The Forensic Chain-of-Evidence Model: Improving the Process of Evidence Collection in Incident Handling Procedures
|
|
- Shanon Rogers
- 5 years ago
- Views:
Transcription
1 The Forensic Chain-of-Evidence Model: Improving the Process of Evidence Collection in Incident Handling Procedures Atif Ahmad Department of Information Systems, University of Melbourne, Parkville, VIC 3010, Australia. Abstract This paper suggests that administrators form a new way of conceptualizing evidence collection across an intranet based on a model consisting of linked audit logs. This methodology enables the establishment of a chain of evidence that is especially useful across a corporate intranet environment. Administrators are encouraged to plan event configuration such that audit logs provide complementary information across the intranet. Critical factors that determine the quality of evidence are also discussed and some limitations of the model are highlighted. Introduction to Computer Forensics Computer Forensics is a relatively new field in computer science and is still undergoing a process of evolution and definition. In general computer forensics is related to evidence from or about computers that is destined for use in court, although it is also used to describe the use of computers to analyze complex data [Sommer98]. In this paper computer forensics is limited to a post-incident scenario where investigators have been called in to gather evidence for use in legal proceedings. Forensic investigations typically consist of two phases. The first phase, known as the exploratory phase, is an attempt by the investigator to identify the nature of the problem at hand and to define what s/he thinks transpired at the scene of the incident. For example, in a hacker case the investigator may need to pinpoint the source of the break in. In a corporation with hundreds of computers and thousands of entry points this may well be a daunting task. Once the investigator has determined what s/he thinks took place the induction ends and the deduction, i.e. the evidence phase, begins. The evidence phase revolves around the accumulation of proof admissible in court that deductively proves the conclusion of the forensic investigator made by way of induction. The exploratory phase of the investigation tests the investigator s ability to detect patterns in what may appear to be a chaotic scenario. Each scenario consists of recurring patterns that define a commonly occurring normal sequence of events, like users following their usual
2 patterns of computer/network usage, backups taking place according to their pre-determined schedule. The patterns that form this normal sequence of events when identified, allow the investigator to visualize any disruptions or anomalous events that may have taken place. The solution to many cases lies in these anomalous occurrences that should be marked for careful scrutiny at a later date. Collecting Evidence in a Corporate Intranet Environment Traditionally logging has been the primary source for documenting events happening in operating systems. Event logs aim to record significant events in the case where an incident takes place and the administrator wanted some idea of what had transpired [Murray98]. Event logging has been based on the old centralized computing model that is now largely obsolete. Sources of evidence that investigators may have at hand on a computer system include system logs, audit logs, application logs, network management logs, network traffic capture, and data regarding the state of the file system [Sommer98]. Logs are traditionally regarded as the primary record or indication of transpired activity. With the evolution from stand-alone PCs to networked systems, system logs have been complemented with network logs and traffic capture etc. to improve recording of ongoing computer activity. In an Intranet-type environment where resources are distributed, events on one computer are frequently related to those on another. In these scenarios centralized logging leads to extremely localized (and short) chains of evidence that are difficult to relate to other chains on other computers within the same Intranet. Network traffic logging has assisted in connecting links of evidence that exist on operating systems that are related due to the use of network connectivity. In the case of malicious-use of remote commands if network traffic is recorded then it can be typically traced to a source address thereby connecting it to the computer from which the attack originated. In general there is not enough information in the event logs of the source address to identify which application initiated the network traffic and what initiated the network traffic in the first place. Specifically, intention is extremely difficult to establish in such an environment. If a user account can be linked to the use of privileges that led to the generation of malicious network traffic, the user may still claim that he/she didn t do it. In such a case it may become necessary to provide a source of evidence that cannot be easily repudiated that identifies the identity of the user. In such a case physical access control logs or CCTV pictures may be required. Industry standards and expert advice in the area of incident handling have traditionally limited the scope of the crime scene to the computer system itself. In a corporate intranet broadening the scope to include the immediate physical work environment around the computer system will significantly improve the context of computer-based evidence. It has been well documented that the vast majority of malicious incidents that aim at harming corporate interests originate from the work environment. Including the immediate work
3 environment surrounding computer systems will preserve the chain of evidence that has traditionally ended at the user terminal. Chain-of-Evidence Model The Chain-of-Evidence Model illustrates the discrete sets of actions carried out by an insider attempting to inflict malicious damage in an intranet environment. One group of actions is separated from another, based on the level of authority required to execute them. Each group of actions has a different corresponding source of evidence that must be responsible for documenting activity for forensic purposes. However each such source of evidence must be linked to the logs next to it (see above figure) in order to form a complete chain of evidence. The figure above starts with physical access to computer systems that must precede any malicious activity. It is in this stage that the crucial link between physical recognition and computer recognition take place. Following log-on procedures the user proceeds to invoke the services of a network application that must be used as a vehicle to inflict damage on a remote system. The network application issues the malicious network traffic that reaches a remote computer and executes the intended behavior. As illustrated in the figure above, the link between each log is crucial to the establishment of a complete chain of evidence. Across all of the links the crucial factor upon which the integrity of the entire chain rests is the authenticity of the time-line. If the accuracy of the time in any of the links is questionable then the entire chain is rendered useless. Timing however is not the only pivotal factor. In the case of the link between access logs/cctv and operating system event logs, the identification of the individual on screen and in the event log along is also important. Establishing the link between the operating system logs and the invocation of a network application can be difficult if the operating system s event configuration did not require such events be recorded. In addition most network applications do not record user behavior within the boundaries of network application use making it difficult to record precisely how users used the network application. Another weak link is the interaction between network applications and the traffic they generate. In general there is not enough information in operating systems event logs to determine whether network traffic was directly initiated by the user or was generated by some
4 other source like a network application running in the background. The author is in the process of researching the feasibility of a log of events that links a user session to the invocation of a network application, and the network application to the network traffic it produces. This log may improve the accountability of program behavior in a network environment. The final link between the operating system where the damage has been caused to the network traffic that caused it is a matter of identifying the network traffic that caused the damage and tracing it back to the source system where the traffic was thought to have originated. Using the Evidence Model to Improve Collection Most guides to incident handling stress the importance of documenting observations and asking the basic questions of Who, What, When and Where [Hosmer98]. Many experts have suggested that a low-level backup is made to preserve the crime scene and for further causal analysis [Civie98]. Incident handling frequently involves a distinct collection phase in anticipation of prolonged analysis. Administrators follow procedures by which evidence is collected and stored. Following the collection the systems become subject to maintenance after which attempts are made to bring systems back on line. The model in Figure 2 encourages administrators in their collection phase to think in terms of preserving chains of evidence as opposed to links of evidence that may or may not be useful in the analysis phase of the investigation. The model clearly defines a minimum number of areas in which evidence must be collected and in addition, stresses the importance of joining the links by respecting the importance of crucial factors like the accuracy of timing of each link and the quality of CCTV pictures, user identification in operating systems logs and so forth. The administrator is able to direct resources in accordance with the identified areas and links to preserve evidence. For example, in the case of an approach to or intrusion on the systems areas the CCTV picture must be clear enough to identify a face to the requirements of the law. Additional authentication systems can be installed in the systems area to strengthen the user authentication procedures and supporting logs. The main limitation of the Model is the lack of support from the event logging system underlying the operating system/network application/network. It may be necessary for administrators to implement their own monitoring and logging to supplement the standard facilities. In addition, logs that preserve the action of a user with respect to a target file may depend on the contents of that file. If the malicious action was a modification attack then evidence of that cannot be established without the preservation of the contents before and after the attack.
5 The logs themselves, along with all of the sources of critical information like the timing, the security subsystem and so forth must be protected from an integrity attack. Conclusion In an Intranet-type environment where resources are distributed, events on one computer are frequently related to those on another. In these scenarios centralized logging leads to localized (and short) chains of evidence that are difficult to relate to other chains on other computers within the same Intranet. Administrators must be aware of the Chain-of-Evidence model in order to plan for a complete trail of evidence across information domains that exist within an intranet. This model allows administrators in their collection phase to think in terms of preserving chains of evidence as opposed to individual links that may or may not be useful in the analysis phase of the investigation. The model defines a minimum number of areas in which evidence must be collected and in addition stresses the importance of joining the links by respecting the importance of crucial factors like the accuracy of timing of each link and the quality of CCTV pictures, user identification in operating systems logs and so forth. In practice, the main limitation of the model will be the lack of support from the event logging system underlying the operating system/network application/network. It may be necessary for administrators to implement their own monitoring and logging to supplement the standard facilities. References [Civie98] Civie, V. and R. Civie (1998). Future Technologies from Trends in Computer Forensic Science. IEEE: [Hosmer98] Hosmer, C. (1998). Time-Lining Computer Evidence. Information Technology Conference, IEEE. [Murray98] Murray,J. D. (1998). Windows NT Event Logging, O'Reilly & Associates. [SANS98] (1998). Incident Handling: Step by Step, The Sans Institute. [Sommer92] Sommer, Peter (1992), Computer Forensics: an Introduction, Compsec '92, Elsevier. [Sommer98] Sommer, P. (1998). Intrusion Detection Systems as Evidence. RAID 98, Louvain-la-Neuve, Belgum.
COLLECTING EVIDENCE IN A CORPORATE INTRANET ENVIRONMENT
Abstract Design of a Network-Access Audit Log for Security Monitoring and Forensic Investigation Atif Ahmad Tobias Ruighaver Department of Information Systems, University of Melbourne, atif@unimelb.edu.au.
More informationComputer Security Policy
Administration and Policy: Computer usage policy B 0.2/3 All systems Computer and Rules for users of the ECMWF computer systems May 1995 Table of Contents 1. The requirement for computer security... 1
More informationCOMPUTER FORENSICS (CFRS)
Computer Forensics (CFRS) 1 COMPUTER FORENSICS (CFRS) 500 Level Courses CFRS 500: Introduction to Forensic Technology and Analysis. 3 credits. Presents an overview of technologies of interest to forensics
More informationMANAGEMENT OF INFORMATION SECURITY INCIDENTS
MANAGEMENT OF INFORMATION SECURITY INCIDENTS PhD. Eng Daniel COSTIN Polytechnic University of Bucharest ABSTRACT Reporting information security events. Reporting information security weaknesses. Responsible
More informationOverview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks
Overview Handling Security Incidents Chapter 7 Lecturer: Pei-yih Ting Attacks Security Incidents Handling Security Incidents Incident management Methods and Tools Maintaining Incident Preparedness Standard
More informationComputer forensics Aiman Al-Refaei
Computer forensics Aiman Al-Refaei 29.08.2006 Computer forensics 1 Computer forensics Definitions: Forensics - The use of science and technology to investigate and establish facts in criminal or civil
More informationChapter 7 Forensic Duplication
Chapter 7 Forensic Duplication Ed Crowley Spring 11 Topics Response Strategies Forensic Duplicates and Evidence Federal Rules of Evidence What is a Forensic Duplicate? Hard Drive Development Forensic Tool
More informationWhen Recognition Matters WHITEPAPER CLFE CERTIFIED LEAD FORENSIC EXAMINER.
When Recognition Matters WHITEPAPER CLFE www.pecb.com CONTENT 3 4 5 6 6 7 7 8 8 Introduction So, what is Computer Forensics? Key domains of a CLFE How does a CLFE approach the investigation? What are the
More informationTHE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM
THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM Modern threats demand analytics-driven security and continuous monitoring Legacy SIEMs are Stuck in the Past Finding a mechanism to collect, store
More informationSPECIAL ISSUE, PAPER ID: IJDCST-09 ISSN
Digital Forensics CH. RAMESH BABU, Asst.Proffessor, Dept. Of MCA, K.B.N.College, Vijayawada Abstract: The need for computer intrusion forensics arises from the alarming increase in the number of computer
More informationE-guide Getting your CISSP Certification
Getting your CISSP Certification Intro to the 10 CISSP domains of the Common Body of Knowledge : The Security Professional (CISSP) is an information security certification that was developed by the International
More informationChapter 7 Forensic Duplication
Chapter 7 Forensic Duplication Ed Crowley Spring 10 Topics Response Strategies Forensic Duplicates and Evidence Federal Rules of Evidence What is a Forensic Duplicate? Hard Drive Development Forensic Tool
More informationCourse 832 EC-Council Computer Hacking Forensic Investigator (CHFI)
Course 832 EC-Council Computer Hacking Forensic Investigator (CHFI) Duration: 5 days You Will Learn How To Understand how perimeter defenses work Scan and attack you own networks, without actually harming
More informationDIGITAL FORENSICS FORENSICS FRAMEWORK FOR CLOUD COMPUTING
17.09.24 DIGITAL FORENSICS FORENSICS FRAMEWORK FOR CLOUD COMPUTING FORENSICS FRAMEWORK FOR CLOUD COMPUTING OUTLINE Abstract Introduction Challenges in cloud forensics Proposed solution Conclusion Opinion
More informationQuestion 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1:
Cybercrime Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1: Organizations can prevent cybercrime from occurring through the proper use of personnel, resources,
More informationIncident Response Data Acquisition Guidelines for Investigation Purposes 1
Incident Response Data Acquisition Guidelines for Investigation Purposes 1 1 Target Audience This document is aimed at general IT staff that may be in the position of being required to take action in response
More informationVulnerability Assessments and Penetration Testing
CYBERSECURITY Vulnerability Assessments and Penetration Testing A guide to understanding vulnerability assessments and penetration tests. OVERVIEW When organizations begin developing a strategy to analyze
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationIntrusion Detection by Combining and Clustering Diverse Monitor Data
Intrusion Detection by Combining and Clustering Diverse Monitor Data TSS/ACC Seminar April 5, 26 Atul Bohara and Uttam Thakore PI: Bill Sanders Outline Motivation Overview of the approach Feature extraction
More informationQuestion: 1 DES - Data Encryption standard has a 128 bit key and is very difficult to break.
1 ISC - SSCP System Security Certified Practitioner (SSCP) Question: 1 DES - Data Encryption standard has a 128 bit key and is very difficult to break. Question: 2 What is the main difference between computer
More informationComputer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers
Computer Information Systems (CIS) CIS 101 Introduction to Computers This course provides an overview of the computing field and its typical applications. Key terminology and components of computer hardware,
More informationAdvent IM Ltd ISO/IEC 27001:2013 vs
Advent IM Ltd ISO/IEC 27001:2013 vs 2005 www.advent-im.co.uk 0121 559 6699 bestpractice@advent-im.co.uk Key Findings ISO/IEC 27001:2013 vs. 2005 Controls 1) PDCA as a main driver is now gone with greater
More informationState of Israel Prime Minister's Office National Cyber Bureau. Unclassified
- 1 - Background for the Government Resolutions Regarding Advancing the National Preparedness for Cyber Security and Advancing National Regulation and Governmental Leadership in Cyber Security On February
More informationCybersecurity Auditing in an Unsecure World
About This Course Cybersecurity Auditing in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that cybersecurity
More informationTHINGS YOU NEED TO KNOW BEFORE DELVING INTO THE WORLD OF DIGITAL EVIDENCE. Roland Bastin Partner Risk Advisory Deloitte
Inside magazine issue 16 Part 03 - From a risk and cyber perspective perspective Roland Bastin Partner Risk Advisory Deloitte Gunnar Mortier Senior Manager Risk Advisory Deloitte THINGS YOU NEED TO KNOW
More informationINFORMATION SECURITY-SECURITY INCIDENT RESPONSE
Information Technology Services Administrative Regulation ITS-AR-1506 INFORMATION SECURITY-SECURITY INCIDENT RESPONSE 1.0 Purpose and Scope The purpose of the Security Response Administrative Regulation
More informationISC2 EXAM - SSCP. Systems Security Certified Practitioner. Buy Full Product.
ISC2 EXAM - SSCP Systems Security Certified Practitioner Buy Full Product http://www.examskey.com/sscp.html Examskey ISC2 SSCP exam demo product is here for you to test the quality of the product. This
More informationNew York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief
Publication Date: March 10, 2017 Requirements for Financial Services Companies (23NYCRR 500) Solution Brief EventTracker 8815 Centre Park Drive, Columbia MD 21045 About EventTracker EventTracker s advanced
More informationSecurity Audit What Why
What A systematic, measurable technical assessment of how the organization's security policy is employed at a specific site Physical configuration, environment, software, information handling processes,
More informationMEETING ISO STANDARDS
WHITE PAPER MEETING ISO 27002 STANDARDS September 2018 SECURITY GUIDELINE COMPLIANCE Organizations have seen a rapid increase in malicious insider threats, sensitive data exfiltration, and other advanced
More informationFairWarning Mapping to PCI DSS 3.0, Requirement 10
FairWarning Mapping to PCI DSS 3.0, Requirement 10 Requirement 10: Track and monitor all access to network resources and cardholder data Logging mechanisms and the ability to track user activities are
More informationDCU Guide to Subject Access Requests. Under Irish Data Protection Legislation
DCU Guide to Subject Access Requests Under Irish Data Protection Legislation Context Under section 4 of the Irish Data Protection Acts 1988 & 2003 an individual, on making a written request to DCU, may
More informationIntroduction and Statement of the Problem
Chapter 1 Introduction and Statement of the Problem 1.1 Introduction Unlike conventional cellular wireless mobile networks that rely on centralized infrastructure to support mobility. An Adhoc network
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationCourses. X E - Verify that system acquisitions policies and procedures include assessment of risk management policies X X
4016 Points * = Can include a summary justification for that section. FUNCTION 1 - INFORMATION SYSTEM LIFE CYCLE ACTIVITIES Life Cycle Duties No Subsection 2. System Disposition/Reutilization *E - Discuss
More informationCOMPUTER HACKING Forensic Investigator
COMPUTER HACKING Forensic Investigator H.H. Sheik Sultan Tower (0) Floor Corniche Street Abu Dhabi U.A.E www.ictd.ae ictd@ictd.ae Course Introduction: CHFIv8 presents a detailed methodological approach
More informationPrivileged Account Security: A Balanced Approach to Securing Unix Environments
Privileged Account Security: A Balanced Approach to Securing Unix Environments Table of Contents Introduction 3 Every User is a Privileged User 3 Privileged Account Security: A Balanced Approach 3 Privileged
More informationKeys to a more secure data environment
Keys to a more secure data environment A holistic approach to data infrastructure security The current fraud and regulatory landscape makes it clear that every firm needs a comprehensive strategy for protecting
More informationChapter 4 After Incident Detection
Chapter 4 After Incident Detection Ed Crowley Spring 10 1 Topics Incident Response Process SANs Six Step IR Process 1. Preparation 2. Identification 3. Containment 4. Eradication 5. Recovery 6. Lessons
More informatione-discovery Forensics Incident Response
e-discovery Forensics Incident Response NetSecurity Corporation Inno Eroraha, Chief Strategist 22375 Broderick Drive Suite 235 Dulles, VA 20166 SBA 8(a) Certified SDB GSA Contract # GS-35F-0288Y VA DCJS
More informationForensic Analysis Approach Based on Metadata and Hash Values for Digital Objects in the Cloud
Forensic Analysis Approach Based on Metadata and Hash Values for Digital Objects in the Cloud Ezz El-Din Hemdan 1, Manjaiah D.H 2 Research Scholar, Department of Computer Science, Mangalore University,
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting
More informationPasco Police Department Policy Manual. CRIME ANALYSIS AND INTELLIGENCE Chapter No. 40. Effective Date: 04/01/2018. Reference:
CRIME ANALYSIS AND INTELLIGENCE Chapter No. 40 Effective Date: 04/01/2018 Reference: 40.1.1 Crime and Intelligence Analysis Procedures Crime and intelligence analysis is a law enforcement agency function
More informationIntel s View of Business Requirements and Future Work on the APKI
Intel s View of Business Requirements and Future Work on the APKI April, 1998 May 6, 1998 Table of Contents 1 BUSINESS REQUIREMENTS...1 1.0 INTRODUCTION...1 1.1 TAXONOMY OF BUSINESS REQUIREMENTS...1 2
More informationIncident Response. Figure 10-1: Incident Response. Figure 10-2: Program and Data Backup. Figure 10-1: Incident Response. Figure 10-2: Program and Data
Figure 10-1: Incident Response Incident Response Chapter 10 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Incidents Happen Protections sometimes break down Incident Severity
More informationComputer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers
Computer Information Systems (CIS) CIS 101 Introduction to Computers This course provides an overview of the computing field and its typical applications. Key terminology and components of computer hardware,
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 22301 Lead Implementer www.pecb.com The objective of the Certified ISO 22301 Lead Implementer examination is to ensure that the candidate
More informationImplementing ITIL v3 Service Lifecycle
Implementing ITIL v3 Lifecycle WHITE PAPER introduction GSS INFOTECH IT services have become an integral means for conducting business for all sizes of businesses, private and public organizations, educational
More informationFinancial CISM. Certified Information Security Manager (CISM) Download Full Version :
Financial CISM Certified Information Security Manager (CISM) Download Full Version : http://killexams.com/pass4sure/exam-detail/cism required based on preliminary forensic investigation, but doing so as
More informationManaging Your Record Retention Policy Safely
Managing Your Record Retention Policy Safely Client and counsel have a duty to preserve materials with potential evidentiary value. The preceding discussion told us about the duties of lawyers and clients
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationUnit code: D/601/1939 QCF Level 5: BTEC Higher National Credit value: 15
Unit 49: Digital Forensics Unit code: D/601/1939 QCF Level 5: BTEC Higher National Credit value: 15 Aim To provide learners with an understanding of the principles of digital forensics and the impact on
More informationSecure Design Guidelines. John Slankas CSC 515
Secure Design Guidelines John Slankas CSC 515 1 2 1. Securing the Weakest Link Attackers are more likely to attack a weak spot in a software system than to penetrate a heavily fortified component. Attackers
More informationDigital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS
Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS Digital Forensics Readiness: PREPARE BEFORE AN INCIDENT HAPPENS 2 Digital Forensics Readiness The idea that all networks can be compromised
More informationFIRE REDUCTION STRATEGY. Fire & Emergency Services Authority GOVERNMENT OF SAMOA April 2017
FIRE REDUCTION STRATEGY Fire & Emergency Services Authority GOVERNMENT OF SAMOA April 2017 FIRE REDUCTION STRATEGY Fire & Emergency Services Authority GOVERNMENT OF SAMOA April 2017 2 1. Introduction The
More informationCleveland State University General Policy for University Information and Technology Resources
Cleveland State University General Policy for University Information and Technology Resources 08/13/2007 1 Introduction As an institution of higher learning, Cleveland State University both uses information
More informationBusiness continuity management and cyber resiliency
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,
More informationControl Systems Cyber Security Awareness
Control Systems Cyber Security Awareness US-CERT Informational Focus Paper July 7, 2005 Produced by: I. Purpose Focus Paper Control Systems Cyber Security Awareness The Department of Homeland Security
More informationBoston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018
Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security BRANDEIS UNIVERSITY PROFESSOR ERICH SCHUMANN MAY 2018 1 Chinese military strategist Sun Tzu: Benchmark If you know your
More informationPCI DSS. Compliance and Validation Guide VERSION PCI DSS. Compliance and Validation Guide
PCI DSS VERSION 1.1 1 PCI DSS Table of contents 1. Understanding the Payment Card Industry Data Security Standard... 3 1.1. What is PCI DSS?... 3 2. Merchant Levels and Validation Requirements... 3 2.1.
More informationAdvanced Security Tester Course Outline
Advanced Security Tester Course Outline General Description This course provides test engineers with advanced skills in security test analysis, design, and execution. In a hands-on, interactive fashion,
More informationIN THE CONTEXT OF GDPR IMPLEMENTATION
WHEEL FUDO PAM IN THE CONTEXT OF GDPR IMPLEMENTATION Wheel Systems Spółka z ograniczoną odpowiedzialnością Aleje Jerozolimskie 178, 02-486 Warszawa tel. +48 22 100 67 00, fax. +48 22 100 67 01, http://www.wheelsystems.com,
More informationThe power management skills gap
The power management skills gap Do you have the knowledge and expertise to keep energy flowing around your datacentre environment? A recent survey by Freeform Dynamics of 320 senior data centre professionals
More informationISO27001:2013 The New Standard Revised Edition
ECSC UNRESTRICTED ISO27001:2013 The New Standard Revised Edition +44 (0) 1274 736223 consulting@ecsc.co.uk www.ecsc.co.uk A Blue Paper from Page 1 of 14 Version 1_00 Date: 27 January 2014 For more information
More informationCND Exam Blueprint v2.0
EC-Council C ND Certified Network Defende r CND Exam Blueprint v2.0 CND Exam Blueprint v2.0 1 Domains Objectives Weightage Number of Questions 1. Computer Network and Defense Fundamentals Understanding
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More informationIntroduction to Ethical Hacking. Chapter 1
Introduction to Ethical Hacking Chapter 1 Definition of a Penetration Tester Sometimes called ethical hackers though label is less preferred Pen testers are: People who assess security of a target Specially
More informationNew Model for Cyber Crime Investigation Procedure
New Model for Cyber Crime Investigation Procedure * *Dept. of IT & Cyber Police, Youngdong University, Rep. of Korea ydshin@youngdong.ac.kr doi:10.4156/jnit.vol2.issue2.1 Abstract In this paper, we presented
More informationCYBER RESILIENCE & INCIDENT RESPONSE
CYBER RESILIENCE & INCIDENT RESPONSE www.nccgroup.trust Introduction The threat landscape has changed dramatically over the last decade. Once the biggest threats came from opportunist attacks and preventable
More informationSecurity Policies and Procedures Principles and Practices
Security Policies and Procedures Principles and Practices by Sari Stern Greene Chapter 3: Information Security Framework Objectives Plan the protection of the confidentiality, integrity and availability
More informationASSURING BUSINESS CONTINUITY THROUGH CONTROLLED DATA CENTER
ASSURING BUSINESS CONTINUITY THROUGH CONTROLLED DATA CENTER IT Audit, Information Security & Risk Insight Africa 2014 Johnson Falana CISA,MIT,CEH,Cobit5 proverb814@yahoo.com Overview Information technology
More informationIMF IT-Incident Management and IT-Forensics
IMF2007 - IT-Incident Management and IT-Forensics IT Incident Management and Structured Documentation - Company specific adoption Dipl.-Inf. Sandra Frings Fraunhofer IAO Competence Center Software-Management
More informationInternal Audit Report DATA CENTER LOGICAL SECURITY
Internal Audit Report DATA CENTER LOGICAL SECURITY Report No. SC 12 06 June 2012 David Lane Principal IT Auditor Jim Dougherty Principal Auditor Approved Barry Long, Director Internal Audit & Advisory
More informationNEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?
NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? What the new data regulations mean for your business, and how Brennan IT and Microsoft 365 can help. THE REGULATIONS: WHAT YOU NEED TO KNOW Australia:
More informationPart 1: Anatomy of an Insider Threat Attack
Part 1: Anatomy of an Insider Threat Attack Shiri Margel Data Security Research Team Lead Imperva Carrie McDaniel Emerging Products Team Lead Imperva Shiri Margel Data Security Research Team Lead Masters
More informationData Breach Preparedness & Response
Data Breach Preparedness & Response April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH 2015 Armstrong Teasdale 6 Stages of a Data Breach Response Preparation Identification Containment Eradication
More informationData Breach Preparedness & Response. April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH
Data Breach Preparedness & Response April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH 2015 Armstrong Teasdale 6 Stages of a Data Breach Response Preparation Identification Containment Eradication
More informationDefying Logic. Theory, Design, and Implementation of Complex Systems for Testing Application Logic. Rafal Los, Prajakta Jagdale
Defying Logic Theory, Design, and Implementation of Complex Systems for Testing Application Logic Rafal Los, Prajakta Jagdale HP Software & Solutions Background The testing of applications for security
More informationUNCLASSIFIED//FOR OFFICIAL USE ONLY INDUSTRIAL CONTROL SYSTEMS CYBER EMERGENCY RESPONSE TEAM
ADVISORY ICSA-10-019-01 ZIGBEE PSEUDORANDOM NUMBER GENERATOR VULNERABILITY January 19, 2010 OVERVIEW On January 09, 2010, a security researcher published an attack on a ChipCon (CC) implementation of ZigBee
More informationGujarat Forensic Sciences University
Gujarat Forensic Sciences University Knowledge Wisdom Fulfilment Cyber Security Consulting Services Secure Software Engineering Infrastructure Security Digital Forensics SDLC Assurance Review & Threat
More informationHeavy Vehicle Cyber Security Bulletin
Heavy Vehicle Cyber Security Update National Motor Freight Traffic Association, Inc. 1001 North Fairfax Street, Suite 600 Alexandria, VA 22314 (703) 838-1810 Heavy Vehicle Cyber Security Bulletin Bulletin
More informationDIS10.3:CYBER FORENSICS AND INVESTIGATION
DIS10.3:CYBER FORENSICS AND INVESTIGATION ABOUT DIS Why choose Us. Data and internet security council is the worlds top most information security certification body. Our uniquely designed course for information
More informationManagement Frameworks
Chapter I Internal Fujitsu Group Information Security Independent of the chief information officer (CIO), the Fujitsu Group has appointed a chief information security officer (CISO) under the authority
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationISPE Annual Meeting 8 11 November 2015 Philadelphia, PA. Forensic Auditing for Data Integrity. Rebecca A. Brewer Quality Executive Partners
Forensic Auditing for Data Integrity Rebecca A. Brewer Quality Executive Partners Forensic Auditing for Data Integrity Brewer 1 Forensics the science of gathering and analyzing evidence to establish facts
More informationInformation Technology Engineers Examination. Database Specialist Examination. (Level 4) Syllabus. Details of Knowledge and Skills Required for
Information Technology Engineers Examination Database Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination Version 3.1
More informationA Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016
A Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016 Panelists Beverly J. Jones, Esq. Senior Vice President and Chief Legal Officer ASPCA Christin S. McMeley, CIPP-US
More informationUnderstanding Computer Forensics
Understanding Computer Forensics also known as: How to do a computer forensic investigation... and not get burned Nick Klein SANS Canberra Community Night 11 February 2013 The scenario... Your boss tells
More informationCyber Security Ethics at the Boundaries: Systems Maintenance and the Tallinn Manual. Sandra Braman
Cyber Security Ethics at the Boundaries: Systems Maintenance and the Tallinn Manual Sandra Braman The Argument Points of disagreement among the international group of experts responsible for the Tallinn
More informationSIEM Solutions from McAfee
SIEM Solutions from McAfee Monitor. Prioritize. Investigate. Respond. Today s security information and event management (SIEM) solutions need to be able to identify and defend against attacks within an
More informationUNIT Engineering: Applying Information Technology (SCQF level 6)
National Unit Specification: general information CODE F5D4 12 SUMMARY This Unit is a mandatory Unit in the National Qualifications Group Awards (NQGA) in Engineering, but it can also be undertaken as a
More informationDOWNLOAD OR READ : COMPUTER INTRUSION DETECTION AND NETWORK MONITORING A STATISTICAL VIEWPOINT 1ST EDITION PDF EBOOK EPUB MOBI
DOWNLOAD OR READ : COMPUTER INTRUSION DETECTION AND NETWORK MONITORING A STATISTICAL VIEWPOINT 1ST EDITION PDF EBOOK EPUB MOBI Page 1 Page 2 computer intrusion detection and network monitoring a statistical
More informationT11: Incident Response Clinic Kieran Norton, Deloitte & Touche
T11: Incident Response Clinic Kieran Norton, Deloitte & Touche Incident Response Clinic Kieran Norton Senior Manager, Deloitte First Things First Who am I? Who are you? Together we will: Review the current
More informationInformation Systems and Tech (IST)
Information Systems and Tech (IST) 1 Information Systems and Tech (IST) Courses IST 101. Introduction to Information Technology. 4 Introduction to information technology concepts and skills. Survey of
More informationPROFILE: ACCESS DATA
COMPANY PROFILE PROFILE: ACCESS DATA MARCH 2011 AccessData Group provides digital investigations and litigation support software and services for corporations, law firms, law enforcement, government agencies
More informationand the Forensic Science CC Spring 2007 Prof. Nehru
and the Introduction The Internet, (Information superhighway), has opened a medium for people to communicate and to access millions of pieces of information from computers located anywhere on the globe.
More informationTOP TRENDING THE MAGAZINE. Menu. 1 of 6 6/7/16 4:38 PM. Keep it Simple, Legal. A New Role Bridging Business and Legal at Shell
Menu TOP TRENDING 1 2 3 4 5 Keep it Simple, Legal A New Role Bridging Business and Legal at Shell GC Perspectives on Legal Operations LGBT Employee Considerations Outside the United States How to Act when
More informationBIG DATA ANALYTICS IN FORENSIC AUDIT. Presented in Mombasa. Uphold public interest
BIG DATA ANALYTICS IN FORENSIC AUDIT Presented in Mombasa Uphold public interest Nasumba Kwatukha Kizito CPA,CIA,CISA,CISI,CRMA,CISM,CISSP,CFE,IIK Internal Audit, Risk and Compliance Strathmore University
More information