This document provides an overview of cyber forensic readiness and its importance for organizations. It defines cyber forensic readiness as an organization's ability to maximize the collection of credible digital evidence to aid investigations in order to reduce response time and costs. It discusses key trends like increased connectivity and data sharing that impact organizations. The document outlines why organizations need to be prepared to respond to cyber incidents, what happens to potential evidence before an investigation, and the risks of not properly managing digital evidence. It provides examples of how unprepared organizations can spend 34 hours investigating what took a hacker 30 minutes. The document closes by listing important questions for organizations to consider regarding their cyber forensic readiness and providing recommendations for developing plans and policies to improve readiness.
Cyber Risk: Exposures, prevention, and solutionsCapri Insurance
Paula Garrecht, Partner and Commercial Insurance Broker at Capri Insurance, explores the emerging risk of cyber attacks and data breaches with specific relation to public entities. In the ever changing landscape of business communications and processes we face ever changing risks as well. Learn how to:
1. Identify cyber exposures
2. Minimize those exposures
3. Find the right insurance policy to fit your unique cyber needs
This slide will cover details of evidence collection in cyber forensic which will be more useful for CSE & IT department students studying in engineering colleges.
Cyber Risk: Exposures, prevention, and solutionsCapri Insurance
Paula Garrecht, Partner and Commercial Insurance Broker at Capri Insurance, explores the emerging risk of cyber attacks and data breaches with specific relation to public entities. In the ever changing landscape of business communications and processes we face ever changing risks as well. Learn how to:
1. Identify cyber exposures
2. Minimize those exposures
3. Find the right insurance policy to fit your unique cyber needs
This slide will cover details of evidence collection in cyber forensic which will be more useful for CSE & IT department students studying in engineering colleges.
HHS Ransomware and Breach Guidance - Brad NighFRSecure
A recent U.S. Government inter-agency report indicates that, on average, there have been 4,000 daily ransomware attacks since early 2016 (a 300% increase over the 1,000 daily ransomware attacks reported in 2015). Ransomware attack prevention from a healthcare perspective is vitally important due to recent changes in HHS guidance. To understand what this means practically, FRSecure offers some valuable resources that discusses what constitutes a ransomware breach, non-compliance consequences and easy steps that can be implemented to reduce organizational risk of a Ransomware breach.
Presentation about insider threat ways of working, their impact on organizations and how technical and human indicators can be monitored to detect and neutralize insider threats. Professionals working in security operations should monitor these indicators to create profile of possible insider going rogue.
Dr. Shawn P. Murray was invited back to the National Security Institute in April 2013 to speak on a familiar topic, but with a new focus. The accidental insider threat is becoming more of a concern for companies today. Dr. Murray is a Cyber Security Professional and has worked in various Information Assurance and Information Technology Security positions for many years.
Georgie Collins and Dan Hedley, Irwin Mitchell LLP presented, "Data breaches and the law, a practical guide" at Flight East 2018. For more information on Black Duck by Synopsys, please visit our website at www.blackducksoftware.com.
Cyber Security presentation given by Luke Schneider, Chief Executive Officer of Medicine Bow Technologies at the 2016 Wyoming Hospital Association Annual Conference
Computer Forensics-An Introduction of New Face to the Digital Worldrahulmonikasharma
Computer forensic is the current emerging and the future of the digital world. Computer forensics is the upcoming technology for the crime scene investigation and for the data assessment data discovery and data maintained and data recovery process. Computer forensics can also be used in the retaining the computer technology without major effect to the physical parts of the computer. As the use of technology is increasing day by day and the use of computers to reduce the human efforts and to maximize the efficiency and outcome and also to increase the accessibility of the resources has led others to the misuse of technology. As the technology is increasing the threat to the cyber security and data is also increasing. To reduce the threat for cyber security and to increase the reliability on data and information throughout the network, computer forensics is used as a tool and method to analyse and to reduce the cyber threat to the data and affiliated system on network.
Cybersecurity 2014: The Impact of Policies and Regulations on Companies by Andrea Almeida from the First Semi-Annual Cyber Security Conference in Plano, Texas held September 26-27, 2014.
How your nonprofit can avoid data breaches and ensure privacyTechSoup Canada
Increasingly, nonprofits hold large quantities of digital assets (such as donor information, grant application details, financial records, etc.). Organizations of all sizes and industries are being targeted by cyber criminals. Cyber-attacks will often devastate an organization’s operations and have significant financial, legal and reputational consequences.
In this webinar, Imran Ahmad of Miller Thomson, LLP will explain how implementing best practices from a pre-breach standpoint can go a long way to mitigate the negative consequences of a cyber-attack.
What you will learn:
- what the cyber threat landscape looks like
- how to ensure privacy of your digital assets
- steps to take in the aftermath of a cyber-attack
A security awareness presentation created for an audience of senior officials from MTNL (India's foremost telecom PSU). The presentation covers fundamentals of Information Security, it's evolution, present day risks from the IT and Telecom infrastructure perspective.
Incident Response Methodology is one of the popular process to investigate the incident which is unlawful, unauthorized or unacceptable action on computer system or computer network.
HHS Ransomware and Breach Guidance - Brad NighFRSecure
A recent U.S. Government inter-agency report indicates that, on average, there have been 4,000 daily ransomware attacks since early 2016 (a 300% increase over the 1,000 daily ransomware attacks reported in 2015). Ransomware attack prevention from a healthcare perspective is vitally important due to recent changes in HHS guidance. To understand what this means practically, FRSecure offers some valuable resources that discusses what constitutes a ransomware breach, non-compliance consequences and easy steps that can be implemented to reduce organizational risk of a Ransomware breach.
Presentation about insider threat ways of working, their impact on organizations and how technical and human indicators can be monitored to detect and neutralize insider threats. Professionals working in security operations should monitor these indicators to create profile of possible insider going rogue.
Dr. Shawn P. Murray was invited back to the National Security Institute in April 2013 to speak on a familiar topic, but with a new focus. The accidental insider threat is becoming more of a concern for companies today. Dr. Murray is a Cyber Security Professional and has worked in various Information Assurance and Information Technology Security positions for many years.
Georgie Collins and Dan Hedley, Irwin Mitchell LLP presented, "Data breaches and the law, a practical guide" at Flight East 2018. For more information on Black Duck by Synopsys, please visit our website at www.blackducksoftware.com.
Cyber Security presentation given by Luke Schneider, Chief Executive Officer of Medicine Bow Technologies at the 2016 Wyoming Hospital Association Annual Conference
Computer Forensics-An Introduction of New Face to the Digital Worldrahulmonikasharma
Computer forensic is the current emerging and the future of the digital world. Computer forensics is the upcoming technology for the crime scene investigation and for the data assessment data discovery and data maintained and data recovery process. Computer forensics can also be used in the retaining the computer technology without major effect to the physical parts of the computer. As the use of technology is increasing day by day and the use of computers to reduce the human efforts and to maximize the efficiency and outcome and also to increase the accessibility of the resources has led others to the misuse of technology. As the technology is increasing the threat to the cyber security and data is also increasing. To reduce the threat for cyber security and to increase the reliability on data and information throughout the network, computer forensics is used as a tool and method to analyse and to reduce the cyber threat to the data and affiliated system on network.
Cybersecurity 2014: The Impact of Policies and Regulations on Companies by Andrea Almeida from the First Semi-Annual Cyber Security Conference in Plano, Texas held September 26-27, 2014.
How your nonprofit can avoid data breaches and ensure privacyTechSoup Canada
Increasingly, nonprofits hold large quantities of digital assets (such as donor information, grant application details, financial records, etc.). Organizations of all sizes and industries are being targeted by cyber criminals. Cyber-attacks will often devastate an organization’s operations and have significant financial, legal and reputational consequences.
In this webinar, Imran Ahmad of Miller Thomson, LLP will explain how implementing best practices from a pre-breach standpoint can go a long way to mitigate the negative consequences of a cyber-attack.
What you will learn:
- what the cyber threat landscape looks like
- how to ensure privacy of your digital assets
- steps to take in the aftermath of a cyber-attack
A security awareness presentation created for an audience of senior officials from MTNL (India's foremost telecom PSU). The presentation covers fundamentals of Information Security, it's evolution, present day risks from the IT and Telecom infrastructure perspective.
Incident Response Methodology is one of the popular process to investigate the incident which is unlawful, unauthorized or unacceptable action on computer system or computer network.
Computer hacking forensic investigation refers to the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks. EC-Council's CHFI v9 program incorporates input from experts and practitioners and has been developed following thorough research into current market requirements, job tasks in security and industry needs.
CHFI v9
- Covers the latest forensics examination techniques, including Linux and MAC Forensics.
- Includes new modules on digital forensics laws and standards
- Added more than 40% new labs on anti-forensics techniques, database, cloud, and malware forensics
Workshop Digital Forensic - Cyber Security CommunityAntonio Andre
Workshop Digital Forensic, yang membahas tentang pengantar terkait apa itu digital forensic, metadata, dan sedikit praktek terkait Imaging menggunakan tools Open Source, Autopsy.
Real time trade surveillance in financial marketsHortonworks
Who’s winning the deep forensic analysis ‘arms race’ for compliance? Real-time trade surveillance in global financial markets has created a data tsunami. With greater volumes of data comes greater compliance risk. CNBC reports U.S. Banks have been fined over $200B since the financial crisis. How are compliance teams fighting back to make more of the data and stay out of regulatory hot water? Rapid response to suspect trades means compliance teams need to access and visualize trade patterns, real time and historic data, to navigate the data in depth and flag possible violations. Join Hortonworks and Arcadia for this live webinar: we’ll cover the use case at a top 50 Global Bank who now has deep forensic analysis of trade activity. The result: interactive, ad hoc data visualization and access across multiple platforms – without limits on historic data – to detect irregularities as they happen. In-depth expert presentations by:
Shailesh Ambike, Executive Co-Chair of Compliance & Legal Section (CLS) Education Sub-Committee of the Investment Industry Regulatory Organization of Canada (IIROC)
Vamsi K Chemitiganti, GM – Financial Services at Hortonworks
Utilizing Internet for Fraud Examination and InvestigationGoutama Bachtiar
1st Session titled Redefining Fraud, Examination, Investigation and Cyber Crime delivered for Indonesia's Risk Management Certification Agency named Badan Sertifikasi Manajemen Resiko (BSMR).
The seminar itself titled 'Preventing Fraud within E-Channels in Banking Sector'.
Securing the organization from cyber crimes cannot be done only by the perimeter defense. One of the most important knowledge is to understand the cyber criminal operations. This presentation explain about 2 common operations those can be found all over the internet and how to defense.
Delivered at Trend Micro's Executive briefing events Sydney and Melbourne 5-6 June 2017 on Australia's new Mandatory Data Breach Notification legislation. YoutubeVideo available at https://youtu.be/j5nmY916H7k
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
Hacking the Human - How Secure Is Your Organization?CBIZ, Inc.
This presentation covers:
Social Engineering
Targets, Costs, Frequency
Real Life Examples
Mitigating Risks
Internal Programs
Data Security & Privacy Liability
Cyber Liability
Cyber Insurance
Financial Impact
Key Coverage Components
Checklist for Assessing your Level of Cyber Risk
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
Information Security
1.Why the need to think about it?
2.What exactly are we talking about?
3.How do we go about doing something about it?
4.Is there a one-size-fits-all framework?
This presentation will have been presenting you about my resume assignment one of book, The Complete Guide to Cybersecurity Risks and Controls. I've tried my best to create this presentation. Thank you
Cyber capability brochureCybersecurity Today A fresh l.docxfaithxdunce63732
Cyber capability brochure
Cybersecurity Today:
A fresh look at a changing
paradigm for government agencies
The cyber domain presents endless opportunities to
Federal agencies looking for new ways to deliver on their
mission and serve citizens, while reducing operational
risk. Government is investing in new and innovative
technologies that will empower our nation to achieve
more. Next-generation identification systems will
reduce terrorist and criminal activities by improving and
expanding biometric identification and criminal history
information services. “Smart” electric grids will make the
country more energy independent and increase the use
of renewable energies. Intelligent travel systems will make
air travel quicker and safer. Electronic medical records are
improving access to health care and reducing costs. These
investments require up-front planning and preemptive
cybersecurity practices to mitigate the inherit risks
associated with the advance persistent threat.
However, operating in the cyber domain is not without
increased risk. Our cybersecurity efforts are matched — if
not outpaced — by the sophistication on the part of
nimble opponents from other nations, cyber terrorists,
cyber criminal syndicates, malicious insiders, cyber
espionage — not to mention the inadvertent breach.
For better or worse, our cybersecurity efforts are
increasingly interconnected with agency mission
and programs, inextricably linking daily decisions on
performance, workforce management, and information
sharing with threat deterrence at every level of the
organization. By adopting a proactive, performance-
focused, and risk-intelligent approach to cyber initiatives,
leaders can help shape their organizations into more
proactive, agile, and resilient organizations to protect their
people, programs, and mission.
Cyber: The new normal
Cyber is not just a new domain, it is the new normal.
Agency leaders have a critical task ahead of them to
take a fresh look at their personnel, policies, processes,
and systems to synchronize their cyber initiatives and
empower collaboration across departments to protect
people, programs, and mission. To strengthen their cyber
efforts, today’s leaders are helping drive coordination
across functions, agencies, and the private sector toward
a shared cyber competence that enables the mission while
assigning accountability. Here are some actions agencies
should consider:
Treat data like a monetary asset. • Understand the
value of all your agency’s assets and protect what
matters most to the mission and preserve the public’s
trust.
Follow the flow of information• inside and outside of
your agency to identify vulnerabilities; strengthen every
link in the chain.
Do more with identity management.• Identity,
Credentialing, and Access Management (ICAM) offers
new opportunities to expand partnerships and add
services quickly and cost-efficiently.
Make cyber a performance goal.• .
GDPR challenges for the healthcare sector and the practical steps to complianceIT Governance Ltd
This webinar covers:
- An overview of the General Data Protection Regulation (GPDR) and the Data Security and Protection (DSP) Toolkit and their impact on the healthcare sector.
-Accountability frameworks that support GDPR compliance, and the role of senior management in ensuring compliance and cyber resilience is a strategic focus.
-Embedding data protection by design and by default, and a holistic approach to achieving a cyber resilient posture.
-The practical steps that healthcare organisations need to take when looking at GDPR compliance.
-The role of a robust staff awareness programme in supporting a culture of cyber resilience and compliance.
A recording of the webinar can be found here: https://www.youtube.com/watch?v=xFEkkkwAdl4
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2TechSoup Canada
Part 1 of this webinar series provided an overview of cybersecurity and explained the cyber risks and legislation affecting nonprofits. In part 2 of the series, Imran Ahmad of Miller Thomson, LLP returns to answer your questions on cybersecurity and to delve deeper into cybersecurity maintenance and best practices to avoid data breaches. This includes the implementation of measures to prevent data breaches in the pre-attack phase, to the implementation of security best practices in the event of a cyber attack or breach.
What you will learn:
· How to develop key cybersecurity-related documents;
· How to maintain an internal matrix of when to notify affected individuals;
· How to review contracts from a cybersecurity compliance perspective.
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...Levi Shapiro
Presentation by Mary Alice Annecharico, former CIO, Henry Ford Health System: Cyber Risk in Healthcare. Some of the issues discussed include Building a Culture of Confidentiality, Executive leadership engagement, Board of Director sponsorship, Institutional Stressors that encircle all cyber-risk issues, the Clinical mission, CMS cuts, Revenue downturns, budget cuts, availability of funding for priorities. Assessing and Managing Cyber-risk, etc.
Today's security and privacy professionals know that breaches are a fact of life. Yet their organizations are often not prepared to respond when the time comes. They're "overweight" on prevention and detection, but "underweight" on response.
Based on a decade-plus caseload of actual breach investigations across of range of different organizations, this webinar will examine an amalgamated, anonymized breach situation and review a play-by-play of how the response went: the good, the bad, and the ugly. Attendees will gain hard-earned, battle-tested insight on what to do, and what to avoid when it's their turn to respond to an incident.
Our featured speakers for this timely webinar will be:
- Don Ulsch, CEO, ZeroPoint Risk. Distinguished Fellow at the Ponemon Institute.
- Joseph DeSalvo, Managing Director, ZeroPoint Risk. Former CSO at Mylan and Iron Mountain.
- Ted Julian, Chief Marketing Officer, Co3 Systems. Serial security and compliance entrepreneur.
Cyber-attacks are an alarming threat to all types of businesses & organizations.The risk of a cyber-attack is not just a risk to your company but also to your privacy.Hence, cybersecurity is crucial for every business. Cybersecurity protects critical data from cyber attackers. This includes sensitive data, governmental and industry information, personal information, personally identifiable information (PII), intellectual property, and protected health information (PHI). If you are looking for tools to fight against cyber threats, then Techwave’s tools & technologies with adequate controls will help your organization stay protected.
Cyber-attacks are an alarming threat to all types of businesses & organizations.The risk of a cyber-attack is not just a risk to your company but also to your privacy.Hence, cybersecurity is crucial for every business. Cybersecurity protects critical data from cyber attackers. This includes sensitive data, governmental and industry information, personal information, personally identifiable information (PII), intellectual property, and protected health information (PHI). If you are looking for tools to fight against cyber threats, then Techwave’s tools & technologies with adequate controls will help your organization stay protected.
How to Obtain Permanent Residency in the NetherlandsBridgeWest.eu
You can rely on our assistance if you are ready to apply for permanent residency. Find out more at: https://immigration-netherlands.com/obtain-a-permanent-residence-permit-in-the-netherlands/.
Car Accident Injury Do I Have a Case....Knowyourright
Every year, thousands of Minnesotans are injured in car accidents. These injuries can be severe – even life-changing. Under Minnesota law, you can pursue compensation through a personal injury lawsuit.
ASHWINI KUMAR UPADHYAY v/s Union of India.pptxshweeta209
transfer of the P.I.L filed by lawyer Ashwini Kumar Upadhyay in Delhi High Court to Supreme Court.
on the issue of UNIFORM MARRIAGE AGE of men and women.
In 2020, the Ministry of Home Affairs established a committee led by Prof. (Dr.) Ranbir Singh, former Vice Chancellor of National Law University (NLU), Delhi. This committee was tasked with reviewing the three codes of criminal law. The primary objective of the committee was to propose comprehensive reforms to the country’s criminal laws in a manner that is both principled and effective.
The committee’s focus was on ensuring the safety and security of individuals, communities, and the nation as a whole. Throughout its deliberations, the committee aimed to uphold constitutional values such as justice, dignity, and the intrinsic value of each individual. Their goal was to recommend amendments to the criminal laws that align with these values and priorities.
Subsequently, in February, the committee successfully submitted its recommendations regarding amendments to the criminal law. These recommendations are intended to serve as a foundation for enhancing the current legal framework, promoting safety and security, and upholding the constitutional principles of justice, dignity, and the inherent worth of every individual.
Introducing New Government Regulation on Toll Road.pdfAHRP Law Firm
For nearly two decades, Government Regulation Number 15 of 2005 on Toll Roads ("GR No. 15/2005") has served as the cornerstone of toll road legislation. However, with the emergence of various new developments and legal requirements, the Government has enacted Government Regulation Number 23 of 2024 on Toll Roads to replace GR No. 15/2005. This new regulation introduces several provisions impacting toll business entities and toll road users. Find out more out insights about this topic in our Legal Brief publication.
Responsibilities of the office bearers while registering multi-state cooperat...Finlaw Consultancy Pvt Ltd
Introduction-
The process of register multi-state cooperative society in India is governed by the Multi-State Co-operative Societies Act, 2002. This process requires the office bearers to undertake several crucial responsibilities to ensure compliance with legal and regulatory frameworks. The key office bearers typically include the President, Secretary, and Treasurer, along with other elected members of the managing committee. Their responsibilities encompass administrative, legal, and financial duties essential for the successful registration and operation of the society.
Military Commissions details LtCol Thomas Jasper as Detailed Defense CounselThomas (Tom) Jasper
Military Commissions Trial Judiciary, Guantanamo Bay, Cuba. Notice of the Chief Defense Counsel's detailing of LtCol Thomas F. Jasper, Jr. USMC, as Detailed Defense Counsel for Abd Al Hadi Al-Iraqi on 6 August 2014 in the case of United States v. Hadi al Iraqi (10026)
NATURE, ORIGIN AND DEVELOPMENT OF INTERNATIONAL LAW.pptxanvithaav
These slides helps the student of international law to understand what is the nature of international law? and how international law was originated and developed?.
The slides was well structured along with the highlighted points for better understanding .
A "File Trademark" is a legal term referring to the registration of a unique symbol, logo, or name used to identify and distinguish products or services. This process provides legal protection, granting exclusive rights to the trademark owner, and helps prevent unauthorized use by competitors.
Visit Now: https://www.tumblr.com/trademark-quick/751620857551634432/ensure-legal-protection-file-your-trademark-with?source=share
2. Agenda
• Cybercrime: What statistics have shown
• Key trends that impact on the environment organisations
operate in
• What is cyber forensic readiness?
- Cyber forensic readiness defined
- Why do organisations need to be ‘cyber incident ready’?
- What happens to the potential evidence prior to the decision to undertake
an investigation?
- Managing the risks: why digital evidence and potential disputes are
important
- Why should organisations be concerned about cyber forensic readiness?
• Key questions to ask
• Closing remarks
3. “In a world where cyber crime is constantly increasing, pervasive
computing is on the rise and information is becoming the most sought after
commodity making an effective and efficient Information Security
architecture and program essential. With this improved technology and
infrastructure, ongoing and pro-active computer investigations are now a
mandatory component of the IS enterprise. Corporate governance reports
require that organizations should not only apply good corporate
governance principles, but also practice good IT governance and specially
IS governance. Organizations develop their security architectures based on
current best practices for example ISO 17799 and COBIT. These best
practices do not consider the importance of putting controls or procedures
in place that will ensure successful investigations. There is a definite need
to adapt current IS best practices to include for example certain aspects of
Digital Forensics readiness to the current best practices to address the
shortcomings.”
(Grobler and Louwrens Digital Forensic Readiness as a Component of Information Security Best Practice)
4. Cybercrime: What statistics has shown
• Cybercrime: Protecting against the growing
threat (PwC Global Economic Crime Survey,
November 2011)
• Organisations face serious internal and
external threats from cyber criminals.
• Cybercrime now ranks as one of the top four
economic crimes.
• Cyber security issues now top the list of risks
to watch, ahead of weapons of mass
destruction and resource security. (World
Economic Forum Global Risks 2011 report)
• Traditionally leaders have pigeonholed cyber
security as an IT problem. But that is a risk
approach that could leave them open to attack.
5. Reputational damage is the biggest fear for 40 % of respondents
Two in five respondents had not received any cyber security training
60 % said their organisation doesn’t keep an eye on social media sites
A quarter of respondents said there is no regular formal review of
cybercrime threats by the CEO and the Board
Four in ten respondents say that their organisation does not have the
capability to prevent and detect cybercrime
The majority of respondents do not have, or are not aware of having a
cyber crisis response plan in place
6. Key trends that impact on the environment organisations operate in
Globalisation
Changing
workforce
demographics
and diversity
Increasing
regulation
Expectations of
demonstrable
governance
Rapid technology
innovation
Changing
attitudes to
privacy
Infrastructure
Revolution
• Increase in availability of high speed broadband and wireless networks
• Blurring work/personal life divide
• Content rich data – video, audio
Data Explosion
• Greater sharing of sensitive data between organisations and individuals
• More people connected globally
• A multiplication of devices and applications generating traffic
Always-on,
Always-
connected
world
• Greater connectivity between people driven by social networking and other
platforms
• Increasing information and data mining
• Increased Critical National Infrastructure and public services connectivity
Mobile device
explosion
• Increasingly seamless connectivity between devices
• ‘Bring Your Own’ approach to enterprise IT
• Emergence of digital cash, explosion of
Tougher
regulation and
standards
• Broader legislative and regulatory oversight
• Increasing standards on Information Management and Governance
Life in the
cloud
• Widespread adoption of cloud-based services in a drive to cut infrastructure
and administration costs
New identity
and trust
models
• Identity becomes increasingly important in the move to information based
security
• New models of trust for people, infrastructure and data emerge
Macro-economic,SocialandBusinessDrivers
7. Cyber forensic readiness defined
Cyber forensic readiness is the organisations’ potential to
maximise the use of digital evidence to aid in an investigation,
with the intent of:
• Reducing the time taken to respond to an incident.
• Maximising the ability to collect credible and meaningful
evidence.
• Minimising the length/cost of a cyber incident investigation.
• Reducing the incident recovery time.
• Preventing further losses.
8. HoneyNet Project
• The HoneyNet project shows that
the average time spent in a cyber
investigation was approximately
34 hours per person to
investigate an incident that took
an intruder about half an hour.
That's about a 60:1 ratio!
(http://www.honeynet.org/challenge/results/
index.html)
Its not just about IT. Its about HR
making sure employees
understand the security policies,
and recruiting people with the
specialist skills to protect the
organisation from cyber attacks.
Its about legal and compliance
making sure laws and regulations
are respected. It is about physical
security protecting sites and IT
equipment. Its about marketing
thinking about cyber security when
they launch new products. If
organisations don’t look at cyber
security from all angles they are
missing a trick.”
(William Beer, Director, Cyber
Security Services, PwC UK)
9. A reactive or tactical approach to Information Security may introduce
significant costs and opportunity loss
Time
TotalCost
Reactive approach
Proactive approach
Cost of Inaction
Security Event
Total Cost =
Security
deployment
and operation
Reputation
Value
Intellectual
Property Value
Operational
Effectiveness
Financial
impact of
incidents
• Hardware/
Software
• Staff
• Consultancy
• Brand Value
• Customer
satisfaction
• Investor
confidence
• Employee data
• Customer data
• Partner data
• Corporate data (IP)
• Innovation
• Time to market
• Productivity
• Direct and indirect
costs
10. Why do organisations need to be ‘cyber
incident ready’?
• Digital forensic investigations (DFIs) are commonly
employed as a post-event response to a serious information
security or criminal incident.
• The examination is conducted in a systematic, formalised
and legal manner to ensure the admissibility of the evidence
and subject to considerable scrutiny of both the integrity of
the evidence and that of the investigation process.
• There is a broad organisational role in the forensic
readiness process. This role can be equated to a business
continuity process.
12. What happens to the potential evidence prior to the
decision to undertake an investigation?
• The scenario of a DFI tends to ignore what happens to
potential evidence prior to the decision to undertake an
investigation.
• The necessary evidence either exists, and hopefully is
found by the DFI, or it does not exist and a suspect
cannot be charged and prosecuted.
• When a digital incident occurs there are generally three
courses of action that can be taken, generally
dependant on the type of organisation within which the
incident occurs, or which is responding the event:
13. Law Enforcement
• Secure the crime scene, identify evidentiary sources
and dispatch to a specialist laboratory for analysis.
Military Infrastructure
• Primary goal is one of risk identification and
elimination, followed by recovery and possible
offensive measures.
Commercial Organisations
• Where financial impact is caused by an incident, and
revenue earning potential is adversely affected, root
cause analysis and system remediation is of primary
concern, with in-depth analysis of the how and why
left until systems have been restored.
14. • The business environment lends itself to an approach
similar to that of the military, namely to be able to identify
the incident, patch the necessary system(s) and continue
earning revenue.
• In the generic (law enforcement) investigative model, there
is little leeway for a business’s incident responders to
satisfy the need to return the systems to operational status
as quickly as possible whilst preserving the necessary
evidence and being able to mount a successful
prosecution.
• These two goals can be mutually exclusive as a thorough
investigation needs time and during this time the business
will lose revenue by not having its system(s) live.
15. Managing the risks: Why digital evidence and
related disputes are important
Recourse to litigation is generally a last resort for most organisations, but
digital evidence could help manage the impact of some important business
risks:
Lend
support to
internal
disciplinary
actions
Support a
legal
defence
Support
good IT
governance
practices
and
reporting
Show
that due
care (or
due
diligence)
was
taken in a
particular
process
Support a
claim to
intellectual
property
rights
Verify the
terms of a
commercial
transaction
16. • Being prepared to gather and use evidence can also act as
a deterrent. Staff will know what the organisation’s attitude
is toward the policing of corporate systems – how incidents
are dealt with and how the organisation deals with
offenders.
• This also highlights the need for internal policies and
procedures that are communicated via effective awareness
and training programmes throughout the organisation.
• Staff need to know:
Who the perpetrator could be and what to look out for?
What can be done?
Who to call?
17. • For most organisations the foremost
objective is not to secure evidence. It
is more important to find the offender,
locate the intruder, and more
importantly secure the infrastructure
by minimising, or if possible,
eliminating vulnerabilities.
• To ensure that the organisation
maintains a pro-active approach it is
of great value to conduct simulated
cyber incident exercises. This would
also facilitate a process of continuous
learning and awareness.
Cyber forensic
readiness claims
that the time and
cost required for an
incident response
during a digital
forensic
investigation should
decrease while at
the same time
maintaining the level
of credibility of the
digital evidence
being collected.
Time = money.
18. Key questions to ask
• Do you know if you are able to handle a
cyber crime incident and are you able to
adapt to the fast pace and new emerging
risks of this type of crimes?
• Do you know where your threats are most
likely to come from?
• How often is your staff trained on cyber
security?
• Do you know the security posture of their
systems?
• Do you have current knowledge of
emerging cyber threats?
• Are your policies aligned with the
regulatory and legislated requirements?
• Do you maintain a proper chain of
evidence?
• Do you know what information is required
to carry out an investigation?
• Do you know what an attack signature will
look like?
• Are you able to carry out an investigation?
• Do you have centralised and secure
logging facilities?
• Do you know who to call and what to do
when an incident has occurred?
• Do you know your high risk systems? • Are you aware of the legal requirements
around the handling of evidence?
19. Closing Remarks
• Being ready for a forensic investigation should form part of
any information security strategy.
• It is also closely related to incident response and business
continuity, ensuring that evidence found in an investigation
is preserved and the continuity of evidence is maintained.
• Get in the experts: take a detailed look at the organisation's
readiness to undertake or support a digital forensics
investigation, be this as part of an internal investigation,
criminal investigation or as the result of a compliance
requirement.
• Cyber forensic readiness plans should take cognisance of
people, processes, technology and governance aspects.
• What needs to be done:
20. Define the business
scenarios that will
require digital evidence.
When it will be
appropriate to gather
evidence and when is it
not?
Identify sources of
evidence and what
type of evidence it is,
and ensure that you
have the resources
available to look for it.
Establish a clear
view of what
circumstances
need to be in
place to trigger a
full investigation.
Provide training for
key staff to ensure
that evidence
handling procedures
are adhered to.
Provide guidance in the
preparation of an example that
everyone can run through in
advance. Ensure that all
parties, including legal, are
confident that the correct
processes are in place.
Develop
policies and
procedures to
ensure
compliance.
Create learning organisations. Assess the
adequacy of the investigation and the utility
of the evidence gathered to support it.
Incorporate in cross-departmental training
initiatives to create and maintain staff
awareness across the organisation.