Let the Trees Live. Go Paperless by KTL Solutions and PaperSaveLet the Trees Live. Go Paperless by KTL Solutions and PaperSave
Let the Trees Live. Go Paperless by KTL Solutions and PaperSaveKTL Solutions
 
TIBCO Innovation Workshop Series: Reducing Decision Latency with Streaming An...
TIBCO Innovation Workshop Series: Reducing Decision Latency with Streaming An...TIBCO Innovation Workshop Series: Reducing Decision Latency with Streaming An...
TIBCO Innovation Workshop Series: Reducing Decision Latency with Streaming An...Nelson Petracek
 
Silicon Valley Code Camp Blockchain Oct 2017
Silicon Valley Code Camp Blockchain Oct 2017Silicon Valley Code Camp Blockchain Oct 2017
Silicon Valley Code Camp Blockchain Oct 2017Nelson Petracek
 
The Ethics of Law Practice and Legal Marketing in a Social Media Environment ...
The Ethics of Law Practice and Legal Marketing in a Social Media Environment ...The Ethics of Law Practice and Legal Marketing in a Social Media Environment ...
The Ethics of Law Practice and Legal Marketing in a Social Media Environment ...Cynthia Sharp
 
Delivering a Linked Data warehouse and realising the power of graphs
Delivering a Linked Data warehouse and realising the power of graphsDelivering a Linked Data warehouse and realising the power of graphs
Delivering a Linked Data warehouse and realising the power of graphsBen Gardner
 
ISSA DLP Presentation - Oxford Consulting Group
ISSA DLP Presentation - Oxford Consulting GroupISSA DLP Presentation - Oxford Consulting Group
ISSA DLP Presentation - Oxford Consulting Groupaengelbert
 
"We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec..."We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec...Jisc
 
The Sherpa Approach: Meeting the Demands of the Digital Age
The Sherpa Approach: Meeting the Demands of the Digital AgeThe Sherpa Approach: Meeting the Demands of the Digital Age
The Sherpa Approach: Meeting the Demands of the Digital AgeSherpa Software
 
Clio logikcull- leveraging e discovery date in legal practice
Clio logikcull- leveraging e discovery date in legal practiceClio logikcull- leveraging e discovery date in legal practice
Clio logikcull- leveraging e discovery date in legal practiceClio - Cloud-Based Legal Technology
 
Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Sarfaraz Chougule
 
The Innovation Gap: Why the Justice System Has Failed to Keep Pace with Techn...
The Innovation Gap: Why the Justice System Has Failed to Keep Pace with Techn...The Innovation Gap: Why the Justice System Has Failed to Keep Pace with Techn...
The Innovation Gap: Why the Justice System Has Failed to Keep Pace with Techn...Robert Ambrogi
 
Mobile Security
Mobile Security Mobile Security
Mobile Security James Sutter
 
Kill the Dinosaurs, and Other Tips for Achieving Technical Competence
Kill the Dinosaurs, and Other Tips for Achieving Technical CompetenceKill the Dinosaurs, and Other Tips for Achieving Technical Competence
Kill the Dinosaurs, and Other Tips for Achieving Technical CompetenceAntigone Peyton
 

Was ist angesagt? (20)

Humans Are The Weakest Link – How DLP Can Help
Humans Are The Weakest Link – How DLP Can HelpHumans Are The Weakest Link – How DLP Can Help
Humans Are The Weakest Link – How DLP Can Help
 
2010 za con_stephen_kreusch
2010 za con_stephen_kreusch2010 za con_stephen_kreusch
2010 za con_stephen_kreusch
 
Effective Internal Investigations
Effective Internal InvestigationsEffective Internal Investigations
Effective Internal Investigations
 
Data loss prevention (dlp)
Data loss prevention (dlp)Data loss prevention (dlp)
Data loss prevention (dlp)
 
Research, the Cloud, and the IRB
Research, the Cloud, and the IRBResearch, the Cloud, and the IRB
Research, the Cloud, and the IRB
 
Efficiently Handling Subject Access Requests
Efficiently Handling Subject Access RequestsEfficiently Handling Subject Access Requests
Efficiently Handling Subject Access Requests
 
Let the Trees Live. Go Paperless by KTL Solutions and PaperSave
Let the Trees Live. Go Paperless by KTL Solutions and PaperSaveLet the Trees Live. Go Paperless by KTL Solutions and PaperSave
Let the Trees Live. Go Paperless by KTL Solutions and PaperSave
 
TIBCO Innovation Workshop Series: Reducing Decision Latency with Streaming An...
TIBCO Innovation Workshop Series: Reducing Decision Latency with Streaming An...TIBCO Innovation Workshop Series: Reducing Decision Latency with Streaming An...
TIBCO Innovation Workshop Series: Reducing Decision Latency with Streaming An...
 
Silicon Valley Code Camp Blockchain Oct 2017
Silicon Valley Code Camp Blockchain Oct 2017Silicon Valley Code Camp Blockchain Oct 2017
Silicon Valley Code Camp Blockchain Oct 2017
 
The Ethics of Law Practice and Legal Marketing in a Social Media Environment ...
The Ethics of Law Practice and Legal Marketing in a Social Media Environment ...The Ethics of Law Practice and Legal Marketing in a Social Media Environment ...
The Ethics of Law Practice and Legal Marketing in a Social Media Environment ...
 
Delivering a Linked Data warehouse and realising the power of graphs
Delivering a Linked Data warehouse and realising the power of graphsDelivering a Linked Data warehouse and realising the power of graphs
Delivering a Linked Data warehouse and realising the power of graphs
 
ISSA DLP Presentation - Oxford Consulting Group
ISSA DLP Presentation - Oxford Consulting GroupISSA DLP Presentation - Oxford Consulting Group
ISSA DLP Presentation - Oxford Consulting Group
 
"We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec..."We're all in this together" - educating users on the importance of cyber sec...
"We're all in this together" - educating users on the importance of cyber sec...
 
The Sherpa Approach: Meeting the Demands of the Digital Age
The Sherpa Approach: Meeting the Demands of the Digital AgeThe Sherpa Approach: Meeting the Demands of the Digital Age
The Sherpa Approach: Meeting the Demands of the Digital Age
 
Clio logikcull- leveraging e discovery date in legal practice
Clio logikcull- leveraging e discovery date in legal practiceClio logikcull- leveraging e discovery date in legal practice
Clio logikcull- leveraging e discovery date in legal practice
 
E-Lock digital signature solutions
E-Lock digital signature solutionsE-Lock digital signature solutions
E-Lock digital signature solutions
 
Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)Best Practices for Implementing Data Loss Prevention (DLP)
Best Practices for Implementing Data Loss Prevention (DLP)
 
The Innovation Gap: Why the Justice System Has Failed to Keep Pace with Techn...
The Innovation Gap: Why the Justice System Has Failed to Keep Pace with Techn...The Innovation Gap: Why the Justice System Has Failed to Keep Pace with Techn...
The Innovation Gap: Why the Justice System Has Failed to Keep Pace with Techn...
 
Mobile Security
Mobile Security Mobile Security
Mobile Security
 
Kill the Dinosaurs, and Other Tips for Achieving Technical Competence
Kill the Dinosaurs, and Other Tips for Achieving Technical CompetenceKill the Dinosaurs, and Other Tips for Achieving Technical Competence
Kill the Dinosaurs, and Other Tips for Achieving Technical Competence
 

Andere mochten auch

Managing a security program (when you are not a security expert)
Managing a security program (when you are not a security expert)Managing a security program (when you are not a security expert)
Managing a security program (when you are not a security expert)jikbal
 
Internal Investigations
Internal InvestigationsInternal Investigations
Internal Investigationsalberto0
 
Supply Chain Threats, Risks, and Trends | Global intelligence report
Supply Chain Threats, Risks, and Trends | Global intelligence reportSupply Chain Threats, Risks, and Trends | Global intelligence report
Supply Chain Threats, Risks, and Trends | Global intelligence reportUdomsak Suntithikavong
 
Incident Response
Incident Response Incident Response
Incident Response InnoTech
 
Internal Investigation What To Expect
Internal Investigation What To ExpectInternal Investigation What To Expect
Internal Investigation What To ExpectBill Banowsky
 
Building an Effective Supply Chain Security Program
Building an Effective Supply Chain Security ProgramBuilding an Effective Supply Chain Security Program
Building an Effective Supply Chain Security ProgramPriyanka Aash
 
CONDUCTING A WORKPLACE INVESTIGATION
CONDUCTING A WORKPLACE INVESTIGATIONCONDUCTING A WORKPLACE INVESTIGATION
CONDUCTING A WORKPLACE INVESTIGATIONEnercare Inc.
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? PECB
 
Network Solutions Supply Chain Industry Day_May28_2014_Consolidated
Network Solutions Supply Chain Industry Day_May28_2014_ConsolidatedNetwork Solutions Supply Chain Industry Day_May28_2014_Consolidated
Network Solutions Supply Chain Industry Day_May28_2014_ConsolidatedKBIZEAU
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk ManagementHamed Moghaddam
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...festival ICT 2016
 
Supply Chain Security
Supply Chain SecuritySupply Chain Security
Supply Chain Securityguest031790
 
Crisis comunication powerpoint
Crisis comunication powerpointCrisis comunication powerpoint
Crisis comunication powerpointMeaganTaylor16
 
How to manage a crisis ?
How to manage a crisis ?How to manage a crisis ?
How to manage a crisis ?Philippe Roques
 
Crisis Communication Plan
Crisis Communication PlanCrisis Communication Plan
Crisis Communication PlanBeth Wilson
 
Crisis management presentation
Crisis management presentationCrisis management presentation
Crisis management presentationiChange
 

Andere mochten auch (19)

Managing a security program (when you are not a security expert)
Managing a security program (when you are not a security expert)Managing a security program (when you are not a security expert)
Managing a security program (when you are not a security expert)
 
Supply Chain Present
Supply Chain PresentSupply Chain Present
Supply Chain Present
 
Internal Investigations
Internal InvestigationsInternal Investigations
Internal Investigations
 
Supply Chain Threats, Risks, and Trends | Global intelligence report
Supply Chain Threats, Risks, and Trends | Global intelligence reportSupply Chain Threats, Risks, and Trends | Global intelligence report
Supply Chain Threats, Risks, and Trends | Global intelligence report
 
Incident Response
Incident Response Incident Response
Incident Response
 
Internal Investigation What To Expect
Internal Investigation What To ExpectInternal Investigation What To Expect
Internal Investigation What To Expect
 
#NISWAW Session 2
#NISWAW Session 2#NISWAW Session 2
#NISWAW Session 2
 
Information Security Policies and Standards
Information Security Policies and StandardsInformation Security Policies and Standards
Information Security Policies and Standards
 
Building an Effective Supply Chain Security Program
Building an Effective Supply Chain Security ProgramBuilding an Effective Supply Chain Security Program
Building an Effective Supply Chain Security Program
 
CONDUCTING A WORKPLACE INVESTIGATION
CONDUCTING A WORKPLACE INVESTIGATIONCONDUCTING A WORKPLACE INVESTIGATION
CONDUCTING A WORKPLACE INVESTIGATION
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation?
 
Network Solutions Supply Chain Industry Day_May28_2014_Consolidated
Network Solutions Supply Chain Industry Day_May28_2014_ConsolidatedNetwork Solutions Supply Chain Industry Day_May28_2014_Consolidated
Network Solutions Supply Chain Industry Day_May28_2014_Consolidated
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk Management
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
 
Supply Chain Security
Supply Chain SecuritySupply Chain Security
Supply Chain Security
 
Crisis comunication powerpoint
Crisis comunication powerpointCrisis comunication powerpoint
Crisis comunication powerpoint
 
How to manage a crisis ?
How to manage a crisis ?How to manage a crisis ?
How to manage a crisis ?
 
Crisis Communication Plan
Crisis Communication PlanCrisis Communication Plan
Crisis Communication Plan
 
Crisis management presentation
Crisis management presentationCrisis management presentation
Crisis management presentation
 

Ă„hnlich wie Internal Investigations and the Cloud

Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data? Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data? Bianca Mueller, LL.M.
 
Risks and Benefits of Cloud Computing
Risks and Benefits of Cloud ComputingRisks and Benefits of Cloud Computing
Risks and Benefits of Cloud ComputingDLA Piper (Canada) LLP
 
Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Mark Williams
 
What is Cloud Security, and Can I Have Some?
What is Cloud Security, and Can I Have Some?What is Cloud Security, and Can I Have Some?
What is Cloud Security, and Can I Have Some?John Kinsella
 
Getting Started in the Nonprofit Cloud
Getting Started in the Nonprofit CloudGetting Started in the Nonprofit Cloud
Getting Started in the Nonprofit CloudAbila
 
CNIT 50: 1. Network Security Monitoring Rationale
CNIT 50: 1. Network Security Monitoring RationaleCNIT 50: 1. Network Security Monitoring Rationale
CNIT 50: 1. Network Security Monitoring RationaleSam Bowne
 
MISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloudMISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloudMISA Ontario Cloud SIG
 
An information management update for in house counsel
An information management update for in house counselAn information management update for in house counsel
An information management update for in house counselDan Michaluk
 
Meeting the Demands of an On-Demand World
Meeting the Demands of an On-Demand WorldMeeting the Demands of an On-Demand World
Meeting the Demands of an On-Demand WorldHostway|HOSTING
 
GDPR - Why it matters and how to make it Easy
GDPR - Why it matters and how to make it EasyGDPR - Why it matters and how to make it Easy
GDPR - Why it matters and how to make it EasyPaul McQuillan
 
cloud session uklug
cloud session uklugcloud session uklug
cloud session uklugdominion
 
Ignite Presentation
Ignite PresentationIgnite Presentation
Ignite PresentationBrad Stauber
 
Correlation does not mean causation
Correlation does not mean causationCorrelation does not mean causation
Correlation does not mean causationPeter Varhol
 
ACEDS-Zylab 4-3-15 Webcast
ACEDS-Zylab 4-3-15 Webcast ACEDS-Zylab 4-3-15 Webcast
ACEDS-Zylab 4-3-15 Webcast Logikcull.com
 
Small and solo in the cloud
Small and solo in the cloudSmall and solo in the cloud
Small and solo in the cloudOmar Ha-Redeye
 
CRMCS GDPR - Why it matters and how to make it Easy
CRMCS GDPR - Why it matters and how to make it EasyCRMCS GDPR - Why it matters and how to make it Easy
CRMCS GDPR - Why it matters and how to make it EasyPaul McQuillan
 
Security and governance in the cloud
Security and governance in the cloudSecurity and governance in the cloud
Security and governance in the cloudJulian Knight
 
[DSC Adria 23] Miro MIljanic Telco Data Pipelines in the Cloud Architecture a...
[DSC Adria 23] Miro MIljanic Telco Data Pipelines in the Cloud Architecture a...[DSC Adria 23] Miro MIljanic Telco Data Pipelines in the Cloud Architecture a...
[DSC Adria 23] Miro MIljanic Telco Data Pipelines in the Cloud Architecture a...DataScienceConferenc1
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Valencell, Inc.
 

Ă„hnlich wie Internal Investigations and the Cloud (20)

Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data? Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data?
 
Risks and Benefits of Cloud Computing
Risks and Benefits of Cloud ComputingRisks and Benefits of Cloud Computing
Risks and Benefits of Cloud Computing
 
Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Cloud Security: A matter of trust?
Cloud Security: A matter of trust?
 
What is Cloud Security, and Can I Have Some?
What is Cloud Security, and Can I Have Some?What is Cloud Security, and Can I Have Some?
What is Cloud Security, and Can I Have Some?
 
Getting Started in the Nonprofit Cloud
Getting Started in the Nonprofit CloudGetting Started in the Nonprofit Cloud
Getting Started in the Nonprofit Cloud
 
CNIT 50: 1. Network Security Monitoring Rationale
CNIT 50: 1. Network Security Monitoring RationaleCNIT 50: 1. Network Security Monitoring Rationale
CNIT 50: 1. Network Security Monitoring Rationale
 
MISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloudMISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloud
 
Bird&Bird
Bird&BirdBird&Bird
Bird&Bird
 
An information management update for in house counsel
An information management update for in house counselAn information management update for in house counsel
An information management update for in house counsel
 
Meeting the Demands of an On-Demand World
Meeting the Demands of an On-Demand WorldMeeting the Demands of an On-Demand World
Meeting the Demands of an On-Demand World
 
GDPR - Why it matters and how to make it Easy
GDPR - Why it matters and how to make it EasyGDPR - Why it matters and how to make it Easy
GDPR - Why it matters and how to make it Easy
 
cloud session uklug
cloud session uklugcloud session uklug
cloud session uklug
 
Ignite Presentation
Ignite PresentationIgnite Presentation
Ignite Presentation
 
Correlation does not mean causation
Correlation does not mean causationCorrelation does not mean causation
Correlation does not mean causation
 
ACEDS-Zylab 4-3-15 Webcast
ACEDS-Zylab 4-3-15 Webcast ACEDS-Zylab 4-3-15 Webcast
ACEDS-Zylab 4-3-15 Webcast
 
Small and solo in the cloud
Small and solo in the cloudSmall and solo in the cloud
Small and solo in the cloud
 
CRMCS GDPR - Why it matters and how to make it Easy
CRMCS GDPR - Why it matters and how to make it EasyCRMCS GDPR - Why it matters and how to make it Easy
CRMCS GDPR - Why it matters and how to make it Easy
 
Security and governance in the cloud
Security and governance in the cloudSecurity and governance in the cloud
Security and governance in the cloud
 
[DSC Adria 23] Miro MIljanic Telco Data Pipelines in the Cloud Architecture a...
[DSC Adria 23] Miro MIljanic Telco Data Pipelines in the Cloud Architecture a...[DSC Adria 23] Miro MIljanic Telco Data Pipelines in the Cloud Architecture a...
[DSC Adria 23] Miro MIljanic Telco Data Pipelines in the Cloud Architecture a...
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4
 

Mehr von Dan Michaluk

Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptxEcno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptxDan Michaluk
 
Critical Issues in School Board Cyber Security
Critical Issues in School Board Cyber SecurityCritical Issues in School Board Cyber Security
Critical Issues in School Board Cyber SecurityDan Michaluk
 
Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)Dan Michaluk
 
Higher Education Sexual Violence Presentation
Higher Education Sexual Violence PresentationHigher Education Sexual Violence Presentation
Higher Education Sexual Violence PresentationDan Michaluk
 
Cyber class action claims at an inflection point
Cyber class action claims at an inflection pointCyber class action claims at an inflection point
Cyber class action claims at an inflection pointDan Michaluk
 
The pandemic and privacy
The pandemic and privacyThe pandemic and privacy
The pandemic and privacyDan Michaluk
 
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Dan Michaluk
 
Union access to information
Union access to informationUnion access to information
Union access to informationDan Michaluk
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk GovernanceDan Michaluk
 
Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?Dan Michaluk
 
The Current State of FOI
The Current State of FOIThe Current State of FOI
The Current State of FOIDan Michaluk
 
Cyber, secrecy and the public body
Cyber, secrecy and the public bodyCyber, secrecy and the public body
Cyber, secrecy and the public bodyDan Michaluk
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsDan Michaluk
 
Advocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy UpdateAdvocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy UpdateDan Michaluk
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam ComplianceDan Michaluk
 
Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice Dan Michaluk
 
Role of a breach coach
Role of a breach coachRole of a breach coach
Role of a breach coachDan Michaluk
 
PHIPA for school boards
PHIPA for school boardsPHIPA for school boards
PHIPA for school boardsDan Michaluk
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam ComplianceDan Michaluk
 
Finding internet evidence
Finding internet evidenceFinding internet evidence
Finding internet evidenceDan Michaluk
 

Mehr von Dan Michaluk (20)

Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptxEcno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
 
Critical Issues in School Board Cyber Security
Critical Issues in School Board Cyber SecurityCritical Issues in School Board Cyber Security
Critical Issues in School Board Cyber Security
 
Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)
 
Higher Education Sexual Violence Presentation
Higher Education Sexual Violence PresentationHigher Education Sexual Violence Presentation
Higher Education Sexual Violence Presentation
 
Cyber class action claims at an inflection point
Cyber class action claims at an inflection pointCyber class action claims at an inflection point
Cyber class action claims at an inflection point
 
The pandemic and privacy
The pandemic and privacyThe pandemic and privacy
The pandemic and privacy
 
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
 
Union access to information
Union access to informationUnion access to information
Union access to information
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk Governance
 
Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?
 
The Current State of FOI
The Current State of FOIThe Current State of FOI
The Current State of FOI
 
Cyber, secrecy and the public body
Cyber, secrecy and the public bodyCyber, secrecy and the public body
Cyber, secrecy and the public body
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analytics
 
Advocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy UpdateAdvocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy Update
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam Compliance
 
Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice
 
Role of a breach coach
Role of a breach coachRole of a breach coach
Role of a breach coach
 
PHIPA for school boards
PHIPA for school boardsPHIPA for school boards
PHIPA for school boards
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam Compliance
 
Finding internet evidence
Finding internet evidenceFinding internet evidence
Finding internet evidence
 

KĂĽrzlich hochgeladen

Lucknow đź’‹ Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow đź’‹ Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow đź’‹ Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow đź’‹ Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...anilsa9823
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Roland Driesen
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfPaul Menig
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...lizamodels9
 
Call Girls Electronic City Just Call đź‘— 7737669865 đź‘— Top Class Call Girl Servi...
Call Girls Electronic City Just Call đź‘— 7737669865 đź‘— Top Class Call Girl Servi...Call Girls Electronic City Just Call đź‘— 7737669865 đź‘— Top Class Call Girl Servi...
Call Girls Electronic City Just Call đź‘— 7737669865 đź‘— Top Class Call Girl Servi...amitlee9823
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxpriyanshujha201
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfAdmir Softic
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityEric T. Tung
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesDipal Arora
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsP&CO
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Neil Kimberley
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...lizamodels9
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with CultureSeta Wicaksana
 
Call Girls Hebbal Just Call đź‘— 7737669865 đź‘— Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call đź‘— 7737669865 đź‘— Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call đź‘— 7737669865 đź‘— Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call đź‘— 7737669865 đź‘— Top Class Call Girl Service Bangaloreamitlee9823
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLSeo
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsMichael W. Hawkins
 

KĂĽrzlich hochgeladen (20)

Lucknow đź’‹ Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow đź’‹ Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow đź’‹ Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow đź’‹ Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
 
Call Girls Electronic City Just Call đź‘— 7737669865 đź‘— Top Class Call Girl Servi...
Call Girls Electronic City Just Call đź‘— 7737669865 đź‘— Top Class Call Girl Servi...Call Girls Electronic City Just Call đź‘— 7737669865 đź‘— Top Class Call Girl Servi...
Call Girls Electronic City Just Call đź‘— 7737669865 đź‘— Top Class Call Girl Servi...
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
Call Girls Hebbal Just Call đź‘— 7737669865 đź‘— Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call đź‘— 7737669865 đź‘— Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call đź‘— 7737669865 đź‘— Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call đź‘— 7737669865 đź‘— Top Class Call Girl Service Bangalore
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael Hawkins
 

Internal Investigations and the Cloud

  • 1. Internal Investigations and the Cloud Dan Michaluk ACFI Fraud Conference May 28, 2012
  • 2. Internal Investigations and the Cloud • What is cloud computing? • Why is it a problem for investigators? • What‟s the solution? • The problem with the consumer cloud • The consumer cloud – personal accounts • Good resources Internal Investigations and the Cloud
  • 3. What is cloud computing? • Model for delivery of computing services • Services outsourced and accessed through the internet, on demand, at desired scale • Data resides on servers owned by third- parties, often with the data of others and often in one or more foreign countries • Consumer services differ from enterprise services Internal Investigations and the Cloud
  • 4. What is cloud computing? • It is related to a “data portability” phenomenon • “We‟ve got work information on personal devices and personal information on work devices” • Add to that, multiple companies on physical servers • This creates ambiguity that can be dealt with by contract (and I assume by technology) – i.e. we need to replace physical control with legal control Internal Investigations and the Cloud
  • 5. Why is it a problem for investigators? • It threatens to timely access to reliable evidence • Providers default to low cost rather than service • Investigations and e-discovery are afterthoughts • Specialized forensic data capture services are rare • Logs and other forensic data can be intermingled • Proprietary software can make interpretation hard • Access restrictions create a chain of custody issue • Law of other jurisdictions may be restrictive Internal Investigations and the Cloud
  • 6. Why is it a problem for investigators? • Discussion • Do your employers or clients use cloud-based services for business? • Has this affected your investigations? • How? Internal Investigations and the Cloud
  • 7. What’s the solution? • The solution is simple (in theory) • Outsourcing process requirements definition, vendor selection, due diligence and contracting and administration • You need to insert yourself in all aspects of this process to communicate your requirements and see that they are met • But… be prepared to compromise because the cloud is the cloud and physical control is supreme Internal Investigations and the Cloud
  • 8. What’s the solution? • The solution is simple (in theory) • Understand the system and the data it generates • Develop investigation scenarios • Develop investigation requirements • Prioritize requirements • Discuss requirements • Ensure requirements can be met • Service level agreement is key, but is not everything Internal Investigations and the Cloud
  • 9. What’s the solution? • Assume your employer or a client is moving its accounting system to the cloud. As a fraud investigator, what are your key needs? Internal Investigations and the Cloud
  • 10. What’s the solution? • Key questions (among others) • In what jurisdiction(s) will data reside? • How is data stored at application & system levels? • Can our data be extracted independently from others‟ data? • What forensic data do we want? Will you make it available to us? How? To others? How will that affect us? Internal Investigations and the Cloud
  • 11. What’s the solution? • Key questions (among others) • Will your employee give evidence to establish the chain of custody? • How fast will you make all this happen? Internal Investigations and the Cloud
  • 12. The problem with the consumer cloud • It is a data security risk – business information is leeching into personal accounts and home computers • Example – employee sends work home via a web based personal e-mail account • Example – business unit starts using Google docs to collaborate though the company has no enterprise services relationship with Google Internal Investigations and the Cloud
  • 13. The consumer cloud - personal accounts • The Calgary Police Service case (April 2012) • Internal sexual misconduct investigation • E-mail review… search for “password” • Found login credentials for personal e-mail account • Accessed on “data leakage” theory • Found (unanticipated) evidence of sexual misconduct • Alberta OPIC finds a violation of privacy legislation Internal Investigations and the Cloud
  • 14. The consumer cloud - personal accounts • Why unauthorized access is a bad idea • Except in extraordinary circumstances it is likely to be a criminal offence – Criminal Code s. 342.1 • A labour arbitrator may exclude evidence • Though not ideal, there is a work-around Internal Investigations and the Cloud
  • 15. The consumer cloud - personal accounts • The work-around • Finish the covert investigation • Confront the employee • Make a preservation demand • Make a reasonable inspection demand • Be prepared to manage a refusal through an insubordination charge and an adverse inference Internal Investigations and the Cloud
  • 16. The consumer cloud - personal accounts • “Friending” targets is risky • “Friending” as yourself may not be that helpful • Impersonation is a criminal offence (s. 403) • Do your professional rules prohibit the use of fake profiles to gain information? Internal Investigations and the Cloud
  • 17. Related Resources • J. Cheng, “IBM‟s Siri ban highlights companies‟ privacy, trade secret challenges” • Digital Forensics Laboratories, “Digital investigations in the Cloud” • T. Harbert, “E-discovery in the Cloud? Not so easy.” • W. Manning, “Investigating in the Clouds” • K. Ruan et al, “Cloud forensics: An overview” • A. Savvas, “Cloud providers cave into more flexible contracts.” • T. Trappler, “In the Cloud, Your Data Can Get Caught Up in Legal Actions” • K. Zetter, “FBI Uses „Sledgehammer‟ to Seize E-Mail Server in Search for Bomb Threat Evidence Internal Investigations and the Cloud
  • 18. Internal Investigations and the Cloud Dan Michaluk ACFI Fraud Conference May 28, 2012

Hinweis der Redaktion

  1. Dan MichalukHicks MorleyWe work for managementSupport internal investigation workArgue cases that flow from internal investigation workWorked with organizations on outsourcings to cloudNot an IT proNot an forensics pro…About how cloud computing will affect your job as an internal investigator and what to do about itImportant topic for investigators because the success of your work depends on access to informationBusiness us of the cloud is a threat, but it can be managedIn a more obvious way social media use is a potential source of evidence… talk about one issue that’s come up recently… access to personal accounts
  2. Let’s cover the basicsAnyone volunteer to describe what cloud computing is?Key features that create a problem-third-party owned-cost effectiveness supersedes control-distributed-server provision is “virtualized” (some degree of intermingling problem)Great trend-tell story about education sector pitchDeveloping distinction between consumer cloud (“public”) and enterprise (“private”) cloud-very important distinction for business-if business has any control, it must have the primary agreement with the cloud provider
  3. Bigger problem for business is data portabilityToo easy to move data between systems nowTell story about Crown’s pitchA bunch of information that should be organization’s control is now “out there”Evidence trails will lead you to data sources that you can’t access through routine and authorized meansWhat do we do about that?There will be some compromise to your investigationYou’ll have to live with thatQuestion is how do we manage the risk when corporate security is not ideal
  4. Summarizes the cloud problemLow cost – comment on cloud provider bias-Computer World UK article from Friday… cloud providers will compete on flexibilityInvestigations and e-discovery afterthought-Barry Murphy, eDJ Group Inc. survey-Anecdotally, investigation rights focused on data breach investigation rights-Forensic issues-Meaning from information-e.g. time stamps… beg more questions about how they are generated
  5. Facilitated discussionLet’s draw from your current experience
  6. This is a business problem not an investigation problemYou need to get identified as a stakeholder and make your needs knownUltimately there will be compromiseThere will be risksIt’s a less than ideal computing model for your needsBe open to thatThe cost savings will compel some level of adoption
  7. Here’s the process I foreseeVery tailored approachThere will be great resistance to this type of analysis from most vendorsBut if you’re going in blind you should at least know that
  8. Facilitated discussionLet’s brainstorm about potential requirements
  9. Here’s what you must know-must know the jurisdiction -less willing to disclose than you think -will affect access to data -good due diligence will entail a local opinion on access to PI-how is data stored -data map/model-intermingling key -stories about law enforcement seizing whole servers -how are you protected from that-last bullet are the “money” questions -can only ask them if you have a good data map
  10. -more questions-might have to prove authenticity of exports or images -cooperation essential -what’s arrangement? -what’s the protocol? -think ahead-how fast -speed of investigation is critical -delay increases exposure to risk of financial harm -increase cost of paying employees on leave -increase risk of employment damages claims
  11. New topicInformation beyond your control Investigations lead to personal devices, computers and accounts
  12. Example
  13. Risks of hacking in
  14. Here’s the solution
  15. Here’s the solution