SlideShare a Scribd company logo

Creating cyber forensic readiness in your organisation

Jacqueline Fick
Jacqueline Fick

The document summarizes the presentation "Creating cyber forensic readiness within your organisation" given at the 2nd African Mine Security Summit. The presentation covered defining cyber crime, the current state of cyber crime in South Africa, why organizations are vulnerable, and what cyber forensic readiness planning entails. It discussed why organizations need to be prepared for cyber incidents, how to approach digital evidence, and provided steps to implement cyber forensic readiness plans, including defining scenarios requiring evidence, identifying evidence sources, and training staff on evidence handling procedures.

1 of 21
Download to read offline
Creating cyber forensic readiness within your organisation 2nd African Mine Security Summit Hilton Hotel, Sandton 16 April 2015 Adv Jacqueline Fick Executive: Cell C Forensic Services
2 2ND AFRICAN MINE SECURITY SUMMIT 2015 AGENDA • Cyber crime defined • Current state of cyber crime in South Africa • Why are we vulnerable? • What is cyber forensic readiness planning  Why do organisations need to be ‘cyber incident ready’?  What happens to the potential evidence prior to the decision to undertake an investigation?  Approach to digital evidence  Business approach  Managing the risks: Why digital evidence and related disputes are important  Implementing cyber forensic readiness planning • Closing remarks
3 2ND AFRICAN MINE SECURITY SUMMIT 2015 CYBER CRIME DEFINED • Cyber crime does not have a precise or universal definition and varies between jurisdictions based on the perceptions of those involved: - Norton Symantec: Any crime that is committed using a computer or network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime - Oxford Dictionaries: Crime conducted via the Internet or some other computer network - Wikipedia: Computer crime, or cybercrime, refers to any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target - Electronic Communications and Transactions (ECT) Act, No. 25 of 2002 contains no definition - ECT Amendment Bill: "cyber crime" means any criminal or other offence that is facilitated by or involves the use of electronic communications or information systems, including any device or the Internet or any one or more of them..”
4 2ND AFRICAN MINE SECURITY SUMMIT 2015 CURRENT STATE OF CYBER CRIME IN SOUTH AFRICA
5 2ND AFRICAN MINE SECURITY SUMMIT 2015 CURRENT STATE OF CYBER CRIME IN SOUTH AFRICA • According to Symantec’s 2013 Norton Report, cyber crime in South Africa has collectively cost victims over R3.42 billion rand over the past 12 months. It was also found that South Africa has the third-highest number of cyber crime victims after Russia and China • Areas of concern are mobile data and handling private information online. It has been noted that cyber crime activity has made a large move towards mobile platforms, but security and mobile security "IQ" has been left behind and consumers are more vulnerable in these areas • The US Federal Bureau of Investigations has flagged South Africa as the sixth-most active cyber crime country • Traditionally leaders have pigeonholed cyber security as an IT problem. But that is a risk approach that could leave them open to attack
6 2ND AFRICAN MINE SECURITY SUMMIT 2015 CURRENT STATE OF CYBER CRIME IN SOUTH AFRICA • South Africa is the second most targeted country globally when it comes to phishing attacks (Drew van Vuuren, CEO of information security and privacy practice, 4Di Privaca) • Compare this statement to: - How many law enforcement officials have received basic cyber training? - How many cyber specialists are there in law enforcement? • Honeynet Project - Research shows that the average time spent in a cyber investigation was approximately 34 hours per person to investigate an incident that took an intruder about half an hour to complete. That's about a 60:1 ratio! (http://www.honeynet.org/challenge/results/)
7 2ND AFRICAN MINE SECURITY SUMMIT 2015 WHY ARE WE VULNERABLE? The common top cyber vulnerabilities are: • Inadequate maintenance, monitoring and analysis of security audit logs • Weak application software security • Poor control of administrator privileges • Inadequate account monitoring and control • Inadequate hardware/software configurations • The internal monitoring of suspicious transactions and the general use of internal and 3rd party fraud detection mechanisms are still the most effective means of detecting cyber crime (2012/2013 The South African Cyber Threat Barometer) • This applies to computers and handheld devices The cybercrime world is like an arms race: cybercriminals pursue a course of action until the defenders work out how to combat it, at which point the cybercriminals change tack. (The current state of cybercrime 2014: Global Malware Outlook April 2014)
8 2ND AFRICAN MINE SECURITY SUMMIT 2015 WHAT IS CYBER FORENSIC READINESS PLANNING?
9 2ND AFRICAN MINE SECURITY SUMMIT 2015 CYBER FORENSIC READINESS PLANNING • Cyber forensic readiness is the organisations’ potential to maximise the use of digital evidence to aid in an investigation, with the intent of: • Reducing the time taken to respond to an incident. • Maximising the ability to collect credible and meaningful evidence. • Minimising the length/cost of a cyber incident investigation. • Reducing the incident recovery time. • Preventing further losses. Its not just about IT. Its about HR making sure employees understand the security policies, and recruiting people with the specialist skills to protect the organisation from cyber attacks. Its about legal and compliance making sure laws and regulations are respected. It is about physical security protecting sites and IT equipment. Its about marketing thinking about cyber security when they launch new products. If organisations don’t look at cyber security from all angles they are missing a trick.” (William Beer, Director, Cyber Security Services, PwC UK)
10 2ND AFRICAN MINE SECURITY SUMMIT 2015 • A reactive or tactical approach to Information Security may introduce significant costs and opportunity loss
11 2ND AFRICAN MINE SECURITY SUMMIT 2015 WHY DO ORGANISATIONS NEED TO BE ‘CYBER INCIDENT READY’? • Digital forensic investigations (DFIs) are commonly employed as a post- event response to a serious information security or criminal incident. • The examination is conducted in a systematic, formalised and legal manner to ensure the admissibility of the evidence and subject to considerable scrutiny of both the integrity of the evidence and that of the investigation process. • There is a broad organisational role in the forensic readiness process. This role can be equated to a business continuity process.
12 2ND AFRICAN MINE SECURITY SUMMIT 2015 WHAT HAPPENS TO THE POTENTIAL EVIDENCE PRIOR TO THE DECISION TO UNDERTAKE AN INVESTIGATION? • The scenario of a DFI tends to ignore what happens to potential evidence prior to the decision to undertake an investigation. • The necessary evidence either exists, and hopefully is found by the DFI, or it does not exist and a suspect cannot be charged and prosecuted. • When a digital incident occurs there are generally three courses of action that can be taken, generally dependant on the type of organisation within which the incident occurs, or which is responding the event:
13 2ND AFRICAN MINE SECURITY SUMMIT 2015 APPROACH TO DIGITAL EVIDENCE Law Enforcement • Secure the crime scene, identify evidentiary sources and dispatch to a specialist laboratory for analysis. Military Infrastructure • Primary goal is one of risk identification and elimination, followed by recovery and possible offensive measures. Commercial Organisations • Where financial impact is caused by an incident, and revenue earning potential is adversely affected, root cause analysis and system remediation is of primary concern, with in-depth analysis of the how and why left until systems have been restored.
14 2ND AFRICAN MINE SECURITY SUMMIT 2015 BUSINESS APPROACH • The business environment lends itself to an approach similar to that of the military, namely to be able to identify the incident, patch the necessary system(s) and continue earning revenue. • In the generic (law enforcement) investigative model, there is little leeway for a business’s incident responders to satisfy the need to return the systems to operational status as quickly as possible whilst preserving the necessary evidence and being able to mount a successful prosecution. • These two goals can be mutually exclusive as a thorough investigation needs time and during this time the business will lose revenue by not having its system(s) live • Being prepared to gather and use evidence can also act as a deterrent. Staff will know what the organisation’s attitude is toward the policing of corporate systems – how incidents are dealt with and how the organisation deals with offenders. • This also highlights the need for internal policies and procedures that are communicated via effective awareness and training programmes throughout the organisation.
15 2ND AFRICAN MINE SECURITY SUMMIT 2015 BUSINESS APPROACH • Staff need to know:  Who the perpetrator could be and what to look out for?  What can be done?  Who to call? • For most organisations the foremost objective is not to secure evidence. It is more important to find the offender, locate the intruder, and more importantly secure the infrastructure by minimising, or if possible, eliminating vulnerabilities. • To ensure that the organisation maintains a pro-active approach it is of great value to conduct simulated cyber incident exercises. This would also facilitate a process of continuous learning and awareness.
16 2ND AFRICAN MINE SECURITY SUMMIT 2015 MANAGING THE RISKS: WHY DIGITAL EVIDENCE AND RELATED DISPUTES ARE IMPORTANT Recourse to litigation is generally a last resort for most organisations, but digital evidence could help manage the impact of some important business risks: Lend support to internal disciplinary actions Support a legal defence Support good IT governance practices and reporting Show that due care (or due diligence) was taken in a particular process Support a claim to intellectual property rights Verify the terms of a commercial transaction
17 2ND AFRICAN MINE SECURITY SUMMIT 2015
18 2ND AFRICAN MINE SECURITY SUMMIT 2015 IMPLEMENTING CYBER FORENSIC READINESS PLANNING Define the business scenarios that will require digital evidence. When it will be appropriate to gather evidence and when is it not? Identify sources of evidence and what type of evidence it is, and ensure that you have the resources available to look for it. Establish a clear view of what circumstances need to be in place to trigger a full investigation. Provide training for key staff to ensure that evidence handling procedures are adhered to. Provide guidance in the preparation of an example that everyone can run through in advance. Ensure that all parties, including legal, are confident that the correct processes are in place. Develop policies and procedures to ensure compliance. Create learning organisations. Assess the adequacy of the investigation and the utility of the evidence gathered to support it. Incorporate in cross-departmental training initiatives to create and maintain staff awareness across the organisation.
19 2ND AFRICAN MINE SECURITY SUMMIT 2015 CLOSING REMARKS
20 2ND AFRICAN MINE SECURITY SUMMIT 2015 CLOSING REMARKS • Being ready for a forensic investigation should form part of any information security strategy. • It is also closely related to incident response and business continuity, ensuring that evidence found in an investigation is preserved and the continuity of evidence is maintained. • Get in the experts: take a detailed look at the organisation's readiness to undertake or support a digital forensics investigation, be this as part of an internal investigation, criminal investigation or as the result of a compliance requirement. • Cyber forensic readiness plans should take cognisance of people, processes, technology and governance aspects.
21 2ND AFRICAN MINE SECURITY SUMMIT 2015 Thank you!

Recommended

Cyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fickCyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fickJacqueline Fick
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-securityStephen Cobb
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataAccellis Technology Group
 
Cyber Security and the National Central Banks
Cyber Security and the National Central BanksCyber Security and the National Central Banks
Cyber Security and the National Central BanksCommunity Protection Forum
 
Cyber Risks
Cyber RisksCyber Risks
Cyber RisksRickWaldman
 
Learn More About Cyber Crime Investigation
Learn More About Cyber Crime Investigation Learn More About Cyber Crime Investigation
Learn More About Cyber Crime Investigation Skills Academy
 
Understanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisationUnderstanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisationJacqueline Fick
 
2015 Cybercrime Trends – Things are Going to Get Interesting
2015 Cybercrime Trends – Things are Going to Get Interesting2015 Cybercrime Trends – Things are Going to Get Interesting
2015 Cybercrime Trends – Things are Going to Get InterestingIBM Security
 

Recommended

Cyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fickCyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fickJacqueline Fick
 
2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-security2015: The year-ahead-in-cyber-security
2015: The year-ahead-in-cyber-securityStephen Cobb
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataAccellis Technology Group
 
Cyber Security and the National Central Banks
Cyber Security and the National Central BanksCyber Security and the National Central Banks
Cyber Security and the National Central BanksCommunity Protection Forum
 
Cyber Risks
Cyber RisksCyber Risks
Cyber RisksRickWaldman
 
Learn More About Cyber Crime Investigation
Learn More About Cyber Crime Investigation Learn More About Cyber Crime Investigation
Learn More About Cyber Crime Investigation Skills Academy
 
Understanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisationUnderstanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisationJacqueline Fick
 
2015 Cybercrime Trends – Things are Going to Get Interesting
2015 Cybercrime Trends – Things are Going to Get Interesting2015 Cybercrime Trends – Things are Going to Get Interesting
2015 Cybercrime Trends – Things are Going to Get InterestingIBM Security
 
Cybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global ThreatCybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global ThreatNTT Innovation Institute Inc.
 
Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeMurray Security Services
 
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and AfraidAECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and AfraidPhil Agcaoili
 
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiAddressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiKnowledge Group
 
presentation on cyber crime and security
presentation on cyber crime and securitypresentation on cyber crime and security
presentation on cyber crime and securityAlisha Korpal
 
Cyber Security and Healthcare
Cyber Security and HealthcareCyber Security and Healthcare
Cyber Security and HealthcareJonathon Coulter
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.Chinatu Uzuegbu
 
Practical approach to combating cyber crimes
Practical approach to combating cyber crimesPractical approach to combating cyber crimes
Practical approach to combating cyber crimesChinatu Uzuegbu
 
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...Netpluz Asia Pte Ltd
 
Cyber crime-A burning issue of today's world
Cyber crime-A burning issue of today's worldCyber crime-A burning issue of today's world
Cyber crime-A burning issue of today's worldSOURAV CHANDRA
 
Webinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWebinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWPICPE
 
Cyber Security India & Cyber Crime
Cyber Security India & Cyber CrimeCyber Security India & Cyber Crime
Cyber Security India & Cyber CrimeDeepak Kumar (D3)
 
What is Importance of Cyber Security
What is Importance of Cyber Security What is Importance of Cyber Security
What is Importance of Cyber Security Wee Tang
 
The importance of understanding the global cybersecurity index
The importance of understanding the global cybersecurity indexThe importance of understanding the global cybersecurity index
The importance of understanding the global cybersecurity indexShivamSharma909
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorismAccenture
 
Cybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesCybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesTam Nguyen
 
Information security
Information securityInformation security
Information securityVijayananda Mohire
 
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2Damir Delija
 
Hacking
Hacking Hacking
Hacking thajmohammed
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
Social and Cyber Presence for Educators
Social and Cyber Presence for EducatorsSocial and Cyber Presence for Educators
Social and Cyber Presence for Educatorsjpmader
 

More Related Content

What's hot

Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeMurray Security Services
 
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and AfraidAECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and AfraidPhil Agcaoili
 
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiAddressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiKnowledge Group
 
presentation on cyber crime and security
presentation on cyber crime and securitypresentation on cyber crime and security
presentation on cyber crime and securityAlisha Korpal
 
Cyber Security and Healthcare
Cyber Security and HealthcareCyber Security and Healthcare
Cyber Security and HealthcareJonathon Coulter
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.Chinatu Uzuegbu
 
Practical approach to combating cyber crimes
Practical approach to combating cyber crimesPractical approach to combating cyber crimes
Practical approach to combating cyber crimesChinatu Uzuegbu
 
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...Netpluz Asia Pte Ltd
 
Cyber crime-A burning issue of today's world
Cyber crime-A burning issue of today's worldCyber crime-A burning issue of today's world
Cyber crime-A burning issue of today's worldSOURAV CHANDRA
 
Webinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWebinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWPICPE
 
Cyber Security India & Cyber Crime
Cyber Security India & Cyber CrimeCyber Security India & Cyber Crime
Cyber Security India & Cyber CrimeDeepak Kumar (D3)
 
What is Importance of Cyber Security
What is Importance of Cyber Security What is Importance of Cyber Security
What is Importance of Cyber Security Wee Tang
 
The importance of understanding the global cybersecurity index
The importance of understanding the global cybersecurity indexThe importance of understanding the global cybersecurity index
The importance of understanding the global cybersecurity indexShivamSharma909
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorismAccenture
 
Cybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesCybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesTam Nguyen
 
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2Damir Delija
 

What's hot (20)

Cybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global ThreatCybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global Threat
 
Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber Crime
 
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and AfraidAECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
 
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiAddressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
 
presentation on cyber crime and security
presentation on cyber crime and securitypresentation on cyber crime and security
presentation on cyber crime and security
 
Cyber Security and Healthcare
Cyber Security and HealthcareCyber Security and Healthcare
Cyber Security and Healthcare
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.
 
Practical approach to combating cyber crimes
Practical approach to combating cyber crimesPractical approach to combating cyber crimes
Practical approach to combating cyber crimes
 
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...
 
Cyber crime-A burning issue of today's world
Cyber crime-A burning issue of today's worldCyber crime-A burning issue of today's world
Cyber crime-A burning issue of today's world
 
Webinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWebinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity Risk
 
Cyber Security India & Cyber Crime
Cyber Security India & Cyber CrimeCyber Security India & Cyber Crime
Cyber Security India & Cyber Crime
 
What is Importance of Cyber Security
What is Importance of Cyber Security What is Importance of Cyber Security
What is Importance of Cyber Security
 
The importance of understanding the global cybersecurity index
The importance of understanding the global cybersecurity indexThe importance of understanding the global cybersecurity index
The importance of understanding the global cybersecurity index
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorism
 
Cybersecurity Issues and Challenges
Cybersecurity Issues and ChallengesCybersecurity Issues and Challenges
Cybersecurity Issues and Challenges
 
Information security
Information securityInformation security
Information security
 
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2
 
Hacking
Hacking Hacking
Hacking
 

Viewers also liked

Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
Social and Cyber Presence for Educators
Social and Cyber Presence for EducatorsSocial and Cyber Presence for Educators
Social and Cyber Presence for Educatorsjpmader
 
V mware operational readiness for cloud computing service
V mware operational readiness for cloud computing serviceV mware operational readiness for cloud computing service
V mware operational readiness for cloud computing servicesolarisyougood
 
Introduction to using technology in learning and teaching
Introduction to using technology in learning and teachingIntroduction to using technology in learning and teaching
Introduction to using technology in learning and teachingLaura Hollinshead
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic toolsSonu Sunaliya
 
Simple Web Design Case Study (Website Design Process Walkthrough)
Simple Web Design Case Study (Website Design Process Walkthrough)Simple Web Design Case Study (Website Design Process Walkthrough)
Simple Web Design Case Study (Website Design Process Walkthrough)Followbright
 
2.4 use of ict in teaching and learning
2.4 use of ict in teaching and learning2.4 use of ict in teaching and learning
2.4 use of ict in teaching and learningMomina Mateen
 
Knowledge Repository and Knowledge Management
Knowledge Repository and Knowledge ManagementKnowledge Repository and Knowledge Management
Knowledge Repository and Knowledge Managementsoniya302
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating proceduresSoumen Debgupta
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - NotesKranthi
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
NIST Cloud Computing Reference Architecture
NIST Cloud Computing Reference ArchitectureNIST Cloud Computing Reference Architecture
NIST Cloud Computing Reference ArchitectureThanakrit Lersmethasakul
 

Viewers also liked (16)

Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
 
Social and Cyber Presence for Educators
Social and Cyber Presence for EducatorsSocial and Cyber Presence for Educators
Social and Cyber Presence for Educators
 
Basic concepts of IPR
Basic concepts of IPRBasic concepts of IPR
Basic concepts of IPR
 
V mware operational readiness for cloud computing service
V mware operational readiness for cloud computing serviceV mware operational readiness for cloud computing service
V mware operational readiness for cloud computing service
 
Introduction to using technology in learning and teaching
Introduction to using technology in learning and teachingIntroduction to using technology in learning and teaching
Introduction to using technology in learning and teaching
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
 
Simple Web Design Case Study (Website Design Process Walkthrough)
Simple Web Design Case Study (Website Design Process Walkthrough)Simple Web Design Case Study (Website Design Process Walkthrough)
Simple Web Design Case Study (Website Design Process Walkthrough)
 
2.4 use of ict in teaching and learning
2.4 use of ict in teaching and learning2.4 use of ict in teaching and learning
2.4 use of ict in teaching and learning
 
Knowledge Repository and Knowledge Management
Knowledge Repository and Knowledge ManagementKnowledge Repository and Knowledge Management
Knowledge Repository and Knowledge Management
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating procedures
 
Cyber crime and forensic
Cyber crime and forensicCyber crime and forensic
Cyber crime and forensic
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes
 
NIST Cloud Computing Reference Architecture
NIST Cloud Computing Reference ArchitectureNIST Cloud Computing Reference Architecture
NIST Cloud Computing Reference Architecture
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
 

Similar to Creating cyber forensic readiness in your organisation

Women in law enforcement 2014
Women in law enforcement 2014Women in law enforcement 2014
Women in law enforcement 2014Jacqueline Fick
 
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...Lucien Pierce
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyShiva Bissessar
 
Infocom security 2016 - Cromar Presentation
Infocom security 2016 - Cromar PresentationInfocom security 2016 - Cromar Presentation
Infocom security 2016 - Cromar PresentationEthos Media S.A.
 
Ict forensics and audit bb
Ict forensics and audit bbIct forensics and audit bb
Ict forensics and audit bbmarukanda
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to knowNathan Desfontaines
 
Ey Asia-Pacific Cyber Case Competition 2019
Ey Asia-Pacific Cyber Case Competition 2019Ey Asia-Pacific Cyber Case Competition 2019
Ey Asia-Pacific Cyber Case Competition 2019Pinzhang Chen 陈品璋
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Benjamin Ang
 
Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Cyril Soeri
 
Future Watch: Cybersecurity market in South Africa
Future Watch: Cybersecurity market in South Africa Future Watch: Cybersecurity market in South Africa
Future Watch: Cybersecurity market in South Africa Team Finland Future Watch
 
Cybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security ControlsCybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security ControlsKristian Alisasis Pura
 
Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19
Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19
Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19Citrin Cooperman
 
Cybersecurity Hub & Operations - Dr. Kiru Pillay
Cybersecurity Hub & Operations - Dr. Kiru PillayCybersecurity Hub & Operations - Dr. Kiru Pillay
Cybersecurity Hub & Operations - Dr. Kiru PillaydotZADNA
 
National policy and strategy
National policy and strategyNational policy and strategy
National policy and strategyBright Boateng
 
Netwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital worldNetwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital worldnetwealthInvest
 
2016 trustwave global security report
2016 trustwave global security report2016 trustwave global security report
2016 trustwave global security reportMarco Antonio Agnese
 

Similar to Creating cyber forensic readiness in your organisation (20)

Women in law enforcement 2014
Women in law enforcement 2014Women in law enforcement 2014
Women in law enforcement 2014
 
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean Cybersecuirty
 
Infocom security 2016 - Cromar Presentation
Infocom security 2016 - Cromar PresentationInfocom security 2016 - Cromar Presentation
Infocom security 2016 - Cromar Presentation
 
Ict forensics and audit bb
Ict forensics and audit bbIct forensics and audit bb
Ict forensics and audit bb
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to know
 
Ey Asia-Pacific Cyber Case Competition 2019
Ey Asia-Pacific Cyber Case Competition 2019Ey Asia-Pacific Cyber Case Competition 2019
Ey Asia-Pacific Cyber Case Competition 2019
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)
 
Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.
 
Future Watch: Cybersecurity market in South Africa
Future Watch: Cybersecurity market in South Africa Future Watch: Cybersecurity market in South Africa
Future Watch: Cybersecurity market in South Africa
 
Cybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security ControlsCybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security Controls
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Cyber of things 2.0
Cyber of things 2.0Cyber of things 2.0
Cyber of things 2.0
 
Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19
Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19
Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19
 
Cybersecurity Hub & Operations - Dr. Kiru Pillay
Cybersecurity Hub & Operations - Dr. Kiru PillayCybersecurity Hub & Operations - Dr. Kiru Pillay
Cybersecurity Hub & Operations - Dr. Kiru Pillay
 
National policy and strategy
National policy and strategyNational policy and strategy
National policy and strategy
 
Netwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital worldNetwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital world
 
2016 trustwave global security report
2016 trustwave global security report2016 trustwave global security report
2016 trustwave global security report
 
Cyber Risk in the Energy Industry
Cyber Risk in the Energy IndustryCyber Risk in the Energy Industry
Cyber Risk in the Energy Industry
 

More from Jacqueline Fick

Expanding your horizons how traditional crime can turn hi tech adv j fick
Expanding your horizons how traditional crime can turn hi tech adv j fickExpanding your horizons how traditional crime can turn hi tech adv j fick
Expanding your horizons how traditional crime can turn hi tech adv j fickJacqueline Fick
 
A day in the life of a cyber syndicate
A day in the life of a cyber syndicateA day in the life of a cyber syndicate
A day in the life of a cyber syndicateJacqueline Fick
 
Cataleya-Security-Feature_SAWC_April2016page-20-23
Cataleya-Security-Feature_SAWC_April2016page-20-23Cataleya-Security-Feature_SAWC_April2016page-20-23
Cataleya-Security-Feature_SAWC_April2016page-20-23Jacqueline Fick
 
Integrating the prevention of cyber crime into the overall anti-crime strateg...
Integrating the prevention of cyber crime into the overall anti-crime strateg...Integrating the prevention of cyber crime into the overall anti-crime strateg...
Integrating the prevention of cyber crime into the overall anti-crime strateg...Jacqueline Fick
 
International trends in mobile law
International trends in mobile lawInternational trends in mobile law
International trends in mobile lawJacqueline Fick
 
A kings' ransom iod directorship jan2010
A kings' ransom iod directorship jan2010A kings' ransom iod directorship jan2010
A kings' ransom iod directorship jan2010Jacqueline Fick
 
Cyber training 23 5 2012
Cyber training 23 5 2012Cyber training 23 5 2012
Cyber training 23 5 2012Jacqueline Fick
 
Cybercrime in government
Cybercrime in governmentCybercrime in government
Cybercrime in governmentJacqueline Fick
 
Mr SIM Swap Gone Phishing
Mr SIM Swap Gone PhishingMr SIM Swap Gone Phishing
Mr SIM Swap Gone PhishingJacqueline Fick
 

More from Jacqueline Fick (10)

Expanding your horizons how traditional crime can turn hi tech adv j fick
Expanding your horizons how traditional crime can turn hi tech adv j fickExpanding your horizons how traditional crime can turn hi tech adv j fick
Expanding your horizons how traditional crime can turn hi tech adv j fick
 
A day in the life of a cyber syndicate
A day in the life of a cyber syndicateA day in the life of a cyber syndicate
A day in the life of a cyber syndicate
 
Cataleya-Security-Feature_SAWC_April2016page-20-23
Cataleya-Security-Feature_SAWC_April2016page-20-23Cataleya-Security-Feature_SAWC_April2016page-20-23
Cataleya-Security-Feature_SAWC_April2016page-20-23
 
Integrating the prevention of cyber crime into the overall anti-crime strateg...
Integrating the prevention of cyber crime into the overall anti-crime strateg...Integrating the prevention of cyber crime into the overall anti-crime strateg...
Integrating the prevention of cyber crime into the overall anti-crime strateg...
 
International trends in mobile law
International trends in mobile lawInternational trends in mobile law
International trends in mobile law
 
A kings' ransom iod directorship jan2010
A kings' ransom iod directorship jan2010A kings' ransom iod directorship jan2010
A kings' ransom iod directorship jan2010
 
Cyber training 23 5 2012
Cyber training 23 5 2012Cyber training 23 5 2012
Cyber training 23 5 2012
 
Cyber crime 101
Cyber crime 101Cyber crime 101
Cyber crime 101
 
Cybercrime in government
Cybercrime in governmentCybercrime in government
Cybercrime in government
 
Mr SIM Swap Gone Phishing
Mr SIM Swap Gone PhishingMr SIM Swap Gone Phishing
Mr SIM Swap Gone Phishing
 

Creating cyber forensic readiness in your organisation

  • 1. Creating cyber forensic readiness within your organisation 2nd African Mine Security Summit Hilton Hotel, Sandton 16 April 2015 Adv Jacqueline Fick Executive: Cell C Forensic Services
  • 2. 2 2ND AFRICAN MINE SECURITY SUMMIT 2015 AGENDA • Cyber crime defined • Current state of cyber crime in South Africa • Why are we vulnerable? • What is cyber forensic readiness planning  Why do organisations need to be ‘cyber incident ready’?  What happens to the potential evidence prior to the decision to undertake an investigation?  Approach to digital evidence  Business approach  Managing the risks: Why digital evidence and related disputes are important  Implementing cyber forensic readiness planning • Closing remarks
  • 3. 3 2ND AFRICAN MINE SECURITY SUMMIT 2015 CYBER CRIME DEFINED • Cyber crime does not have a precise or universal definition and varies between jurisdictions based on the perceptions of those involved: - Norton Symantec: Any crime that is committed using a computer or network, or hardware device. The computer or device may be the agent of the crime, the facilitator of the crime, or the target of the crime - Oxford Dictionaries: Crime conducted via the Internet or some other computer network - Wikipedia: Computer crime, or cybercrime, refers to any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target - Electronic Communications and Transactions (ECT) Act, No. 25 of 2002 contains no definition - ECT Amendment Bill: "cyber crime" means any criminal or other offence that is facilitated by or involves the use of electronic communications or information systems, including any device or the Internet or any one or more of them..”
  • 4. 4 2ND AFRICAN MINE SECURITY SUMMIT 2015 CURRENT STATE OF CYBER CRIME IN SOUTH AFRICA
  • 5. 5 2ND AFRICAN MINE SECURITY SUMMIT 2015 CURRENT STATE OF CYBER CRIME IN SOUTH AFRICA • According to Symantec’s 2013 Norton Report, cyber crime in South Africa has collectively cost victims over R3.42 billion rand over the past 12 months. It was also found that South Africa has the third-highest number of cyber crime victims after Russia and China • Areas of concern are mobile data and handling private information online. It has been noted that cyber crime activity has made a large move towards mobile platforms, but security and mobile security "IQ" has been left behind and consumers are more vulnerable in these areas • The US Federal Bureau of Investigations has flagged South Africa as the sixth-most active cyber crime country • Traditionally leaders have pigeonholed cyber security as an IT problem. But that is a risk approach that could leave them open to attack
  • 6. 6 2ND AFRICAN MINE SECURITY SUMMIT 2015 CURRENT STATE OF CYBER CRIME IN SOUTH AFRICA • South Africa is the second most targeted country globally when it comes to phishing attacks (Drew van Vuuren, CEO of information security and privacy practice, 4Di Privaca) • Compare this statement to: - How many law enforcement officials have received basic cyber training? - How many cyber specialists are there in law enforcement? • Honeynet Project - Research shows that the average time spent in a cyber investigation was approximately 34 hours per person to investigate an incident that took an intruder about half an hour to complete. That's about a 60:1 ratio! (http://www.honeynet.org/challenge/results/)
  • 7. 7 2ND AFRICAN MINE SECURITY SUMMIT 2015 WHY ARE WE VULNERABLE? The common top cyber vulnerabilities are: • Inadequate maintenance, monitoring and analysis of security audit logs • Weak application software security • Poor control of administrator privileges • Inadequate account monitoring and control • Inadequate hardware/software configurations • The internal monitoring of suspicious transactions and the general use of internal and 3rd party fraud detection mechanisms are still the most effective means of detecting cyber crime (2012/2013 The South African Cyber Threat Barometer) • This applies to computers and handheld devices The cybercrime world is like an arms race: cybercriminals pursue a course of action until the defenders work out how to combat it, at which point the cybercriminals change tack. (The current state of cybercrime 2014: Global Malware Outlook April 2014)
  • 8. 8 2ND AFRICAN MINE SECURITY SUMMIT 2015 WHAT IS CYBER FORENSIC READINESS PLANNING?
  • 9. 9 2ND AFRICAN MINE SECURITY SUMMIT 2015 CYBER FORENSIC READINESS PLANNING • Cyber forensic readiness is the organisations’ potential to maximise the use of digital evidence to aid in an investigation, with the intent of: • Reducing the time taken to respond to an incident. • Maximising the ability to collect credible and meaningful evidence. • Minimising the length/cost of a cyber incident investigation. • Reducing the incident recovery time. • Preventing further losses. Its not just about IT. Its about HR making sure employees understand the security policies, and recruiting people with the specialist skills to protect the organisation from cyber attacks. Its about legal and compliance making sure laws and regulations are respected. It is about physical security protecting sites and IT equipment. Its about marketing thinking about cyber security when they launch new products. If organisations don’t look at cyber security from all angles they are missing a trick.” (William Beer, Director, Cyber Security Services, PwC UK)
  • 10. 10 2ND AFRICAN MINE SECURITY SUMMIT 2015 • A reactive or tactical approach to Information Security may introduce significant costs and opportunity loss
  • 11. 11 2ND AFRICAN MINE SECURITY SUMMIT 2015 WHY DO ORGANISATIONS NEED TO BE ‘CYBER INCIDENT READY’? • Digital forensic investigations (DFIs) are commonly employed as a post- event response to a serious information security or criminal incident. • The examination is conducted in a systematic, formalised and legal manner to ensure the admissibility of the evidence and subject to considerable scrutiny of both the integrity of the evidence and that of the investigation process. • There is a broad organisational role in the forensic readiness process. This role can be equated to a business continuity process.
  • 12. 12 2ND AFRICAN MINE SECURITY SUMMIT 2015 WHAT HAPPENS TO THE POTENTIAL EVIDENCE PRIOR TO THE DECISION TO UNDERTAKE AN INVESTIGATION? • The scenario of a DFI tends to ignore what happens to potential evidence prior to the decision to undertake an investigation. • The necessary evidence either exists, and hopefully is found by the DFI, or it does not exist and a suspect cannot be charged and prosecuted. • When a digital incident occurs there are generally three courses of action that can be taken, generally dependant on the type of organisation within which the incident occurs, or which is responding the event:
  • 13. 13 2ND AFRICAN MINE SECURITY SUMMIT 2015 APPROACH TO DIGITAL EVIDENCE Law Enforcement • Secure the crime scene, identify evidentiary sources and dispatch to a specialist laboratory for analysis. Military Infrastructure • Primary goal is one of risk identification and elimination, followed by recovery and possible offensive measures. Commercial Organisations • Where financial impact is caused by an incident, and revenue earning potential is adversely affected, root cause analysis and system remediation is of primary concern, with in-depth analysis of the how and why left until systems have been restored.
  • 14. 14 2ND AFRICAN MINE SECURITY SUMMIT 2015 BUSINESS APPROACH • The business environment lends itself to an approach similar to that of the military, namely to be able to identify the incident, patch the necessary system(s) and continue earning revenue. • In the generic (law enforcement) investigative model, there is little leeway for a business’s incident responders to satisfy the need to return the systems to operational status as quickly as possible whilst preserving the necessary evidence and being able to mount a successful prosecution. • These two goals can be mutually exclusive as a thorough investigation needs time and during this time the business will lose revenue by not having its system(s) live • Being prepared to gather and use evidence can also act as a deterrent. Staff will know what the organisation’s attitude is toward the policing of corporate systems – how incidents are dealt with and how the organisation deals with offenders. • This also highlights the need for internal policies and procedures that are communicated via effective awareness and training programmes throughout the organisation.
  • 15. 15 2ND AFRICAN MINE SECURITY SUMMIT 2015 BUSINESS APPROACH • Staff need to know:  Who the perpetrator could be and what to look out for?  What can be done?  Who to call? • For most organisations the foremost objective is not to secure evidence. It is more important to find the offender, locate the intruder, and more importantly secure the infrastructure by minimising, or if possible, eliminating vulnerabilities. • To ensure that the organisation maintains a pro-active approach it is of great value to conduct simulated cyber incident exercises. This would also facilitate a process of continuous learning and awareness.
  • 16. 16 2ND AFRICAN MINE SECURITY SUMMIT 2015 MANAGING THE RISKS: WHY DIGITAL EVIDENCE AND RELATED DISPUTES ARE IMPORTANT Recourse to litigation is generally a last resort for most organisations, but digital evidence could help manage the impact of some important business risks: Lend support to internal disciplinary actions Support a legal defence Support good IT governance practices and reporting Show that due care (or due diligence) was taken in a particular process Support a claim to intellectual property rights Verify the terms of a commercial transaction
  • 17. 17 2ND AFRICAN MINE SECURITY SUMMIT 2015
  • 18. 18 2ND AFRICAN MINE SECURITY SUMMIT 2015 IMPLEMENTING CYBER FORENSIC READINESS PLANNING Define the business scenarios that will require digital evidence. When it will be appropriate to gather evidence and when is it not? Identify sources of evidence and what type of evidence it is, and ensure that you have the resources available to look for it. Establish a clear view of what circumstances need to be in place to trigger a full investigation. Provide training for key staff to ensure that evidence handling procedures are adhered to. Provide guidance in the preparation of an example that everyone can run through in advance. Ensure that all parties, including legal, are confident that the correct processes are in place. Develop policies and procedures to ensure compliance. Create learning organisations. Assess the adequacy of the investigation and the utility of the evidence gathered to support it. Incorporate in cross-departmental training initiatives to create and maintain staff awareness across the organisation.
  • 19. 19 2ND AFRICAN MINE SECURITY SUMMIT 2015 CLOSING REMARKS
  • 20. 20 2ND AFRICAN MINE SECURITY SUMMIT 2015 CLOSING REMARKS • Being ready for a forensic investigation should form part of any information security strategy. • It is also closely related to incident response and business continuity, ensuring that evidence found in an investigation is preserved and the continuity of evidence is maintained. • Get in the experts: take a detailed look at the organisation's readiness to undertake or support a digital forensics investigation, be this as part of an internal investigation, criminal investigation or as the result of a compliance requirement. • Cyber forensic readiness plans should take cognisance of people, processes, technology and governance aspects.
  • 21. 21 2ND AFRICAN MINE SECURITY SUMMIT 2015 Thank you!