ESSENTIALS OF
Management Information Systems 12e
KENNETH C. LAUDON AND JANE P. LAUDON
continued
Systems
CHAPTER 4 ETHICAL AND SOCIAL ISSUES IN INFORMATION SYSTEMS
CASE 3 Data Mining for Terrorists and Innocents
SUMMARY This case describes how data mining software, combined with Big Data collection from
the Internet, are used to identify potential terrorists. The PRISM program of the U.S.
National Security Agency (NSA) is an on-going effort to enable such Internet surveillance.
In some cases innocent people have been mistaken for terrorists, while sometimes a
terrorist plot is disrupted. The existence of the PRISM program was a national security
secret until its existence was revealed by Edward Snowden, a former NSA contractor.
There are two videos in this case:
(1) Data Mining for Terrorists and Innocents (L= 5:10)
URL http://www.youtube.com/watch?v=4lKpD7MC22I
(2) How Does the PRISM Program Work? (L=1:59)
URL https://www.youtube.com/watch?v=JR6YyYdF8ho
CASE Anti-terrorism agencies around the world have made effective use of new surveillance tech-
nologies that offer unprecedented abilities to identify and apprehend potential terrorists.
Today’s terrorists are by nature difficult to track, as disconnected groups of individuals can
use the Internet to communicate their plans with lower chance of detection. Anti-terrorist
technology has evolved to better handle this new type of threat.
But there are drawbacks to these new strategies. Often, innocent people may find their
privacy compromised or completely eliminated as a result of inaccurate information.
Surveillance technologies are constantly improving. While this makes it more difficult for
Chapter 4, Case 3 Data Mining for terrorists anD innoCents 2
continued
terrorists and other criminals to exchange information, it also jeopardizes our privacy, on
the Internet and elsewhere, going forward. For instance, it may be necessary to monitor the
phone calls of all American citizens, and visiting foreigners, in order to uncover a terrorist
plot. Is this reason for worry? Are comparisons to Orwell’s 1984 appropriate or overblown?
The first video displays both the positive and negative results of new advances in tech-
nology. The first segment describes a program called the Dark Web Project developed by
a team at the University of Tucson that combs the Internet in search of militant leaders
and their followers. The program creates profiles based on word length, punctuation,
syntax, and content, and displays information about the personality type of an individual
graphically.
The plotting of information on a graph represents whether the user is violent or militant,
inexperienced and seeking advice, or an opinion leader holding sway over many more
people. Programs like this have been adopted by many intelligence agencies worldwide,
who incorporate it into their arsenal of terrorist surveillance technologies.
It’s unclear if this project i ...
Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...REVULN
In July 2016, the ATM heist of Taiwan First bank is based on well-known Carberp malware family. The threat of cybercrime is becoming increasingly complex and diverse on putting citizen’s data or money in danger. Cybercrime threats are often originating from trusted, malicious, or negligent insiders, who have excessive access privileges to sensitive data. The analysis of ATM heist threats presents many opportunities for improving the quality and value of digital evidence. This talk will introduce some OSINT methods that can help investigators to perform a cybercrime investigation process in a forensically sound and timely fashion manner. This talk further points out cybercrime investigation, digital forensics, and ICT governance for fighting against cybercrime issues. It requires the sincere examination of all available data volumes at a crime scene or in a lab to present digital evidence in a court of law.
Reply to post 1 & 2 with 250 words each.Post 11. What vafelipaser7p
Reply to post 1 & 2 with 250 words each.
Post 1
1. What value does Open Source information have for law enforcement intelligence?
In today’s information age, open source information is extremely valuable to law enforcement today. The modernization of technology is accelerating at a fast pace. In the very near future, almost everything that someone says or does will be recorded in some way or another. The way open source information is used today has already shown a great potential in solving past crimes, addressing current crimes, and predicting crimes of the future. According to Friedman (1998), there are several categories of open source information, and some of the major sources are the media, databases, and everyone’s favorite, the internet. The reason why it is extremely valuable in law enforcement is because open source information is a repository of information. Some examples of open source information are DNA repositories, social media posts, photos with geotags, and statistical information. Just from the four examples mentioned, one can see the relevance to law enforcement. DNA databases can be used to link DNA evidence; statistical information can be used to develop crime maps, and help in predictive policing (Joh, 2014). Not so smart felons can leave geotags on photos or have Instagram photos that show their whereabouts.
2. Provide two examples of Open Sources that can be beneficial to law enforcement and explain what those benefits are.
Something that comes quickly to mind is that open source information can be used to develop a pattern of life of an area. Using information gained from public databases, law enforcement officials can identify where the next crime might occur. Another way to use open source information is to monitor social media. Social media posts can indicate where protests will occur, or even where a crime is occurring. Recently, a mass shooting in New Zealand was live-streamed on social media. There are some things that law enforcement can learn from that video in terms of the attacker’s timeline and tactics he employed. Joh (2014) posits that open source information from the internet can be used in mass surveillance, and in predictive policing.
3. What concerns must be factored in if utilizing Open Source information?
The top concern with open source information is the validity of it. Additionally, is the information from a reputable source? How old is the information? The validity of the information critical especially with the internet; there is a lot of junk information on the web that must be disregarded by intelligence experts. Something else to also consider is that open source information can also be used by criminals. For example, criminals can observe the actions of a police force if the media is doing a live-broadcast of a crime in progress.
4. Can police lawfully use insincere or fraudulent means to access social media information? (LinkedIn, Facebook, Twitter, Pinterest...)
As state ...
Case: Wired for Repression
One of the major issues that the Middle-Eastern uprisings brought to the forefront was the use of surveillance technologies employed by the governments of these nations. Countries such as Tunisia, Egypt, Iran, Bahrain, Syria and other such oppressive regimes practice and continue to proliferate this technology.
Most of the technologies employed can be categorized as the following:
• Mobile Tracking: this includes inception and storing of texts and calls, and can be viewed later on the basis of recipient, sender and content.
• Internet Traffic: Which includes keyword based extraction of emails, access facebook accounts, change data and leave behind pornographic images.
• Product Location: Geographic location identifier of a product (such as a laptop or a phone) with accuracy up to 15 seconds.
Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...REVULN
In July 2016, the ATM heist of Taiwan First bank is based on well-known Carberp malware family. The threat of cybercrime is becoming increasingly complex and diverse on putting citizen’s data or money in danger. Cybercrime threats are often originating from trusted, malicious, or negligent insiders, who have excessive access privileges to sensitive data. The analysis of ATM heist threats presents many opportunities for improving the quality and value of digital evidence. This talk will introduce some OSINT methods that can help investigators to perform a cybercrime investigation process in a forensically sound and timely fashion manner. This talk further points out cybercrime investigation, digital forensics, and ICT governance for fighting against cybercrime issues. It requires the sincere examination of all available data volumes at a crime scene or in a lab to present digital evidence in a court of law.
Reply to post 1 & 2 with 250 words each.Post 11. What vafelipaser7p
Reply to post 1 & 2 with 250 words each.
Post 1
1. What value does Open Source information have for law enforcement intelligence?
In today’s information age, open source information is extremely valuable to law enforcement today. The modernization of technology is accelerating at a fast pace. In the very near future, almost everything that someone says or does will be recorded in some way or another. The way open source information is used today has already shown a great potential in solving past crimes, addressing current crimes, and predicting crimes of the future. According to Friedman (1998), there are several categories of open source information, and some of the major sources are the media, databases, and everyone’s favorite, the internet. The reason why it is extremely valuable in law enforcement is because open source information is a repository of information. Some examples of open source information are DNA repositories, social media posts, photos with geotags, and statistical information. Just from the four examples mentioned, one can see the relevance to law enforcement. DNA databases can be used to link DNA evidence; statistical information can be used to develop crime maps, and help in predictive policing (Joh, 2014). Not so smart felons can leave geotags on photos or have Instagram photos that show their whereabouts.
2. Provide two examples of Open Sources that can be beneficial to law enforcement and explain what those benefits are.
Something that comes quickly to mind is that open source information can be used to develop a pattern of life of an area. Using information gained from public databases, law enforcement officials can identify where the next crime might occur. Another way to use open source information is to monitor social media. Social media posts can indicate where protests will occur, or even where a crime is occurring. Recently, a mass shooting in New Zealand was live-streamed on social media. There are some things that law enforcement can learn from that video in terms of the attacker’s timeline and tactics he employed. Joh (2014) posits that open source information from the internet can be used in mass surveillance, and in predictive policing.
3. What concerns must be factored in if utilizing Open Source information?
The top concern with open source information is the validity of it. Additionally, is the information from a reputable source? How old is the information? The validity of the information critical especially with the internet; there is a lot of junk information on the web that must be disregarded by intelligence experts. Something else to also consider is that open source information can also be used by criminals. For example, criminals can observe the actions of a police force if the media is doing a live-broadcast of a crime in progress.
4. Can police lawfully use insincere or fraudulent means to access social media information? (LinkedIn, Facebook, Twitter, Pinterest...)
As state ...
Case: Wired for Repression
One of the major issues that the Middle-Eastern uprisings brought to the forefront was the use of surveillance technologies employed by the governments of these nations. Countries such as Tunisia, Egypt, Iran, Bahrain, Syria and other such oppressive regimes practice and continue to proliferate this technology.
Most of the technologies employed can be categorized as the following:
• Mobile Tracking: this includes inception and storing of texts and calls, and can be viewed later on the basis of recipient, sender and content.
• Internet Traffic: Which includes keyword based extraction of emails, access facebook accounts, change data and leave behind pornographic images.
• Product Location: Geographic location identifier of a product (such as a laptop or a phone) with accuracy up to 15 seconds.
Exploring the Psychological Mechanisms used in Ransomware Splash ScreensJeremiah Grossman
The present study examined a selection of 76 ransomware splash screens collected from a variety of sources. These splash screens were analysed according to surface information, including aspects of visual appearance, the use of language, cultural icons, payment and payment types. The results from the current study showed that, whilst there was a wide variation in the construction of ransomware splash screens, there was a good degree of commonality, particularly in terms of the structure and use of key aspects of social engineering used to elicit payment from the victims. There was the emergence of a sub-set of ransomware that, in the context of this report, was termed ‘Cuckoo’ ransomware. This type of attack often purported to be from an official source requesting payment for alleged transgressions.
Brian Wrote There is a wide range of cybersecurity initiatives .docxhartrobert670
Brian Wrote :
There is a wide range of cybersecurity initiatives that exist on the international level through collaborative efforts between the Department of Homeland Security (DHS) and numerous organizational units (UMUC, 2012). According to UMUC (2012), some examples of these initiatives are:
· Federal Law Enforcement Training Center
· National Cyber Security Division
· National Communications System
· Office of Infrastructure Protection
· Office of Operations Coordination
· Privacy Office
· U.S. Secret Service
· U.S. Immigration and Customs Enforcement
· Organization of American States Assistance
“The National Cyber Security Division works to secure cyberspace and America’s cyber assets in cooperation with public, private, and international entities” (UMUC, 2012). This is done using several strategic plans and directives, such as the Presidential Decision Directive 7, the Information Technology Sector Specific Plan, the National Strategy to Secure Cyber Space, National Infrastructure Preparedness Plan, and the National Response Plan (UMUC, 2012). A challenge that the National Cyber Security Division faces in providing an effective deterrent to cybersecurity threats are the constant evolving technologies. These include for both good and bad. Cyber attacks are constantly evolving and so are the technologies use to protect from them. In order for the National Cyber Security Division to effectively deter them not only do they have to stay up-to-date but also so do all of the strategic plans and directives that they use.
Another initiative is the Federal Law Enforcement Training Center (FLETC) that emerged in the 1980s. This initiative puts forth “efforts to counter international hijackings and financial crimes” (UMUC, 2012). It now also extends law enforcement abroad to help against terrorist activity, international crime, and drug-trafficking (UMUC, 2012). It does those with the partner of Department of State. A challenge that the FLETC faces in providing an effective deterrent to cybersecurity threats are their international limitations. All though they have partnered abroad with select foreign nations they still have restrictions and limitations as to what exactly they can do.
Justin Wrote:
Mutual Legal Assistance Treaties (MLATs) are established between two or more nations and provide a formal means of exchanging evidence and information pertaining to criminal acts or cases that occur outside of a nation’s legal jurisdiction. The primary issue associated with MLATs and cybercrime is the inconsistency of host nation laws. Many nations feel that the idea of a global anti-crime initiative may contradict a nation’s fundamental principles (Finklea & Theohary, 2012, p.24). There is no standardized definition for cybercrime which means that one nation may view a virtual act as a crime and the other, with which the MLAT exists, may not. If the two nations agree on the legality of the act then the requesting nation may sub ...
A REVIEW OF CYBERSECURITY AS AN EFFECTIVE TOOL FOR FIGHTING IDENTITY THEFT AC...IJCI JOURNAL
The study is focused on identity theft and cybersecurity in United States. Hence, the study is aimed at examining the impact of cybersecurity on identity theft in United States using a time series data which covers the period between 2001 and 2021. Trend analysis of complaints of identity theft and cybersecurity over the years was conducted; also, the nature of relationship between the two variables was established. Chi-Square analysis was used to examine the impact of cybersecurity on identity theft in United States. Line graphs were used to analyze the trend in the variable. Time series data was used in the study and the data was obtained from secondary sources; Statista.com, US Federal Trade Commission, Insurance Information Institute and Identitytheft.org. Result from the study revealed that consumers’ complaints on identity theft were on the increase every year. Total spending of the economy (both private and public
sector) on cybersecurity was on continuous increase over the years. More than 100% of spending in 2010 as incurred in 2018. The Chi-Square analysis revealed that cybersecurity does not have significant impact on identity theft. The study recommended that the government increase the level of public awareness to ensure that members of the public protect their personal and other information to ensure that they are not compromised for fraud or identity theft. Organizations also need to invest more in the security system and develop policies that will support the security system. At the country level, international treaties and collaboration should be encouraged to prosecute the fraudsters hiding behind national borders.
E. Bryan - E-Governance and Personal PrivacyEmerson Bryan
Critically discussion on the view that the government needs to track and store a citizen’s personal information in order to provide ‘a safe and secure society’ versus a citizen’s right to protect his/ her personal information
Accessing Password Protected andor Encrypted Mobile DataAbstrac.docxnettletondevon
Accessing Password Protected and/or Encrypted Mobile Data
Abstract- This research paper examines the potential solution to a problem faced by law enforcement; wherein the inability to decrypt a number of encrypted communications that they have been given appropriate legal permission to intercept or examine, loom large. This research paper utilizes a theoretical approach to explore the ‘going dark’ concern. This paper will also provide an overview of an encryption workaround, which will address the widely used “Signal Messaging Protocol” which is used to encrypt messages transmitted via applications such as Whatsapp, Telegram, Facebook, among others.
Keywords—Signal Messaging Protocol, Encrypted Messaging, Privacy, Law Enforcement, Mobile Phones, WhatsAppI. Introduction
As the use of digital mobile devices continues to become more ubiquitous, so too does the use of strong encryption protocols, which are being made available to users by communication application providers. In an effort to provide even more security to users, those same application providers are developing the encryption protocols in such a way that the providers themselves are not even able to decrypt the private messages. These trends are posing an ever-increasing challenge to law enforcement agencies who are often able to obtain the legal authority necessary to intercept or retrieve certain communication dataonly to find that they are unable to decrypt and view that same data. The FBI has labeled this issue as the “Going Dark” problem.
The “Going Dark” problem often has adverse effects on law enforcement’s ability to investigate all kinds of crimes; such as kidnappings, child pornography, violent gang activity, etc. However, the gravest consequential examples of this problem have arisen through terrorist investigations, wherein the stakes are extremely high.
Agencies charged with combating terrorism, such as the FBI, quietly face this obstacle every day. In December 2015, the public was given an inside view of this dilemma, during the aftermath of the San Bernardino, California, terrorist attack. Following the attack, the FBI recovered a passcode locked iPhone 5, which had belonged to one of the shooters. The passcode function keeps the encased data encrypted until the correct passcode is entered. If the wrong passcode is entered more than ten times, the data is automatically permanently wiped from the device. In response, the FBI obtained a court order directing Apple to assist them in developing software to unlock the phone. Apple refused, which set off a fierce public outcry, and a subsequent legal battle. The standoff was ultimately diffused when the FBI was able to find a third party to crack the four-digit passcode.
As a result of that legal dispute between the Department of Justice and Apple not having being resolved in court, the debate continued over the question: should the government be able to legally force private vendors to create decryption keys for law .
Causes of the Growing Conflict Between Privacy and SecurityDon Edwards
The struggle of maintaining an acceptable level of individual privacy is inherent in any society which values group protection from both internal and external threats. This paper illustrates the competing priorities that are the source of the conflict between privacy and security.
10 Criminology in the FutureCriminology in the FutureKristop.docxhyacinthshackley2629
10 Criminology in the Future
Criminology in the Future
Kristopher Freitag, Javielle Watson, Michael Westphal, Starcia Zeigler
CJA/314
April 7, 2014
Judy Mazzucca
Technology is advancing in every aspect of the criminal justice system, from the investigation to the prosecution of the crimes. Crime fighting methodologies have the potential to greatly assist law enforcement in the war on crime. Some experts even think that some software and tools will be able to help prevent crime. (Yeung, n.d.). Methodologies, such as mandating DNA collection programs, biometrics, and implementing cybercrime spyware programs are on the list of the next big things of the future, when it comes to fighting crime. DNA testing helps law enforcement investigate and prosecute crimes, as well as clear the names of those who have been wrongfully convicted. There are currently about twenty states with laws requiring DNA collection at the time of the person’s arrest. The federal government also has this requirement. As, with any controversial subject, DNA testing has its critics. Some are saying that DNA testing is in violation of the Fourth Amendment, especially for those who have not been convicted of a crime. Others are concerned that DNA testing may open the doors for abuse of the genetic information being stored in the databases. (Berson, n.d.). Biometrics are automated methods of recognizing a person based on physiological or behavioral characteristics. Some of the features measured using biometrics are handwriting, voice, iris, hand geometry, vein, retinal, and fingerprints. Biometric based solutions provide personal data privacy, and confidential financial transactions, and are starting to become the foundation of an extensive array of highly secure identification and personal verification solutions. The need for highly secure identification and personal verification technologies is great, due to the increased number of transaction fraud and security breaches. This need is especially great in the areas of local, state, and federal governments. Infrastructures such as electronic banking, health and social services, law enforcement, and retail sales are already taking advantage of, and seeing the benefits of biometric technology. ("The Biometrics Consortium", n.d.).
As we become more and more dependent on technology, the increase of cybercrimes are skyrocketing, which has forced law enforcement to figure out ways of combatting cybercrimes. We have become extremely vulnerable to many cybercrimes, including social media fraud, which consists of cyber criminals using social media to steal the identities of unsuspecting people; and luring people to download malicious materials, or reveal their passwords; corporate security breaches, which consists of cyber criminals exploiting company employees via scams; and phishing, which involves cyber criminals targeting company employees by sending emails that appear to be from someone within the company. ("Homeland .
Scholarly PaperThe purpose of this paper is to explore or inquir.docxronnasleightholm
Scholarly Paper
The purpose of this paper is to explore or inquire into a topic in curriculum, teaching and learning of particular interest to the student. The paper will be composed of four parts.
1-
The introduction
: students will explain why the topic is of particular interest to them and explain the importance of the topic in the world of ideas and practice.
2-
Review literature
: students will review literature on the topic focusing on at least five articles.
3-
Implications:
students will describe an application or implication for real life change.
4-
Conclusion:
students will draw together their thoughts from the three preceding parts of the paper.
My topic is:
Multicultural and Race Relations in Education: Policy Development and Program Implementation.
First
:
I need a summary for all the work of "
Scholarly Paper"
in separate paper. The summary should be no more that 500 words this one due on 17th of march
Second
: I need the "
Scholarly Paper"
minimum of 10 pages, APA style. this one will be on 19th
Graphs, charts, digrams, may be included. I need 5 sources at least.
.
Schizophrenia is characterized by a variety of communication disorde.docxronnasleightholm
Schizophrenia is characterized by a variety of communication disorders. There is debate about whether disordered family communication is the CAUSE or EFFECT of schizophrenia. What are some of the communication disorders that accompany schizophrenia?
at least 400 words with 2 reference APA format
.
More Related Content
Similar to ESSENTIALS OF Management Information Systems 12eKENNETH C.
Exploring the Psychological Mechanisms used in Ransomware Splash ScreensJeremiah Grossman
The present study examined a selection of 76 ransomware splash screens collected from a variety of sources. These splash screens were analysed according to surface information, including aspects of visual appearance, the use of language, cultural icons, payment and payment types. The results from the current study showed that, whilst there was a wide variation in the construction of ransomware splash screens, there was a good degree of commonality, particularly in terms of the structure and use of key aspects of social engineering used to elicit payment from the victims. There was the emergence of a sub-set of ransomware that, in the context of this report, was termed ‘Cuckoo’ ransomware. This type of attack often purported to be from an official source requesting payment for alleged transgressions.
Brian Wrote There is a wide range of cybersecurity initiatives .docxhartrobert670
Brian Wrote :
There is a wide range of cybersecurity initiatives that exist on the international level through collaborative efforts between the Department of Homeland Security (DHS) and numerous organizational units (UMUC, 2012). According to UMUC (2012), some examples of these initiatives are:
· Federal Law Enforcement Training Center
· National Cyber Security Division
· National Communications System
· Office of Infrastructure Protection
· Office of Operations Coordination
· Privacy Office
· U.S. Secret Service
· U.S. Immigration and Customs Enforcement
· Organization of American States Assistance
“The National Cyber Security Division works to secure cyberspace and America’s cyber assets in cooperation with public, private, and international entities” (UMUC, 2012). This is done using several strategic plans and directives, such as the Presidential Decision Directive 7, the Information Technology Sector Specific Plan, the National Strategy to Secure Cyber Space, National Infrastructure Preparedness Plan, and the National Response Plan (UMUC, 2012). A challenge that the National Cyber Security Division faces in providing an effective deterrent to cybersecurity threats are the constant evolving technologies. These include for both good and bad. Cyber attacks are constantly evolving and so are the technologies use to protect from them. In order for the National Cyber Security Division to effectively deter them not only do they have to stay up-to-date but also so do all of the strategic plans and directives that they use.
Another initiative is the Federal Law Enforcement Training Center (FLETC) that emerged in the 1980s. This initiative puts forth “efforts to counter international hijackings and financial crimes” (UMUC, 2012). It now also extends law enforcement abroad to help against terrorist activity, international crime, and drug-trafficking (UMUC, 2012). It does those with the partner of Department of State. A challenge that the FLETC faces in providing an effective deterrent to cybersecurity threats are their international limitations. All though they have partnered abroad with select foreign nations they still have restrictions and limitations as to what exactly they can do.
Justin Wrote:
Mutual Legal Assistance Treaties (MLATs) are established between two or more nations and provide a formal means of exchanging evidence and information pertaining to criminal acts or cases that occur outside of a nation’s legal jurisdiction. The primary issue associated with MLATs and cybercrime is the inconsistency of host nation laws. Many nations feel that the idea of a global anti-crime initiative may contradict a nation’s fundamental principles (Finklea & Theohary, 2012, p.24). There is no standardized definition for cybercrime which means that one nation may view a virtual act as a crime and the other, with which the MLAT exists, may not. If the two nations agree on the legality of the act then the requesting nation may sub ...
A REVIEW OF CYBERSECURITY AS AN EFFECTIVE TOOL FOR FIGHTING IDENTITY THEFT AC...IJCI JOURNAL
The study is focused on identity theft and cybersecurity in United States. Hence, the study is aimed at examining the impact of cybersecurity on identity theft in United States using a time series data which covers the period between 2001 and 2021. Trend analysis of complaints of identity theft and cybersecurity over the years was conducted; also, the nature of relationship between the two variables was established. Chi-Square analysis was used to examine the impact of cybersecurity on identity theft in United States. Line graphs were used to analyze the trend in the variable. Time series data was used in the study and the data was obtained from secondary sources; Statista.com, US Federal Trade Commission, Insurance Information Institute and Identitytheft.org. Result from the study revealed that consumers’ complaints on identity theft were on the increase every year. Total spending of the economy (both private and public
sector) on cybersecurity was on continuous increase over the years. More than 100% of spending in 2010 as incurred in 2018. The Chi-Square analysis revealed that cybersecurity does not have significant impact on identity theft. The study recommended that the government increase the level of public awareness to ensure that members of the public protect their personal and other information to ensure that they are not compromised for fraud or identity theft. Organizations also need to invest more in the security system and develop policies that will support the security system. At the country level, international treaties and collaboration should be encouraged to prosecute the fraudsters hiding behind national borders.
E. Bryan - E-Governance and Personal PrivacyEmerson Bryan
Critically discussion on the view that the government needs to track and store a citizen’s personal information in order to provide ‘a safe and secure society’ versus a citizen’s right to protect his/ her personal information
Accessing Password Protected andor Encrypted Mobile DataAbstrac.docxnettletondevon
Accessing Password Protected and/or Encrypted Mobile Data
Abstract- This research paper examines the potential solution to a problem faced by law enforcement; wherein the inability to decrypt a number of encrypted communications that they have been given appropriate legal permission to intercept or examine, loom large. This research paper utilizes a theoretical approach to explore the ‘going dark’ concern. This paper will also provide an overview of an encryption workaround, which will address the widely used “Signal Messaging Protocol” which is used to encrypt messages transmitted via applications such as Whatsapp, Telegram, Facebook, among others.
Keywords—Signal Messaging Protocol, Encrypted Messaging, Privacy, Law Enforcement, Mobile Phones, WhatsAppI. Introduction
As the use of digital mobile devices continues to become more ubiquitous, so too does the use of strong encryption protocols, which are being made available to users by communication application providers. In an effort to provide even more security to users, those same application providers are developing the encryption protocols in such a way that the providers themselves are not even able to decrypt the private messages. These trends are posing an ever-increasing challenge to law enforcement agencies who are often able to obtain the legal authority necessary to intercept or retrieve certain communication dataonly to find that they are unable to decrypt and view that same data. The FBI has labeled this issue as the “Going Dark” problem.
The “Going Dark” problem often has adverse effects on law enforcement’s ability to investigate all kinds of crimes; such as kidnappings, child pornography, violent gang activity, etc. However, the gravest consequential examples of this problem have arisen through terrorist investigations, wherein the stakes are extremely high.
Agencies charged with combating terrorism, such as the FBI, quietly face this obstacle every day. In December 2015, the public was given an inside view of this dilemma, during the aftermath of the San Bernardino, California, terrorist attack. Following the attack, the FBI recovered a passcode locked iPhone 5, which had belonged to one of the shooters. The passcode function keeps the encased data encrypted until the correct passcode is entered. If the wrong passcode is entered more than ten times, the data is automatically permanently wiped from the device. In response, the FBI obtained a court order directing Apple to assist them in developing software to unlock the phone. Apple refused, which set off a fierce public outcry, and a subsequent legal battle. The standoff was ultimately diffused when the FBI was able to find a third party to crack the four-digit passcode.
As a result of that legal dispute between the Department of Justice and Apple not having being resolved in court, the debate continued over the question: should the government be able to legally force private vendors to create decryption keys for law .
Causes of the Growing Conflict Between Privacy and SecurityDon Edwards
The struggle of maintaining an acceptable level of individual privacy is inherent in any society which values group protection from both internal and external threats. This paper illustrates the competing priorities that are the source of the conflict between privacy and security.
10 Criminology in the FutureCriminology in the FutureKristop.docxhyacinthshackley2629
10 Criminology in the Future
Criminology in the Future
Kristopher Freitag, Javielle Watson, Michael Westphal, Starcia Zeigler
CJA/314
April 7, 2014
Judy Mazzucca
Technology is advancing in every aspect of the criminal justice system, from the investigation to the prosecution of the crimes. Crime fighting methodologies have the potential to greatly assist law enforcement in the war on crime. Some experts even think that some software and tools will be able to help prevent crime. (Yeung, n.d.). Methodologies, such as mandating DNA collection programs, biometrics, and implementing cybercrime spyware programs are on the list of the next big things of the future, when it comes to fighting crime. DNA testing helps law enforcement investigate and prosecute crimes, as well as clear the names of those who have been wrongfully convicted. There are currently about twenty states with laws requiring DNA collection at the time of the person’s arrest. The federal government also has this requirement. As, with any controversial subject, DNA testing has its critics. Some are saying that DNA testing is in violation of the Fourth Amendment, especially for those who have not been convicted of a crime. Others are concerned that DNA testing may open the doors for abuse of the genetic information being stored in the databases. (Berson, n.d.). Biometrics are automated methods of recognizing a person based on physiological or behavioral characteristics. Some of the features measured using biometrics are handwriting, voice, iris, hand geometry, vein, retinal, and fingerprints. Biometric based solutions provide personal data privacy, and confidential financial transactions, and are starting to become the foundation of an extensive array of highly secure identification and personal verification solutions. The need for highly secure identification and personal verification technologies is great, due to the increased number of transaction fraud and security breaches. This need is especially great in the areas of local, state, and federal governments. Infrastructures such as electronic banking, health and social services, law enforcement, and retail sales are already taking advantage of, and seeing the benefits of biometric technology. ("The Biometrics Consortium", n.d.).
As we become more and more dependent on technology, the increase of cybercrimes are skyrocketing, which has forced law enforcement to figure out ways of combatting cybercrimes. We have become extremely vulnerable to many cybercrimes, including social media fraud, which consists of cyber criminals using social media to steal the identities of unsuspecting people; and luring people to download malicious materials, or reveal their passwords; corporate security breaches, which consists of cyber criminals exploiting company employees via scams; and phishing, which involves cyber criminals targeting company employees by sending emails that appear to be from someone within the company. ("Homeland .
Similar to ESSENTIALS OF Management Information Systems 12eKENNETH C. (20)
Scholarly PaperThe purpose of this paper is to explore or inquir.docxronnasleightholm
Scholarly Paper
The purpose of this paper is to explore or inquire into a topic in curriculum, teaching and learning of particular interest to the student. The paper will be composed of four parts.
1-
The introduction
: students will explain why the topic is of particular interest to them and explain the importance of the topic in the world of ideas and practice.
2-
Review literature
: students will review literature on the topic focusing on at least five articles.
3-
Implications:
students will describe an application or implication for real life change.
4-
Conclusion:
students will draw together their thoughts from the three preceding parts of the paper.
My topic is:
Multicultural and Race Relations in Education: Policy Development and Program Implementation.
First
:
I need a summary for all the work of "
Scholarly Paper"
in separate paper. The summary should be no more that 500 words this one due on 17th of march
Second
: I need the "
Scholarly Paper"
minimum of 10 pages, APA style. this one will be on 19th
Graphs, charts, digrams, may be included. I need 5 sources at least.
.
Schizophrenia is characterized by a variety of communication disorde.docxronnasleightholm
Schizophrenia is characterized by a variety of communication disorders. There is debate about whether disordered family communication is the CAUSE or EFFECT of schizophrenia. What are some of the communication disorders that accompany schizophrenia?
at least 400 words with 2 reference APA format
.
Scholarly writing has traditions and expectations. It is different f.docxronnasleightholm
Scholarly writing has traditions and expectations. It is different from journalism or letter writing because you are providing insights on the issues that are grounded in research, critical reading and analysis rather than presenting an opinion or a personal belief. Scholarly writers strive for academic integrity and work to keep personal bias and beliefs out of their writing. Review your Learning Resources and view the media provided on scholarly writing.
For this Discussion, research and select
one
non-peer-reviewed article related to health that you believe presents bias.
a brief summary of the article you selected. Then, explain why you think it presents bias. Provide an example of how the bias can be reduced by using scholarly voice. Expand on your insights using the Learning Resources.
Use APA formatting for your discussion and to cite your resources.
this needs to be completed by Wednesday 3:30 pm CST
.
Schellhammer Corporation reported the following amounts in 2013, 201.docxronnasleightholm
Schellhammer Corporation reported the following amounts in 2013, 2014, and 2015.
2013
2014
2015
Current assets
$230,800
$256,188
$270,036
Current liabilities
$160,600
$166,680
$185,590
Total assets
$462,140
$563,340
$588,120
(b)
Perform each of the three types of analysis on Schellhammer’s current assets.
(Round percentages to 0 decimal places, e.g. 43% and ratios to 2 decimal places, e.g.1.58.)
2013
2014
2015
Horizontal Analysis
Current assets
[removed]
%
[removed]
%
[removed]
%
Vertical Analysis
Current assets
[removed]
%
[removed]
%
[removed]
%
Ratio Analysis
Current ratio
[removed]
[removed]
[removed]
Link to Text
Link to Text
Link to Text
Link to Text
.
Scholar-Practitioner Project Evaluation PlanAlthough many people .docxronnasleightholm
Scholar-Practitioner Project: Evaluation Plan
Although many people view evaluation as something that is done once a project is complete, evaluation must actually be planned for well before a project starts in order to be executed properly and effectively. As the business consultant Steven Covey (2004) advocated, one essential ingredient in any venture is to “begin with the end in mind” (p. 95). This assignment provides you the opportunity to plan Obesity projectt o facilitate effective evaluation in all its phases.
Because an evaluation plan is largely about people as much as paper, considerations such as stakeholder participation and cultural and ethical ramifications should be taken into account in any evaluation plan. This is why organizations such as the American Evaluation Association have developed standards for evaluation that include cultural competence and ethical practices.
submit a 5-page and 5 references within 5 years evaluation plan for your obesity project that includes the following:
The four types of evaluation (formative, process, impact, and outcome) each of which includes the following:
Types of data to be collected (e.g., quantitative, qualitative)
Evaluators and stakeholders who would be involved
Goals of the evaluation
Your plan must demonstrate that you understand the following:
The differences between the types of evaluation
Ethical considerations related to evaluation
Cultural considerations related to evaluation
.
Scenario Prior to completing your full evaluation, you will meet .docxronnasleightholm
Scenario:
Prior to completing your full evaluation, you will meet with a new Director of IT at your customer site. The project sponsor has asked you to spend time with their new Director and educate him on the importance of IT Governance.
Write
a 2- to 3-page informational paper that provides:
The definition IT Governance and why it is important in the IT industry
Key aspects of IT Governance
Description of IT steering committee and the role each member plays
Note.
If you are not currently working with an organization, draw upon previous experience or interview someone on this topic.
.
Scenario Your manager has asked you to investigate the exposure t.docxronnasleightholm
Scenario:
Your manager has asked you to investigate the exposure to external users doing transactions over the internet.
Prepare
a 3- to 4-page report for the top management explaining:
Risk and exposures associated with conducting transactions over the Internet
Threats related to operating systems and networks
Risk related to different database deployment models in a distributed environment
Format
according to APA guidelines.
.
ScenarioYou have been asked to be the project manager for the deve.docxronnasleightholm
Scenario
You have been asked to be the project manager for the development of an information technology (IT) project. The system to be developed will allow a large company to coordinate and maintain records of the professional development of its employees. The company has over 30,000 employees who are located in four sites: Florida, Colorado, Illinois, and Texas. The system needs to allow employees to locate and schedule professional development activities that are relevant to their positions. Sophisticated search capabilities are required, and the ability to add scheduled events to the employees’ calendars is desired. The system needs to support social networking to allow employees to determine who is attending conferences and events. This will promote fostering relationships and ensure coverage of conferences that are considered of high importance.
Once an activity has been completed, employees will use the system to submit the documentation. The system should support notifications to management personnel whenever their direct reports have submitted documentation. The system should also notify employees if their deadline to complete professional-development requirements is approaching and is not yet satisfied.
Project Scope Management Plan
For the given scenario, create a project scope management plan that will detail how the project scope will be defined, managed, and controlled to prevent scope creep. The plan may also include how the scope will be communicated to all stakeholders.
Project Scope
After you have the project scope management plan developed, define the project scope.
.
Science diss part 2This response does not need to be more than 3 p.docxronnasleightholm
Science diss part 2
This response does not need to be more than 3 paragraphs.
Explain why you agree or disagree with the following ideas:
(a) everyone has the right to have as many children as they want,
(b) each member of the human species has a right to use as many resources as they want,
(c) individuals should have the right to do anything they want with land they own,
(d) other species exist to be used by humans, and
(e) all forms of life have an intrinsic value and therefore have a right to exist.
This is due SATURDAY THE 25TH
.
ScenarioYou work for Hanson Enterprises, a U.S. based company, w.docxronnasleightholm
Scenario
You work for Hanson Enterprises, a U.S. based company, which has decided to partner with a company in another country for both economic and philanthropic reasons. Hanson Enterprises will be able to produce their products at a lower cost and can pass those savings onto their consumers all over the world. They have also included a provision in the contract with the partnering company that employees will receive a minimum wage based on U. S. state residency. The company will also provide day care, health insurance, and retirement benefits to the employees. Further, Hanson Enterprises advertised that it will be designating funds to improve the social conditions in the community where this facility is located. You are part of a team that has been sent over to the new facility to ensure all is in accord with the contract, but what you find are employees not receiving the benefits nor the minimum wages promised; in fact, employees are having to work seven days a week with no breaks in their shifts and there are a number of safety issues in plain sight; no funds have been used to improve the community; intellectual property rights are being infringed upon; and bribes are taking place among management and other businesses in the local area.
Instructions
Review the situation and conduct scholarly research into the laws and regulations presented in the course content. Create an
Action Plan Recommendation Report
in Microsoft Word (
minimum of three pages
) to the CEO of Hanson Enterprises addressing:
What legal (consider federal and international laws) and ethical (consider specific ethical theories) issues do you see in this scenario?
Based on the facts, what laws and/or regulations (consider federal and international laws) would address this scenario as it relates to employment law?
Based on the facts, what laws and/or regulations (consider federal and international laws) would address this scenario as it relates to intellectual property (i.e. trademarks and copyright)?
Explain if it is possible to sue for breach of contract, or if there are any contract remedies available.
What are the consequences if the corporate social responsibility (CSR) is not addressed?
What do you think is the best legal and ethical course of action for Hanson Enterprises to take, and why is it in the best interest of the company?
Use at least three credible sources. These should be cited and in APA format.
.
Schizophrenia
Select
Schizophrenia
Use
the Research Analysis to complete this assignment.
Prepare
a 1,050- to 1,400-word paper that discusses research-based interventions to treat psychopathology.
Review
the characteristics of the selected disorder and discuss the research about intervention strategies for the disorder. Address the following:
Evaluate three peer-reviewed research studies using the Research Analysis.
Conceptualize the disorder using one of the psychological perspectives in the text.
Discuss the treatments or interventions that have been shown to be the most effective for your selected disorder.
Cite
at least five peer-reviewed sources.
Include in text citations.
Include headings for each section (paragraph).
Format
your paper consistent with APA guidelines.
Research Analysis
Terms
Definitions
Peer-reviewed study
Peer review refers to a study that has been accepted by a standard journal using blind review by peers in the field. This means that every study should have a fair access to publication based upon quality of the study.
Type of study
Types of studies can include experimental, case study, longitudinal, cross-sectional, survey, and so forth.
Measurement or assessment tools
A measurement tool is a means that the researchers used to measure or assess the variables under study. Did the study develop assessment tools? Did the study use objective measurement tools? Can the measurement tools be found and used by another researcher? Are the instruments valid and reliable?
Number of participants
This refers to how many participants were in the study.
How they were selected
Selection process can include the means of recruitment of participants; what was the sampling method or strategy? Describe the population. This could be clients or college students. Indicate sample size.
Number of groups
Was there a control group? The control group does not receive the treatment. Do these participants have the same characteristics and diagnosis as the experimental group participants?
How they were assigned
Were they matched or randomly assigned to one the conditions, or groups, in the study?
What type of intervention was delivered
Define the type of therapeutic treatment or intervention that occurred.
How the intervention was delivered
Were there therapists? Were the therapists trained to deliver the treatment? Was the study a drug study? Was it double-blind?
Were there repeated measures
In this area, we are looking at whether the study found the subjects 6 months or 1 year after the conclusion of the study. Was there a difference between the experimental and control participants at the follow up? We are looking at whether the treatment effect lasts over time.
.
School leaders have found many benefits from the implementation of a.docxronnasleightholm
School leaders have found many benefits from the implementation of action research methodology to initiate the change process (Buczynski & Hansen, 2014; Mills, 2014). It has been stated that action research “has been and continues to be a process of practical and grounded inquiry that reflects in its origins the empowerment of teacher to identify and solve their own problems” (Stringer, 2007, p. 32). Further, Buczynski and Hansen (2014 p. 365) explain that action research provides a clear path to understanding change because it is a “powerful tool” that guides our decisions and practices. As you have now finished implementing your intervention/innovation directly, this discussion provides the opportunity to prepare your data analysis as is expected for the final project, and to share it in the discussion forum for the purpose of providing and receiving feedback from your peers. This collaboration and preparation will further inform your analysis and revisions in preparation for the final project in Week Six.
Initial Post:
Post your data analysis as an attachment following the format outlined below:
Data Collection Strategies:
In one-to-two pages, describe the data obtained through the observations. Charts, diagrams, or other visual depictions of your data may be included.
Outcome Analysis:
In one-to-two pages, present your conclusions of your data analysis. Explain the specific strategies that were successful, which strategies did not work as well as was anticipated? Additionally, explain how the strategies support the research questions.
.
ScenarioSummaryIn this lab, you will explore at least one IDS, IP.docxronnasleightholm
Scenario/Summary
In this lab, you will explore at least one IDS, IPS, or Honeypot currently offered by product vendors and cloud service providers. You will be making a security recommendation, related to the protection of a target network of your choice.
There are a few different paths you may take in this lab, so let's address some of the distinguishing features and definitions that are out there.
IDS and IPS Overview
·
An intrusion detection system (IDS) generally detects and logs known intrusions or anomalous network activity. Generally, no real-time protection actually occurs, therefore false-positives create little or no damage. Optionally, suspicious network traffic can be routed to an alternate network, such as a honeypot.
·
An intrusion protection system (IPS) generally detects, logs, and then blocks known intrusions or anomalous network activity. False-positives are an issue and will result in a self-inflicted denial of service condition. Optionally, suspicious network traffic can be routed to an alternate network, such as a honeypot.
Honeypot Overview
·
Honeypots come in several broad categories. The most common labels we apply to them are research honeypots, active honeypots, and offensive honeypots. They are designed to do what their label suggests, and here is a brief summary.
Note: Seek qualified legal advice before deploying any type of honeypot.
·
Research honeypots generally collect and analyze data about the attacks against a decoy-network. They can also route the attacker to new decoy-networks, to gather more details about the potential attacks. The data gathered are used to understand the attacks and strengthen the potential target networks.
·
Active honeypots have many of the features found in a research honeypot, but they also hold special content that, once taken by the attackers, can be used as evidence by investigators and law enforcement. For example, active honeypots may have database servers containing a fake bank account or credit card information.
·
Offensive honeypots are configured with many of the features of the active honeypots, with one interesting and dangerous addition: they are designed to damage the attacker. When used outside of your own network, this type of honeypot can result in vigilantism, attacks against false-targets, and may result in criminal charges against the honeypot operators. Offensive honeypots are not recommended for non-law-enforcement organizations. However, when used fully within your own network, this technique can detect and neutralize the attacker.
Any of the above services can be implemented on a privately managed network, or through a cloud service. The selection of one platform over another will generally determine where the specific protection occurs—on your network or in the cloud.
The reason for this lab is to give you an understanding of how special network technology can be used as a security research tool, while also providing varying degrees of protection.
Doc.
Scenario You will be assigned an Emerging Technology research and p.docxronnasleightholm
Scenario: You will be assigned an Emerging Technology research and presentation topic and will be presenting it during weeks 2-5. Prepare and present a 7-9 slides presentation (show and tell) explaining how the technology works and used today, why it is important, and its future potential benefits for the businesses.
the topic is
Internet/Intranet Security
.
Explain whether you believe that democracy has worked in Iraq ronnasleightholm
Explain whether you believe that democracy has worked in Iraq and Afghanistan. Provide support for your response.
Discuss the progress Iran is making in their attempt to implement a democratic election process. Next, speculate on two (2) challenges you believe Iran will face in accomplishing this task. Justify your response.
...
Explain what particular type of leadership style is needed to begironnasleightholm
Explain what particular type of leadership style is needed to begin a robust leadership that contributes to growing the healthcare organization.
Describe what leadership is.
Discuss some leadership styles used in healthcare.
Compare and contrast leadership styles in healthcare.
Design and create the role of your Operations Manager, so that person can be empowered to be more effective in that role.
Decisions support systems.
Communication availability and use.
Technology availability and use.
Put a system in place to limit the likelihood of being able to commit fraud.
Focus on efficiency using decision support system resources.
Describe technology software that could add value to an anti-fraud system.
Explain the compliance and regulatory rulings regarding healthcare fraud.
...
Explain what is meant by Leaders are not born, they are made. Whronnasleightholm
Explain what is meant by "Leaders are not born, they are made." What are the key differences between a manager and a leader?
How do the components of emotional intelligence (EI) influence decision making and leadership in health care? (See Table 1,
EI article.
) What can you do to develop EI in your current or future managerial role?
Resources: Buchbinder, S. B., Shanks, N. H., & McConnell, C. R. (2012).
Introduction to healthcare management
. (Laureate Education, Inc., custom ed.). Sudbury, MA: Jones and Bartlett.
Chapter 7, "Leaders and Managers", Chapter 9, “Decision Making and Problem Solving”, & Chapter 6, “Team Leadership”
NOTE: Attached is the Article of E1 ARTICLE TABLE
...
Explain what you believe is the real difference between ‘science’ anronnasleightholm
Explain what you believe is the real difference between ‘science’ and ‘pseudoscience’.
Examine the key reasons why so many people might seem to be attracted to more pseudoscience-type claims.
Describe at least two (2) such claims that you have heard people make, and analyze the main reasons why such claims do or do not meet rigorous scientific methodology standards.
Determine at least two (2) ways in which the material discussed this week has changed your own thinking.
...
Explain the various types of network attacks and their countermeasurronnasleightholm
Explain the various types of network attacks and their countermeasures/mitigations. Use examples to illustrate your explanation.
Please DO NOT USE outside sources or quote your book directly for these discussion - summarize what you want to say in your own words and use examples to illustrate your meaning.
...
Explain the various modes of transmission for HIV. How does HIV convronnasleightholm
Explain the various modes of transmission for HIV. How does HIV convert into AIDS?
PLEASE EXPLAIN WHETHER YOU AGREE WITH MY CLASSMATE ANSWER TO THE ABOVE QUESTION AND WHY? (A MININUM OF 150 WORDS)
CLASSMATE'S POST
HIV is a retrovirus, a virus that uses RNA as its genetic material instead of the more usual DNA, that now infects over 33 million individuals and kilos almost 2 million a year. The target of HIV is a specific type of white blood cell called the CD4-Tlymphocyte, or T4 cell. T4 cells are just one of many components of the complicated immune machinery that is activated when the blood recognizes a foreign invader such as a bacterium or a virus. In a T4 cell that is infected with HIV, activation of the cell activates the virus also, which then produces thousands of copies of itself in a process that kills the T4 cell. Thus, destruction of the T4 cell disrupts the entire immune system. The course of infection with HIV takes place over several years. After being exposed to HIV, a person may or may not notice mild, flu-like symptoms for a few weeks, during which time the virus is present in the blood and body fluids and may be easily transmitted to others by sex or other risky behaviors. The infection then enters a latent period, which the viruses mostly hidden in the DNA of the T4 cells, although a constant battle is taking place between the virus and the immune system. Eventually however, after several years, the immune system begins to lose the struggle, and so many of the T4 cells begin to die that they cannot be replaced rapidly enough. When the number of T4 cells drops below 200 per cubic millimeter of blood, about 20 percent of the normal level, symptoms are likely to begin appearing, and the person is vulnerable to opportunistic infections and certain tumors. At the same time, the number of circulating viruses increases, and the person again becomes more capable of transmitting the infection to others. At this stage, the person meets the criteria for AIDS, which is defined by the T4 cell count and/or the presence of opportunistic infections.
...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
Acetabularia Information For Class 9 .docxvaibhavrinwa19
Acetabularia acetabulum is a single-celled green alga that in its vegetative state is morphologically differentiated into a basal rhizoid and an axially elongated stalk, which bears whorls of branching hairs. The single diploid nucleus resides in the rhizoid.
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
Honest Reviews of Tim Han LMA Course Program.pptxtimhan337
Personal development courses are widely available today, with each one promising life-changing outcomes. Tim Han’s Life Mastery Achievers (LMA) Course has drawn a lot of interest. In addition to offering my frank assessment of Success Insider’s LMA Course, this piece examines the course’s effects via a variety of Tim Han LMA course reviews and Success Insider comments.
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
"Protectable subject matters, Protection in biotechnology, Protection of othe...
ESSENTIALS OF Management Information Systems 12eKENNETH C.
1. ESSENTIALS OF
Management Information Systems 12e
KENNETH C. LAUDON AND JANE P. LAUDON
continued
Systems
CHAPTER 4 ETHICAL AND SOCIAL ISSUES IN
INFORMATION SYSTEMS
CASE 3 Data Mining for Terrorists and Innocents
SUMMARY This case describes how data mining software,
combined with Big Data collection from
the Internet, are used to identify potential terrorists. The
PRISM program of the U.S.
National Security Agency (NSA) is an on-going effort to enable
such Internet surveillance.
In some cases innocent people have been mistaken for terrorists,
while sometimes a
terrorist plot is disrupted. The existence of the PRISM program
was a national security
secret until its existence was revealed by Edward Snowden, a
former NSA contractor.
There are two videos in this case:
(1) Data Mining for Terrorists and Innocents (L= 5:10)
URL http://www.youtube.com/watch?v=4lKpD7MC22I
(2) How Does the PRISM Program Work? (L=1:59)
URL https://www.youtube.com/watch?v=JR6YyYdF8ho
2. CASE Anti-terrorism agencies around the world have made
effective use of new surveillance tech-
nologies that offer unprecedented abilities to identify and
apprehend potential terrorists.
Today’s terrorists are by nature difficult to track, as
disconnected groups of individuals can
use the Internet to communicate their plans with lower chance
of detection. Anti-terrorist
technology has evolved to better handle this new type of threat.
But there are drawbacks to these new strategies. Often, innocent
people may find their
privacy compromised or completely eliminated as a result of
inaccurate information.
Surveillance technologies are constantly improving. While this
makes it more difficult for
Chapter 4, Case 3 Data Mining for terrorists anD innoCents 2
continued
terrorists and other criminals to exchange information, it also
jeopardizes our privacy, on
the Internet and elsewhere, going forward. For instance, it may
be necessary to monitor the
phone calls of all American citizens, and visiting foreigners, in
order to uncover a terrorist
plot. Is this reason for worry? Are comparisons to Orwell’s
1984 appropriate or overblown?
The first video displays both the positive and negative results
of new advances in tech-
nology. The first segment describes a program called the Dark
3. Web Project developed by
a team at the University of Tucson that combs the Internet in
search of militant leaders
and their followers. The program creates profiles based on word
length, punctuation,
syntax, and content, and displays information about the
personality type of an individual
graphically.
The plotting of information on a graph represents whether the
user is violent or militant,
inexperienced and seeking advice, or an opinion leader holding
sway over many more
people. Programs like this have been adopted by many
intelligence agencies worldwide,
who incorporate it into their arsenal of terrorist surveillance
technologies.
It’s unclear if this project infringes on freedom of speech and
individual privacy. On the
one hand, detection of a potential terrorist is potentially an
important method of deterring
future terrorist attacks. On the other hand, individuals who
haven’t done or said anything
wrong may be profiled and have their private conversations
exposed. An additional concern
is how to distinguish what kinds of speech are grounds for
surveillance.
The second segment of the video describes the plight of a
German sociology professor,
Andrej Holm, subjected to jail time and 24-hour surveillance
thanks to his supposed associa-
tion with a terror cell. Holm has written extensively on
gentrification, or the gap between
4. Chapter 4, Case 3 Data Mining for terrorists anD innoCents 3
continued
1. Does the Tucson data-mining project inappropriately violate
the privacy of Internet
users, or is it an acceptable tradeoff to more intelligently
combat terrorism? Explain your
answer.
2. Were the local police justified in their handling of Holm?
Why or why not? For whichever
view you take, briefly describe the opposing viewpoint.
3. Name the nine US Internet providers that were cooperating
with the PRISM program.
For each, describe some of the information which they could
uniquely provide.
4. Why did the Internet companies provide the government with
information on their
users?
5. Is the PRISM program a danger to American democracy?
Why, or why not?
VIDEO CASE
QUESTIONS
the rich and the poor. A radical group repeated some of his
themes in a letter claiming
responsibility for terror attacks arson of police vehicles. Police
also found that Holm had
spoken to one of the terrorists twice before. Local law
5. enforcement jailed him for three
weeks and subjected him to constant surveillance afterwards.
But Holm claims that he is a victim of unfortunate
circumstances, and the courts agreed,
ruling that his imprisonment was illegal. Holm’s phones were
tapped and his Internet usage
recorded, and while he’s been acquitted, he has no assurance
that the surveillance has
stopped.
The second video describes the National Security Agency
PRISM program for collecting
telephone metadata and Internet behavior on most of the
American and global population.
Because most global Internet traffic goes through servers and
routers in the United States,
the PRISM program essentially was able to surveil all Internet
traffic worldwide. Nine of
the largest telecommunications and Internet companies
cooperated with the government
program. Developed shortly after the World Trade Center
terrorist attack on September
11, 2001, and authorized by Congress as part of the Patriot Act
(October 2001), the PRISM
program was a closely held national security secret until
revealed by David Snowden, a
contract worker for the NSA who stole secret computer
documents describing the program
from the NSA and distributed them to newspapers worldwide.
Snowden escaped arrest in
the United States by fleeing eventually to Russia. He is
regarded by some as a traitor for
revealing national security secrets, and by others as a national
hero, a whistle blower, who
alerted the American public to what may be illegal activity by
8. R
C
H
PA
PER COMPETIT
IO
N
2010 ACS
2ndplace
METRICS-BASED
Risk Assessment
and Management
of DIGITAL FORENSICS
Mehmet Sahinoglu, MSgt Stephen Stockton, USAF (Ret.),
Capt Robert M. Barclay, USAF (Ret.), and Scott Morton
Driven by the ubiquity of computers in modern life and the
subsequent rise of
cybercriminality and cyberterrorism in the government and
defense industry,
digital forensics is an increasingly salient component of the
defense acquisi-
tion process. Though primarily located in the law enforcement
community,
digital forensics is increasingly practiced within the corporate
world for legal
and regulatory requirements. Digital forensics risk involves the
assessment,
9. acquisition, and examination of digital evidence in a manner
that meets legal
standards of proof and admissibility. The authors adopt a model
of digital
forensics risk assessment that quantifies an investigator’s
experience with
e Fleischer
eight crucial aspects of the digital forensics process. This
research adds the
concept of quantifying through a designed risk meter algorithm
to calculate
digital forensics risk indices. Numerical and/or cognitive data
were pains-
takingly collected to supply input parameters to calculate the
quantitative
risk index for the digital forensics process. Much needed risk
management
procedures and metrics are also appended.
Keywords: Cyberterrorism, cybercriminality, risk meter
154 Defense ARJ, April 2016, Vol. 23 No. 2 : 152–177
A Publication of the Defense Acquisition University
http://www.dau.mil
Digital forensics is a topic that has been popularized by
television pro-
grams such as CSI. Crime-solving glamour and drama aside, the
reality is
10. that the digita l forensics process is a highly technica l field
that depends
on the proper implementation of specif ic, well-accepted
protocols a nd
procedures. Inadequate forensic tools and technical
examination, as well
as lack of adherence to appropriate protocols and procedures,
can result
in evidence that does not meet legal standards of proof and
admissibility.
Digital forensics risk arises, for example, when personnel lack
the proper
tools to conduct investigations, fail to process evidentiary data
properly, or
do not follow accepted protocols and procedures.
Assessing and quantifying digital forensics risk is the goal of
this article. To
do so, the authors utilize a digital forensics risk meter, based on
a series of
questions designed to assess respondents’ perceptions of digital
forensics
risk. Based on the responses, a digital forensics risk index will
be calculated.
Where this approach differs is that other approaches typically
provide gen-
eral guidance in the form of best practices, classification
schemes or, at best,
a checklist for digital forensics procedures, and do not provide
quantitative
tools (based on game theory) for risk management and
mitigation. Examples
of other such approaches follow:
11. 155Defense ARJ, April 2016, Vol. 23 No. 2 : 152–177
April 2016
• U.S. Department of Justice, Forensic Examination of Digital
Evidence: A Guide for Law Enforcement (general guidelines
and
worksheets) (U.S. Department of Justice, 2004)
• Error, Uncertainty, and Loss in Digital Evidence (cer tainty
levels) (Casey, 2002)
• Cyber Criminal Activity Analysis Models using Markov Chain
for Digital Forensics (suspicion levels) (Kim & In, 2008)
• Two-Dimensional Evidence Reliability Amplification Process
Model for D igital Forensics (ev idence reliabi lit y) (K hatir,
Hejazi, & Sneiders, 2008)
• Building a D igital Fore n sic Laborator y: Establishing and
Managing a Successful Facility (checklist) (Jones & Valli,
2011)
One approach that does employ quantification, Metrics for
Network Forensics
Conviction Evidence, is confined to network forensics—mostly
measuring
severity impact—and does not provide mitigation advice
(Amran, Phan,
& Parish, 2009). In that research article, the authors show “how
security
metrics can be used to sustain a sense of credibility to network
evidence
gathered as an elaboration and extension to an embedded feature
of Network
Forensics Readiness (NFR).” They then propose “a procedure of
12. evidence
acquisition in network forensics … then analyze a sample of a
packet data in
order to extract useful information as evidence through a
formalized intu-
itive model, based on capturing adversarial behavior and layer
analysis, …
apply the Common Vulnerability Scoring System—or CVSS
metrics to show
the severity of network attacks committed…”(p. 1).
The digital forensics risk meter presented in this article will
provide objec-
tive, automated, dollar-based risk mitigation advice for
interested parties
such as investigators, administrators, and officers of the court
to minimize
digital forensics risk. Figure 1 represents a decision tree
diagram to assess
risk; Figure 2 (with the Advice column on the right extracted
from Figure
B-1, Appendix B) represents sample mitigation advice generated
from the
respondents’ inputs. This article will not only present a
quantitative model,
but will generate a prototype numerical index that facilitates
appropriate
protocols and procedures to ensure that legal standards of proof
and admis-
sibility are met.
156 Defense ARJ, April 2016, Vol. 23 No. 2 : 152–177
A Publication of the Defense Acquisition University
13. http://www.dau.mil
FIGURE 1. DIGITAL FORENSICS RISK DIAGRAM
Protocols &
Procedures
Mission Statement
Personnel
Administrative
Service Request/Intake
Case Management
Evidence Handling/
Retention
Case Processing
Technical Procedures
Development
Case Assessment
Onsite
Location Assessment
Processing
Search Authority
Evaluation
36. 8
7
3
5
2
158 Defense ARJ, April 2016, Vol. 23 No. 2 : 152–177
A Publication of the Defense Acquisition University
http://www.dau.mil
F
IG
U
R
E
2
. M
E
D
IA
N
D
IG
IT
75. .
160 Defense ARJ, April 2016, Vol. 23 No. 2 : 152–177
A Publication of the Defense Acquisition University
http://www.dau.mil
Vulnerabilities, Threats, and
Countermeasures
Based on industry best practices guidelines, such as the U.S.
Department
of Justice (2004) Forensic Examination of Digital Evidence: A
Guide for Law
Enforcement, eight specific vulnerabilities are assessed:
1. Protocols and Procedures
2. Evidence Assessment
3. Evidence Acquisition
4. Evidence Examination
5. Documentation and Reporting
6. Digital Forensics Tools
7. Legal Aspects
8. Victim Relations
Within each vulnerability category, questions pertain to specific
threats and
76. countermeasures. For example, within the Evidence Acquisition
vulnera-
bility, respondents are asked questions regarding precautions,
protection,
a nd preser vation threats a nd countermea sures. Within the Ev
idence
Exa mination v ulnerability, respondents a re asked questions
rega rding
preparation, physica l extraction, logica l extraction, timeframe
ana lysis,
data hiding analysis, application/file analysis, and
ownership/possession
threats and countermeasures. Within the digital forensics Tools
vulnerabil-
ity, respondents are asked questions regarding hardware,
software, training,
and funding threats and countermeasures. Figure 1 details these
vulnera-
bilities and threats. The responses are then used to generate a
quantitative
Digital Forensics risk index.
Assessment Questions
Questions are designed to elicit responses regarding the
perceived risk
to proper Digital Forensics procedures, evidence
handling/examination,
admissibility, and other associated issues from particular
threats, as well
as the countermeasures the respondents may employ to
counteract those
161Defense ARJ, April 2016, Vol. 23 No. 2 : 152–177
77. April 2016
threats. For example, in the Evidence Examination
vulnerability, questions
regarding the data hiding analysis threat include both threat and
counter-
measure questions. Threat questions would include:
• Do file headers not correspond to file extensions?
• Did the suspect encrypt or password-protect data?
• Are hidden messages present?
• Are host-protected areas (HPA) present?
Countermeasure questions would include:
• Did the examiner correlate file headers to the corresponding
file extensions to identify any mismatches that may indicate
the user intentionally hid data?
162 Defense ARJ, April 2016, Vol. 23 No. 2 : 152–177
A Publication of the Defense Acquisition University
http://www.dau.mil
• Did t he exa m i ner ga i n access to a l l pa ssword-protected,
encr y pted, a nd compressed f i les, wh ich may i nd icate a n
attempt to conceal the data from unauthorized users?
• Did the examiner conduct a thorough stenographic analysis?
78. • Did the examiner gain access to HPAs that may indicate an
attempt to conceal data?
Sa mple v u l nera bi l it y ( E v idence A cqu i sit ion) a s ses
sment ques t ion s
employed in the dig ita l forensics risk meter a re found in
Appendi x A .
Appendi x A a lso cla rif ies a nd precludes conf usion bet ween
Ev idence
Acquisition and materiel acquisition. The first proactive step in
any digi-
tal forensic investigation is acquisition. The inherent problem
with digital
media is that it is readily modified just by accessing files.
Working from
a copy is one of the fundamental steps to making a forensic
investigation
auditable and acceptable to a court (Acquisition, n.d.).
Risk Calculation and Risk Management
through Surveys
Based on their experience, the respondents a nswer yes or no to
the
survey questions. These responses are then used to calculate
residual risk.
Employing a game-theoretical mathematical approach, the
calculated risk
index is used to generate an optimization or lowering
of risk to desired levels (Sa hinoglu, 2007, 2016).
A more deta iled set of mitigation advice will be
generated to show interested parties (such as inves-
tigators, administrators, and officers of the court)
where risk can be reduced to optimized or desired
levels. An example of such risk reduction is shown
in Fig ure 2, f rom 45.8 percent to 35.8 percent ,
79. which represents the media n response from the
study participants (Sahinoglu, Cueva-Parra, & Ang,
2012). Figure 2 is an actual screenshot of a results
table, representing the median digital forensics risk
meter results displaying threat, countermeasures,
residua l risk indices, optimization options, a nd
risk mitigation advice. For this study, a random
sample of responses from 27 survey par-
ticipants was analyzed; their residual
163Defense ARJ, April 2016, Vol. 23 No. 2 : 152–177
April 2016
risk results are tabulated and presented in Appendix B. The
survey portfo-
lio used in this assessment and upon which this research article
is based
showed the complexity of the digital forensics field,
encompassing tools,
procedures, specific training, budget, and trial.
Dig ita l forensics has two crucia l phases (Appendix A). The f
irst phase
included a ll the forensics involved with the collection of data,
while the
second phase concerns defending the data collected, the means
by which
the data were collected, a nd cha in of custody applied from the
origina l
collection until court (Sahinoglu, Stockton, Morton, Barclay, &
Eryilmaz,
2014). The initial goal was to obtain survey input from local
city leaders in
80. Montgomery, Alabama. Although individuals from the
Governor’s Office,
Montgomery Police Department, and District Attorney’s office
were will-
ing to assist, our short timeframe and their busy schedules
prevented their
offices from providing input to the digital forensics survey.
Fortunately, the
authors had contacts at other law enforcement offices, which
agreed to make
personnel available for the survey and eventual follow-up.
Eventually, three
law enforcement offices and one special investigation/training
organization
participated and provided valuable input.
Our first objective was to explain the purpose of the survey and
the potential
value the combined results could offer each of the offices. At
each location,
participants included investigators, initia l responders, digita l
forensics
specia lists, a nd lega l exper ts (i.e., District Attorney Off ice
personnel).
The ra nge of exper tise of the pa r ticipa nts was inva luable, as
each pro-
vided insight into an aspect of the survey that is often
unique to a position within a department. Because
of this range of expertise, the authors are confident
they were able to capture the three main components
of the sur vey por tion of the R isk-o-Meter (RoM).
Perspectives from collection of evidence, packaging
of evidence for trial, and presentation of evidence at
trial were all given. Although the special investiga-
tion/training organization had many fewer survey
81. participants, they did offer a unique perspective, as
they represented a n orga nization that focuses on
training digital forensics experts for the military.
The resu lts were t hen r un for each pa r ticipa nt ,
determining the Initia l Repair Cost to Mitigate.
This was determined by using a Criticality
of 1.0, Equipment Cost of $0.0, and a
164 Defense ARJ, April 2016, Vol. 23 No. 2 : 152–177
A Publication of the Defense Acquisition University
http://www.dau.mil
Production Cost of $1,000. The median of all results was
determined and
then optimized through the RoM to determine the best “bang for
the buck”
that would reduce the participant’s Total Residual Risk by 10
percent. The
initial Total Residual Risk for the median participant was 45.8
percent, with
an Expected Cost of Loss (ECL) of $458.34. Once optimized,
the Total Risk
was reduced to 35.8 percent, and the ECL was reduced by $100
to a total
ECL of $358.34 (Fig ure 2). The first optimized solution was to
increase
the countermeasure (CM) capacity for the “Examiner Notes”
threat for
the Documentation and Reporting vulnerability from 45.0
percent to 72.17
percent, for an improvement of 27.17 percent. The second
82. optimized solution
was to increase the CM capacity for the “Victim Rights and
Support” threat
for the Victim Relations vulnerability from 72.50 percent to
99.92 percent,
for an improvement of 27.42 percent.
Table B-2 in Appendix B depicts
a s e t o f c o n s t r a i n e d l i n e a r
equations used within the body
of t he r isk meter ’s innovative
second-sta ge sof t wa re for the
ga me -t heoret ic opt i m i z at ion
necessar y to create the Advice
column (shown on the right in
Figure 2). The Advice column’s
original survey calculations are
depicted in Fig ure B -1, which
displays company ECSO8: 14th
Ranked Overall Median Survey.
This is followed by Figure B-2,
which displays company OPD1’s
Group Media n Sur vey Ta ker’s
Origina l Sur vey Outcome; while Fig ure B-3 displays company
AUPD5’s
Group Median Survey Taker’s Original Survey Outcome. In
each case, the
company representative seemed impressed with the results and
noted the
results for possible future implementation. One organization
actually com-
mented that they had already begun looking into increases in at
least one
CM that was identified by the optimization. Clearly, this
episode validated
83. the tool and its usefulness in their eyes.
165Defense ARJ, April 2016, Vol. 23 No. 2 : 152–177
April 2016
Discussion and Conclusions
The advantages of conducting business on the Internet have
been well
documented. Conducting business online is frequently faster and
cheaper
than utilizing traditional methods. However, this comes with the
digital
forensics-related vulnerabilities and pertinent threats that tend
to convert
the positive adva ntages to clea r disadva ntages as a result of
fraud a nd
wrongdoing. With the advent of the Internet and burgeoning
information
systems, digital forensics has gained worldwide momentum. In
every envi-
ronment, the content of digital information relative to criminal
undertakings
and investigations alike has vastly increased, growing
disproportionately
to the capacities of state and local governments, as well as
federal agencies
and military components. The risk assessment, risk mitigation,
or general
risk management that involve planned investment policy in
order of priority,
with a sound and auditable, cost-effective approach, are missing
links. The
84. proposed digital forensics risk meter is an innovative initiative
that provides
a quantitative assessment of risk to the user as well as
recommendations
for mitigating that risk. This approach will be a highly useful
tool to inter-
ested parties such as investigators, company or system
administrators, and
officers of the court seeking to minimize and thereby mitigate
digital foren-
sics risk by leveraging and introducing early, preventive CMs
identified as
an outcome of this dynamic closed-end survey.
Additional future research by the principal author will involve
the addition
of cloud computing concerns such as service provider
cooperation and data
accessibility, as well as the incorporation of new questions so
as to better
refine user responses and subsequent calculation of risk and
mitigation rec-
ommendations. Minimization or mitigation of digita l forensics
risk will
greatly facilitate the success of digital forensics investigations,
ensuring that
legal standards of proof and admissibility are ultimately met.
The digital
forensics risk meter tool provides the means to identify areas
where risk can
This approach will be a highly useful tool to interested
parties such as investigators, company or system admin-
istrators, and officers of the court seeking to minimize
and thereby mitigate digital forensics risk by leveraging
and introducing early, preventive CMs identified as an
85. outcome of this dynamic closed-end survey.
166 Defense ARJ, April 2016, Vol. 23 No. 2 : 152–177
A Publication of the Defense Acquisition University
http://www.dau.mil
be minimized, as well as giving the objective, dollar-based
mitigation advice
to do just that. This aspect of objective quantifiable risk
assessment and man-
agement will add to the trustworthiness of acquisition practices
in terms of
dependable Internet communications involving great quantities
of materiel
and their budgetary repercussions.
Limitations and Future Research
The limitations are obvious due to input data deficiency, but
methods
such as the one proposed in this article are a good way to start
due to the
objective, hands-off, automated, cost-effective treatment of the
problem at
hand. Sound assessment of digital forensics risk can result when
informa-
tion entered, from learned respondents, is as close to the truth
as feasibly
possible. The discussion that follows clarifies how this
proposed work is
directly relevant to acquisition reisk mitigation if applied
appropriately
within a system.
86. This research article is not focused on the usual law
enforcement or digi-
tal-policing procedures, but is directed towards greater
awareness for the
in-house (e.g., acquisition community) workforce as they
manage already
existing risk assessment and risk management algorithms. By
leveraging
the countermeasures outlined in this article (in particular, the
Advice col-
umn in Figure 2, which employs probability-estimation and
game-theoretic
risk computing), the authors anticipate that acquisition
practitioners can
better preclude future digital forensics breaches by taking
timely CMs.
Law enforcement, in cooperation with the defense acquisition
community,
is increasingly becoming an important player in digital
forensics, thereby
lending increased scrutiny in this vital area. Law enforcement is
more aware
of evidence such as drug cartel activity and money laundering
through all
avenues such as export, import, and domestic acquisition
activities. Even
in homicide cases, much useful evidence can be deduced by
using digital
forensics information. In addition, digital forensics sciences not
only can
break a difficult case, but can do so quickly and inexpensively
compared to
police detectives’ usual time-tested, but tedious practices. The
proposed
87. risk meter software and its algorithm can successfully lead the
way toward
navigating the stages of cost-effective risk assessment and
management.
In conclusion, the best “bang for the buck” derives from simple
usability
and scientific objectivity.
167Defense ARJ, April 2016, Vol. 23 No. 2 : 152–177
April 2016
References
Acquisition. (n.d.). In Wikibooks. Retrieved from
https://en.wikibooks.org/wiki/
Introduction_to_Digital_Forensics/Acquisition
Amran, A. R., Phan, R. C. W., & Parish, D. J. (2009). Metrics
for network
forensics conviction evidence. Proceedings of the International
Conference
for Internet Technology and Secured Transactions (ICITST),
Institute of
Electrical and Electronics Engineers (pp. 1–8), London,
England. doi: 10.1109/
ICITST.2009.5402640
Casey, E. (2002, Summer). Error, uncertainty, and loss in
digital evidence.
International Journal of Digital Evidence, 1(2). Retrieved from
https://utica.
edu/academic/institutes/ecii/publications/articles/A0472DF7-
88. ADC9-7FDE-
C80B5E5B306A85C4.pdf
Jones, A., & Valli, C. (2011). Building a digital forensic
laboratory: Establishing and
managing a successful facility, Burlington, MA: Butterworth
Heinemann &
Syngress.
Khatir, M., Hejazi, S. M., & Sneiders, E. (2008). Two-
dimensional evidence reliability
amplification process model for Digital Forensics. Proceedings
of the IEEE
Third International Annual Workshop on Digital Forensics and
Incidents Analysis
(WDFIA 2008) (pp. 21–29), Malaga, Spain. doi:
10.1109/WDFIA.2008.11
Kim, D. H., & In, H. P. (2008). Cyber criminal activity analysis
models using Markov
chain for Digital Forensics. Proceedings of the 2nd International
Conference
on Information Security and Assurance (pp. 193–198), Busan,
Korea. doi: 1109/
ISA.2008.90
Sahinoglu, M. (2007). Trustworthy computing: Analytical and
quantitative engineering
evaluation. Hoboken, NJ: John Wiley.
Sahinoglu, M. (2016). Cyber-risk informatics: Engineering
evaluation with data science.
Hoboken, NJ: John Wiley.
Sahinoglu, M., Cueva-Parra, L., & Ang, D. (2012, May-June).
Game-theoretic computing
89. in risk analysis. Wiley Interdisciplinary Reviews:
Computational Statistics, 4(3),
227–248. doi: 10.1002/wics.1205. Retrieved from
http://authorservices.wiley.com/
bauthor/onlineLibraryTPS.asp?DOI=10.1002/wics.1205&Article
ID=961931
Sahinoglu, M., Stockton, S., Morton, S., Barclay, R., &
Eryilmaz, M. (2014, November
20). Assessing Digital Forensics risk: A metric survey
approach. Proceedings of
the SDPS 2014 Malaysia, 19th International Conference on
Transformative Science
and Engineering, Business and Social Innovation, Sarawak,
Malaysia. Retrieved
from
https://www.researchgate.net/publication/268507819_ASSESSI
NG_
DIGITAL_FORENSICS_RISK_A_METRIC_SURVEY_APPRO
ACH
U.S. Department of Justice. (2004). Forensic examination of
digital evidence: A guide
for law enforcement. Retrieved from
https://www.ncjrs.gov/pdffiles1/nij/
199408.pdf
168 Defense ARJ, April 2016, Vol. 23 No. 2 : 152–177
A Publication of the Defense Acquisition University
http://www.dau.mil
Appendix A
Sample Vulnerability (Evidence Acquisition, Documentation
90. and Reporting, and Victim Relations) Assessment Questions
(in XML format) and Survey Template
<survey>
<vulnerability title= “Evidence Acquisition” level= “0”>
<vQuestion> Are special precautions not taken to preserve
digital evidence?
</vQuestion>
<vQuestion> Was write protection not utilized to preserve and
protect
original evidence? </vQuestion>
<vQuestion> Was digital evidence not secured in accordance
with
departmental guidelines? </vQuestion>
<vQuestion> Was speed the primary concern when it came to
acquiring
digital evidence? </vQuestion>
<threat title = “Precautions”>
<tQuestion> Was evidence on storage devices destroyed or
altered?
</tQuestion>
<tQuestion> Was equipment damaged by static electricity and
magnetic
fields? </tQuestion>
<tQuestion> Was the original internal configuration of storage
devices and
hardware unnoted? </tQuestion>
<tQuestion> Were investigators unable to provide drive
attributes?
</tQuestion>
<threat title = “Protection”>
<tQuestion> Was CMOS/BIOS information not captured?
</tQuestion>
<tQuestion> Was the computer’s functionality and the forensic
92. brought
many benefits to technologically-advanced societies. As a
result,
commercial transactions and governmental services have rapidly
grown, revolutionising the life styles of many individuals living
in
these societies. While technological advancements undoubtedly
present many advantages, at the same time they pose new
security
threats. As a result, the number of cases that necessitate Digital
Forensic Investigations (DFIs) are on the rise, culminating in
the
creation of a backlog of cases for law enforcement agencies
(LEAs)
worldwide. Therefore, it is of paramount importance that new
research
approaches be adopted to deal with these security threats. To
this end,
this paper evaluates the existing set of circumstances
surrounding the
field of Digital Forensics (DF). Our research study makes two
important contributions to the field of DF. First, it analyses the
most
difficult technical challenges that need to be considered by both
LEAs
and Digital Forensic Experts (DFEs). Second, it proposes
important
specific future research directions, the undertaking of which can
assist
both LEAs and DFEs in adopting a new approach to combating
cyber-
attacks.
Keywords—digital forensics, IoT forensics, cloud forensics,
cybersecurity, digital investigation, encryption, anti-forensics
93. I. INTRODUCTION
In recent years, we have witnessed rapid advancements in
Information and Communication Technology (ICT) features.
Technologies such as communication networks, mobile devices,
Internet of Things (IoT) solutions, Cloud-Based Services
(CBSs), Cyber-Physical Systems (CPSs) have brought many
benefits to technologically-advanced societies [1, 2, 3]. As a
result, commercial transactions and governmental services have
rapidly grown, revolutionising the life styles of many
individuals living in these societies. While technological
advancements undoubtedly present many advantages, at the
same time they pose new cybersecurity threats which have
significant impacts on a variety of domains such as government
systems, enterprises, ecommerce, online banking, and critical
infrastructure. According to an official survey conducted by The
Office for National Statistics [4], there were an estimated 3.6
million cases of fraud and two million computer misuse
offences
in a year. Although there is a variety of reasons for conducting
cybercrimes, the motivation is often for financial gain. The
fundamental issue associated with cybercrime consists of
damage to reputation, monetary loss, in addition to impacts on
the confidentiality, integrity and availability of data.
By exploiting technology, cybercriminals, for instance, will
be able to turn IoT nodes into zombies (using malicious
software), carry out distributed denial of service (DDoS) attacks
(engineered through botnets), and create and distribute malware
aimed at specific appliances (such as those affecting VoIP
devices and smart vehicles) [1, 2], [5, 6, 7, 8, 9]. Other
challenges resulting from such technological advancements
include, but are not limited to: high volume of data,
heterogeneous nature of digital devices, advanced hardware and
software technologies, anti-forensic techniques, video and rich
94. media, whole drive encryption, wireless, virtualisation, live
response, distributed evidence, borderless cybercrime and dark
web tools, lack of standardised tools and methods, usability and
visualisation. The deployment of IP anonymity and the ease
with
which individuals can sign up for a cloud service with minimum
information can also pose significant challenges in relation to
identifying a perpetrator [2], [5], [8], [9, 10].
As a result, the number of cases that necessitate DFIs are on
the rise, culminating in the creation of a backlog of cases for
LEAs worldwide [11, 12]. Therefore, given the discussion
above, it is of paramount importance that new research
approaches be created to deal with the aforementioned security
challenges. To this end, we evaluate the existing set of
circumstances surrounding the field of DF. Our research study
makes two important contributions to the field of DF. First, it
analyses the most difficult mid and long-term challenges that
need to be considered by both LEAs and DFEs. Second, it
proposes important specific future research directions, the
undertaking of which can assist both LEAs and DFEs in
adopting a new approach to combating cyber-attacks.
II. CHALLENEGES
As the field of DF continues to evolve, its development is
severely challenged by the growing popularity of digital devices
and the heterogeneous hardware and software platforms being
utilised [2], [13, 14]. For instance, the increasing variety of file
formats and OSs hampers the development of standardised DF
tools and processes [15]. Furthermore, the emergence of
smartphones that increasingly utilise encryption renders the
acquisition of digital evidence an intricate task. Additionally,
95. advancements in cybercrime have culminated in the substantial
challenge of business models, such as Crime as a Service
(CaaS), which provides the attackers with easy access to the
tools, programming frameworks, and services needed to conduct
cyberattacks [2]. The following sub-sections analyse the key
issues that pose significant challenges to the field of DF.
A. Cloud Forensics
The cloud computing paradigm presents many benefits both
to the organisations and individuals. One of such advantages
relates to the manner in which data is managed by the cloud
infrastructure. For instance, data is spread between various data
centres to improve performance and facilitate load-balancing,
scalability, and deduplication features. Because of this, data
requires an efficient indexing so that retrieval and optimisation
performance can take place to evade duplication that often
contributes to the expansion of storage needs. As a result,
evidence left by adversaries is more difficult to eliminate since
it can be copied in various locations, rendering the acquisition
of evidence and its examination easier to perform.
However, despite its many benefits, cloud computing poses
significant challenges to the LEAs and DFEs from a forensic
perspective. These include, but are not limited to, problems
associated with the absence of standardisation amongst different
CSPs, varying levels of data security and their Service Level
Agreements [5], [16, 17], multiple ownerships, tenancies, and
jurisdictions. Moreover, the distributed nature of cloud
computing services presents a variety of challenges to LEAs as
data often resides in a number of different jurisdictions. In
contrast with traditional DF in which data is held on a single
device, within cloud environments data is often spread over
multiple different nodes. As a result, LEAs need to rely on local
laws to be able to conduct digital evidence acquisition [1], [7],
[18]. Therefore, the discrepancy in the legal systems of
96. different
jurisdictions combined with the lack of cooperation between
CSPs also poses significant challenges from a DF perspective.
In addition, existing DF models, frameworks, methodologies
and tools are mainly intended for off-line investigations,
designed on the premise that data storage under investigation is
within the LEAs’ control [19]. However, performing DFIs
within a cloud environment is increasingly challenging as
digital
evidence is often short-lived and stored on media beyond the
control of DFEs [1]. Anonymising tools and distributed data
storage in cloud services also enable criminals to cover their
malicious activities more easily. Furthermore, the use of
features
such as IP anonymity and the ease with which one can sign up
for a cloud service with minimal information make it almost
impossible to identify criminals in cloud environments [1], [7,
8]. Another challenge for DF is the availability of different
models for delivering cloud services (CSs). Specifically,
investigating the data of an infrastructure-as-a-service (IaaS)
user can be done without too many restrictions, but in the case
of customers using software-as-a-service (SaaS) resources,
access to information might be minimal or entirely absent.
Last, but not least, accessing a software application through
a cloud computing system often leaves traces of evidence in
various places on the OS, such as registry entries or temporary
Internet files. However, evidence is lost once the user has
exited
the virtual environment as virtualisation sanitises traces of
leftover artefacts. As a result, virtualisation limits the
traditional
examination of the leftover artefacts, rendering digital evidence
traditionally stored on hard drives potentially unrecoverable
97. [20,
21]. Therefore, cloud-based forensic investigations pose
significant challenges related to the identification and
extraction
of evidential artefacts.
B. Network Forensics
A Network Forensic Investigation (NFI) pertains to the
acquisition, storage and examination of network traffic
(encapsulated in network packets) generated by a host, an
intermediate node, or the whole portion of a network in order to
establish the source of a security attack. Network traffic objects
that require analysis consist of protocols used, IP addresses,
port
numbers, timestamps, malicious packets, transferred files, user-
agents, application server versions, and operating system
versions, etc. This data can be acquired from different types of
traffic.
Similar to any other sub-fields of DF, NF poses various
challenges to DFEs and LEAs. One of the challenges concerns
traffic data sniffing. Contingent on the network set up and
security measures where the sniffer is installed, the tool is
likely
not to capture all intended traffic data. However, this challenge
can be addressed by utilising a span port on network devices in
various places in the network. Another challenge for NF is that
an attacker might be able to encrypt the traffic by utilising a
SSL
VPN connection. In this case, although the address and port will
still be visible to DFEs, data stream will not be available.
Therefore, additional analysis will need to be carried out so as
to establish penetrated data.
Another challenge is determining the source of an attack
98. since an attacker may use a zombie machine, an intermediate
host to perform an attack, or simply use a remote proxy server.
The deployment of such methods by an attacker makes it very
difficult for DFEs to determine the source of the attack.
However, this can be remedied by examining each packet only
in a basic manner in memory and storing only certain data for
future examination. Notwithstanding that this approach
necessitates less amounts of storage, it often requires a faster
processor to be able to manage the incoming traffic. To capture
and analyse evidential network data, DFEs need to use a number
of commercial and open-source security applications such as
tcpdump and windump. Additionally, ensuring the privacy of
legitimate end users is another challenging factor in NF as all
packet data including that of the end user is captured during an
investigation.
C. Internet of Things (IoT) Forensics
The Internet of Things (IoT) which is supported by the cloud,
big data and mobile computing often connects anything and
everything ‘online’. The IoT represents the interconnection of
uniquely identifiable embedded computing devices within the
current Internet infrastructure. Some IoT devices are ordinary
items with built-in Internet connectivity, whereas some are
sensing devices developed specifically with IoT in mind. The
IoT covers technologies, such as: unmanned aerial vehicles
(UAVs), smart swarms, the smart grid, smart buildings and
home appliances, autonomous cyber-physical and cyber-
biological systems, wearables, embedded digital items, machine
to machine communications, RFID sensors, and context-aware
computing, etc. Each of these technologies has become a
specific domain on their own merit. With the new types of
devices constantly emerging, the IoT has almost reached its
99. uttermost evolution. With an estimated number of 50 billion
devices that will be networked by 2020 [20, 21], it is estimated
that there will be 10 connected IoT devices for every person
worldwide [22].
IoT-connected devices offer many benefits both individually
and collectively. For instance, connected sensors can help
farmers to monitor their crops and cattle so as to improve
production, efficiency and track the health of their herds.
Intelligent health-connected devices can save or significantly
improve patients’ lives through wearable devices. For instance,
the wearable device developed by Intel can track symptoms of
Parkinson's disease patients by passively collecting 300
observations per second from each wearer, tracking various
activities and symptoms [23, 24].
However, despite its many benefits, IoT-connected devices
pose significant privacy and security challenges as these
devices
and systems collect significant personal data about individuals.
As an example of privacy challenge, employers can use their
employees’ security access cards to track where they are in the
building to determine how much time the employees spend in
their office or in the kitchen. Another example relates to smart
meters that can determine when one is home and what
electronics they use. This data is shared with other devices and
stored in databases by companies. In relation to the security
challenges, due to the constant emergence of new and diverse
devices with varied OSs as well as the different networks and
related protocols, IoT produces a wider security attack surface
than that created by cloud computing. Examples of cyberattacks
that can be carried out on IoT devices include: intercepting and
hacking into cardiac devices such as pacemakers and patient
monitoring systems, launching DDoS attacks using
compromised IoT devices, hacking or intercepting In-Vehicle
Infotainment (IVI) systems, and hacking various CCTV and IP
100. cameras. Therefore, security is of paramount importance for the
secure and reliable operation of IoT-connected devices.
Although IoT uses the same monitoring requirements similar
to those utilised by cloud computing, it poses more security
challenges resulting from issues such volume, variety and
velocity. Furthermore, DFIs of IoT devices can be even more
difficult than those of cloud-based investigations as more
complex procedures are needed for investigation of these
devices.
IoT Forensics must involve identification and extraction of
evidential artefacts from smart devices and sensors, hardware
and software which facilitate a communication between smart
devices and the external world (such as computers, mobile, IPS,
IDS and firewalls), and also hardware and software which are
outside of the network being investigated (such as cloud, social
networks, ISPs and mobile network providers, virtual online
identities and the Internet). However, extracting evidential
artefacts from IoT devices in a forensically-sound manner and
then analysing them tend to be a complex process, if not
impossible, from a DF perspective. This is due to a variety of
reasons, including: the different proprietary hardware and
software, data formats, protocols and physical interfaces, spread
of data across multiple devices and platforms, change,
modification, loss and overwriting of data, and jurisdiction and
SLA (when data is stored in a cloud). Thus, determining where
data resides and how to acquire data can pose many challenges
to DFEs.
For instance, the DF analysis of IoT devices used in a
business or home environment can be challenging in relation to
establishing whom data belongs to since digital artefacts might
be shared or transmitted across multiple devices. In addition,
due
101. to the fact that IoT devices utilise proprietary formats for data
and communication protocols, understanding the links between
artifacts in both time and space can be very complex. Another
challenge related to the DFI of IoT devices concerns the chain
of custody. In civil or criminal trial, collecting evidence in a
forensically sound manner and preserving chain of custody are
of paramount importance. However, ownership and preservation
of evidence in an IoT setting could be difficult and can have a
negative effect on a court’s understanding that the evidence
acquired is reliable.
Furthermore, existing DF tools and methods used to
investigate IoT devices are designed mainly for traditional DF
examining conventional computing devices such as PCs, laptops
and other storage media and their networks. For instance, the
current methods utilised to extract data from IoT devices
include: obtaining a flash memory image, acquiring a memory
dump through Linux dd command or netcat, and extracting
firmware data via JTAG and UART techniques. Moreover,
protocols such as Telnet, SSH, Bluetooth and Wi-Fi are
deployed to access and interact with IoT devices. Likewise,
tools
such as FTK, EnCase, Cellebrite, X-Ways Forensic and
WinHex, etc. and internal utilities such as Linux dd command
(for IoT devices with OSs such as embedded Linux) are used to
extract and analyse data from IoT devices. However, the
forensic investigation of IoT devices necessitates specialised
handling procedures, techniques, and understanding of various
OSs and file systems. Additionally, by using conventional
Computer Forensic tools to conduct IoT Forensics, it would be
highly unlikely to maintain a chain of custody, the adherence to
which is required by the Association of Chief Police Officers
[25], concerning the collection of digital evidence.
Therefore, to deal with the aforementioned challenges posed
by IoT-connected devices, cloud cybersecurity will need to be
102. reviewed since each IoT device produces data that is stored in
the cloud. Cloud cybersecurity policies must be blended with
IoT infrastructure so as to provide timely responses for
suspicious activities [20]. They must be reviewed in relation to
evidence identification, data integrity, preservation, and
accessibility. CSPs will need to ensure the integrity of the
digital
evidence acquired from cloud computing components in order
to facilitate an unbiased investigation process in establishing
the
root cause of the cyberattack in IoT. Therefore, as the IoT
paradigm is further developed, it becomes necessary to develop
adaptive processes, accredited tools and dynamic solutions
tailored to the IoT model.
D. Big Data and Backlog of Digital Forensic Cases
Another key challenge that the field of DF is currently facing
pertains to the substantial and continuing increase in the amount
of data, i.e. big data – both structured and unstructured –
acquired, stored and presented for forensic examination. This
data is collected from a variety of sources such as digital
devices,
networks, cloud, IoT devices, social media, sensors or machine-
to-machine data, etc. In particular, this challenge is relevant to
live network analysis since DFEs are unlikely to acquire and
store all the essential network traffic [2], [10]. This growth in
data volume is the consequence of the ongoing advancement of
storage technology such as growing storage capacity in devices
and cloud storage services, and an increase in the number of
devices seized per case. Consequently, this has resulted in an
increase in the backlog of DF cases that are awaiting (often
many months or years in some cases) investigations. The
103. backlog of DF cases necessitating investigation has had a
seriously adverse impact on the timeliness of criminal
investigations and the legal process. The delays of up to 4 years
in performing DFIs on seized digital devices have been reported
to have significant effect on the timeliness of criminal
investigations [5], [11], [26]. Due to such delays, some
prosecutions have even been discharged in courts. This backlog
of DF cases is predicted to increase due to the modern sources
of evidence such as those of IoT devices and CBSs.
To address the aforementioned issues, i.e. the 3Vs of the big
data, including: volume, variety and velocity, researchers have,
in recent years, proposed various solutions ranging from data
mining [27, 28, 29], data reduction and deduplication [27], [30,
31], triage [12], [32, 33, 34], increased processing power,
distributed processing [35, 36], cross-drive analysis [31],
artificial intelligence, and other advanced methods [30]. Despite
the usefulness of these solutions, additional research studies are
required to address the real-world relevance of the proposed
methods to deal with the data volume that gravely challenges
the
field of DF. Therefore, it is of paramount importance to
implement several practical infrastructural enhancements to the
existing DF process. These augmentations should cover
elements such as automation of device collection and
examination, hardware-facilitated heterogeneous evidence
processing, data visualisation, multi-device evidence and
timeline resolution, data deduplication for storage and
acquisition purposes, parallel or distributed investigations and
process optimisation of existing techniques. Such enhancements
should be integrated to assist both law enforcement and third-
party providers of DF service to speed up the existing DF
process. The implementation of the stated elements can
significantly assist both new and augmented forensic processes.
104. E. Encryption
According to a survey conducted by the Forensic Focus [37],
data encryption in addition to Cloud Forensics (discussed
previously) are the most difficult challenges encountered by
DFEs. Encryption is the fastest method used to prevent access
to data held on a device. There exist numerous encryption
methods that can be implemented on a system or its peripherals.
Increase in storage devices has resulted in the creation of tools
capable of encrypting the entire volume of a hard drive.
Encryption can also be performed on an application, a folder, a
cloud service, mobile devices, and data stored in a database or
transmitted through email, etc. Concerning network-based data
hiding, this can be facilitated through methods such as Virtual
Private Network (VPN) tunnelling and the utilisation of proxy
servers and terminal emulators. Regardless of data being stored
in an unknown server in the cloud or on the perpetrator’s
computer’s encrypted hard drive, encryption often makes it
impossible for DFEs to acquire data essential for a DFI.
Although such technologies are not unbeatable, they often
necessitate large amount of time and luck to be bypassed [32],
[38, 39].
Since many of the encryption schemes are implemented to
resist brute-force attacks, it is, therefore, of paramount
importance that researchers be able to design certain
workarounds and exploits in order to be able to overcome
encryption and acquire evidence from encrypted devices.
Depending on the type of digital device involved, forensic
challenges of encrypted devices differ. There are currently
several exploits that DFEs can leverage to overcome encryption
in DFIs. For instance, DFEs can decrypt a BitLocker volume by
determining the correct Microsoft Account password. This can
be achieved by recovering the matching escrow key directly
from Microsoft Account. There are various tools and methods
(the discussion of which is outside the scope of this paper) for
105. retrieving the password. Another method of exploit used by the
researchers is to conduct RAM Forensics (imaging the RAM)
using a tool such as Belkasoft Live RAM Capturer and then
draw out a binary decryption key from that RAM image. Using
this method enables DFEs to bypass encryption and identify
malware that is not placed in persistent storage. For instance,
full-disk encryption on Windows desktop computers
(BitLocker) can be attacked by imaging the RAM through a
kernel-mode tool while the volume is mounted and examining
that memory image to acquire the binary decryption key. This
facilitates mounting BitLocker volumes in a short period of
time.
However, the development of RAM Forensic tools as noted
by Garfinkel [32] is more challenging than the creation of disk
tools. Data stored in disks is persistent and intended to be read
back in the future. However, data written to RAM can only be
read by the running program. Garfinkel [32] argues that as a
result there is less desire “for programmers to document data
structures from one version of a program to another”. Therefore,
issues as such can complicate the tasks of tool developers.
F. Limitations in DF Tools and Lack of Standardisation
Existing DF tools and techniques are also limited in their
functionality and are poorly appropriate to the task of
identifying
data which is “out-of-the-ordinary, out-of-place, or subtly
modified” [32], [40]. Traditional DF tools, techniques and
methods often lag behind new emerging technologies lacking
adequate capabilities to address the resultant challenges
presented by these technologies. Although current DF tools
might be able to handle a case containing several terabytes of
data, they are incapable of putting together terabytes of data
106. into
a succinct report. Furthermore, it is challenging to employ DF
tools to recreate a unified timeline of past events or the
activities
of a culprit. Event and timeline reconstructions are often
conducted manually during a given DFI. DF tools are also often
slow to conduct data analysis. Furthermore, the task of creating
digital documents which can be presented in courts has had an
adverse effect on the production of DF methods that could
process data that is not easily available [32], [41].
With regards to the lack of standardisation in DF, although
researchers in the field have made some attempts to agree on
formats, schema, and ontologies on DF artefacts, very little
progress have been made, if any [15], [42, 43, 44]. This is while
analysis of advanced cyber-attacks often necessitates concerted
efforts to deal with the processing of complex data. In most
cases
such cooperation does not exist amongst DFEs and DF
researchers alike. As a result, the diversity problem arising from
the absence of standardised methods and guidelines to detect,
acquire, store, examine, analyse and present digital evidence
also pose significant challenges for DFIs [45, 46]. The lack of
formal and generic Digital Forensic Investigation Process
Models (DFIPMs) also contribute to the intricacy of acquiring
and analysing digital evidence in a forensically sound manner
[42]. Therefore, it is essential that DF community engage in
more collaborations to create effective standard formats and
abstractions.
III. RESEARCH DIRECTIONS
A. IoT Forensics
The Identification, Acquisition and Analysis (main phases of
a conventional DFI) of digital evidence in IoT environments
107. pose significant challenges to LEAs and DFEs. In relation to the
identification of a particular user’s data, it would be difficult
for
investigators to determine how to conduct search and seizure
when the location and provenance of data (representing
potential
digital evidence) cannot be determined. One of the ways to
address this challenge is to integrate the IoT device data into
Building Information Modelling. Thus, the research community
can consider this as a research opportunity to be explored.
With regards to the problems of extracting a specific user’s
data in IoT devices, the volatility of evidence in these devices is
more complex than the evidence volatility in traditional devices.
In IoT environments, data might be held locally by an IoT
device. In this case, the lifespan of the data is very short before
it is overwritten or compressed. Furthermore, digital evidence
(data) from an IoT device might be shifted and used by another
IoT device (or a local network of IoT-connected devices), or it
might be moved to the cloud for aggregation and processing. As
a result, the transmission and aggregation of evidence poses
significant challenges for maintaining the chain of evidence. To
deal with this challenge, we propose the development of new
investigation methods that can track and filter the transfer of
data
across IoT-connected devices as supported by (Hegarty et al.,
2014). Such methods can then pave the way for the acquisition
of data that have been altered or deleted. Therefore, the creation
of such techniques should be considered as a new research
opportunity for further exploration
In terms of the challenges of the analysis process, IoT
devices produce large amounts of data which are stored in
large-
scale distributed cloud environments. If this data requires
108. Digital
Forensic analysis, first it needs to be imaged in order to adhere
to the principles of ‘forensically-sound investigations’.
However, from a …
The Governance of Corporate Forensics using
COBIT, NIST and Increased Automated Forensic
Approaches
Henry Nnoli1, Dale Lindskog2, Pavol Zavarsky2, Shaun
Aghili2, Ron Ruhl2
1ATB Financial, Edmonton T5J 1P1, Canada
2Information Systems Security Management, Concordia
University College of Alberta, Edmonton T5B 4E4, Canada
[email protected], {dale.lindskog, pavol.zavarsky, shaun.aghili,
ron.ruhl}@concordia.ab.ca
Abstract—Today, the ability to investigate internal matters
such as policy violations, regulatory compliance, and employee
separation has become important in order for corporations to
manage risk. The degree of information security threats
evolving
on a daily basis has increasingly raised concerns for enterprise
organizations. These threats include but are not limited to fraud,
insider threat and intellectual property (IP) theft. These have
increased the demand for organizations to implement corporate
forensics as a deterrent to illegitimate acts or for linking
perpetrators to their illegitimate acts. This explains why
forensic
practices are expanding from the traditional role in law
enforcement and becoming an essential part of business
processes. However, most organizations may not be maximizing
109. the benefits of corporate forensic capabilities because of lack of
corporate forensic governance best practices, needed to ensure
organizations prepare their operating environment for digital
forensic investigation. Corporate forensic governance will help
ensure that digital evidence is obtained in an efficient and
effective way with minimal interruption to the business. This
paper presents a corporate forensic governance framework
intended to enhance forensic readiness, governance, and
management, and increase the use of automated forensic
techniques and in-house forensically sound practices in large
organizations that have a need for these practices.
Index Terms—corporate forensic governance; corporate
forensic readiness; increased automated forensic solutions;
digital forensic investigation; digital evidence
I. INTRODUCTION
Most organizations waste effort, time and resources in
carrying out forensic investigations due to lack of corporate
forensic preparedness [4]. Forensic readiness (preparedness)
can be defined as the process of being prepared (having the
right policies, procedures, people, techniques in place to
respond professionally and timely) before an incident occurs.
Rowlingson [4], in his paper, ‘A Ten Step Process for Forensic
Readiness’ described forensic readiness as the ability of an
organization to maximize its potential to use digital evidence
while minimizing the cost of an investigation. In his paper he
discussed practices that, when implemented before a digital
incident occurs, can help organizations to be ready to carry out
forensic investigations. However, forensic readiness is one part
of a comprehensive and well-structured corporate forensic
governance program.
Governance is the process of establishing and maintaining a
framework and supporting management structure and processes
110. to provide assurance that applicable strategies are aligned with
and support business objectives, and are consistent with
applicable laws and regulations through adherence to policies
and internal controls, and assignment of responsibility, all in
the effort to manage risk [22]. In most organizations when
incidents occur, the incident response team’s major concern is
to contain the incident and restore operations, paying less
attention to potential evidence. In most cases digital evidence is
contaminated, incomplete and untrustworthy, all of which
inhibits linking perpetrators to their illegitimate acts if a crime
is committed [2]. This is simply because of the lack of forensic
readiness which is part of a good corporate forensic governance
program. Grobler et al [5] stated, “all disciplines need some
form of policy, procedures, standards and guidelines hence
necessitating the proper facilitation of governance”. In their
paper, entitled ‘Managing digital evidence - The governance of
digital forensics’, they introduced a preliminary framework for
the governance of digital forensics.
According to COBIT [10], the principles of governance
best practices include strategic alignment, risk management,
value delivery, resource optimization, and continuous
performance evaluation. Board briefings on IT governance [22]
stated that, governance practices have been confirmed to yield
huge benefits in the field of information technology (IT) and
information security (IS) due to the establishment and adoption
of applicable frameworks like COBIT. “In other words, top
management of various organizations are realizing the
significant impact information technology and information
security can have on the success of their enterprise because of
governance of these fields” [22]. Such governance practices are
lacking in the field of digital forensics [5]. For various reasons
which will be highlighted later in this paper, there is a need for
effective and efficient governance practices for corporate
forensic programs to ensure that value, risk and resources are
optimized during forensic investigations. Most organizations
112. Section V is a description of the proposed framework; finally,
in Section VI we conclude and recommend future work.
II. CORPORATE FORENSIC READINESS AND
GOVERNANCE
According to [8], litigation is a last option for most
organizations, because of concerns like negative publicity and
its negative impact to the business. Therefore, corporate
forensic readiness, governance and in-house forensic capability
will help organizations to be prepared to gather and use digital
evidence as a deterrent and for making firm conclusions during
internal investigations of non-criminal violations. The objective
of corporate forensic readiness is to ensure that digital evidence
is collected using sound forensic processes and in an effective
way with minimal interruption to the business. This evidence
can also be used for the organizations interest and defense.
Although many organizations outsource forensic activities, it is
likely that most will prefer to perform them internally. The
reasons for this include privacy, confidentiality of
organizational and customer data, legal risk, delayed forensic
results from consultants and compliance with regulations like
Sarbanes Oxley, King 3 Report, the Basel Committee report on
banking supervision, and FIPS PUB 200. In addition, it is
costly to outsource forensic activities in those large
organizations that experience recurring digital incidents.
Regulations like FIPS PUB 200 (2002) mandated all federal
agencies in the United States to comply with the standard’s
Audit and Accountability section, which states that
“Organizations must:
1. Create, protect, and retain information system audit
records to the extent needed to enable the monitoring,
analysis, investigation, and reporting of unlawful,
unauthorized, or inappropriate information system
activity.
113. 2. Ensure that the actions of individual information
system users can be uniquely traced to those users so
they can be held accountable for their actions” [12].
These considerations show that, in a great many cases,
there is a clear need for corporate forensic readiness
and in-house forensic capability.
Rowlingson [4] articulates ten steps toward corporate
forensic readiness:
1. “Define the business scenarios that require digital
evidence.
2. Identify available sources and different types of
potential evidence.
3. Determine the evidence collection requirement.
4. Establish a capability of securely gathering admissible
evidence to meet the requirement.
5. Establish a policy for secure storage and handling of
potential evidence.
6. Ensure monitoring is targeted to detect and deter major
incidents.
7. Specify circumstances when escalation to a full formal
investigation should be launched.
8. Train staff in incident awareness so that all those
involved understand their role in the digital process and
the legal sensitivities of evidence.
9. Document an evidence-based case describing the
114. incident and its impact.
10. Ensure legal review to facilitate action in response to the
incident”.
A good governance framework consists of both governance
and management processes [11]. Rowlingson’s work should be
incorporated into management processes and we therefore
refined and used it in the development of the management
processes (CFM domain) of our proposed corporate forensic
governance framework. More elaboration on the need for
corporate forensics can be found in [8].
A. The Relationship between IT Governance, IS Governance
and Corporate Forensics
It could be argued that corporate forensics falls, in some
respects, under IT governance and IS governance. However,
some important aspects of corporate forensics, like
jurisprudence (legal) and forensically sound processes are not
fully part of IT and IS governance [3]. According to ACPO
[30], forensically sound processes mean performing forensic
practices (collection, examination, analysis, documentation,
preservation of evidence and chain of custody) according to
applicable jurisdiction. It also means that forensic practices
should be conducted in such a way that if necessary an
independent third party is able to repeat the same processes and
obtain the same result. This shows that the preservation of the
integrity of evidence is very important during forensic
investigations. Corporate forensics (CF) and digital forensics
(DF) will be used interchangeably in this paper. Researchers
like Von Solms [3] and Grobler [5] explains the relationship
between Digital Forensic (DF), IS Governance, IT Governance
and Corporate Governance. Von Solms et al states “that the
proactive mode of information security ensures all policies,
procedures, and technical mechanisms are in place to prevent
115. harm to the organization’s information; the reactive mode
ensures that if harm occur, it will be repaired (Business
continuity planning, Good backup and Disaster recovery
techniques are part of the reactive mode)” [3] . “The proactive
mode of digital forensics ensures all policies, procedure,
technical and automated mechanisms are in place to be able to
act when required; the reactive mode ensures that the necessary
actions can be performed to support specified analytical and
investigative techniques required by digital forensics”[3]. This
shows that some components of Digital forensic, IS and IT
governance overlap and are related. Therefore, the best practice
735
governance principles used for effective IT and IS governance
can also be used for corporate forensic governance.
Fig. 1. Relationship between Corporate governance, IT
governance, IS
governance and Digital forensic [3]
Figure 1 shows a holistic view of DF and its relationship
with corporate governance, IS governance and IT governance.
III. BEST PRACTICE GOVERNANCE PRINCIPLES
According to best practices [10][11][22] governance
principles include strategic alignment with business objectives,
value delivery to the business, risk management, resource
optimization of available resources and continuous
performance evaluation.
A. Strategic Alignment
Good governance of corporate forensics (CF) will ensure
116. that the objectives of CF practices are aligned to the
organization’s goals. According to Board briefing on IT
governance [22], the cost effectiveness of a security program is
determined by how well it supports the organization’s
objective. Corporate forensic governance will also ensure that
corporate forensic objectives are defined in business terms and
all CF controls tracked to a specific business requirement. The
following will indicate alignment: a corporate forensic program
that enhances business activities; a corporate forensic program
that is responsive to defined business needs; corporate forensic
program and organization objectives that are defined and
clearly understood by relevant stakeholders; corporate forensic
program that is mapped to organizational goals and is validated
by senior management; a corporate forensic strategy and
steering committee made up of key executives to ensure
continuous alignment of corporate forensic objectives and
business goals.
B. Value Delivery
Good governance of corporate forensic practices will also
ensure that corporate forensic investments are optimized in
support of enterprise objectives. It also ensures that the
organization gets benefits from their corporate forensic
investments. Governance will ensure corporate forensic
investments are supporting business needs and adding expected
value. For instance, in a scenario where there is no governance,
there won’t be monitoring and evaluation to ensure that
corporate forensic investment is continuously supporting the
business in achieving some of its strategic needs. Therefore,
forensic investments may not add expected value to the
business, since there are no metrics to measure if value is
optimized. Corporate forensic governance increases the
likelihood of corporate forensic program’s success considering
the significant cost associated with corporate forensic practices.
117. Figure 2 shows some of the questions governance will ask to
ensure value is optimized.
Fig. 2. Val IT Framework 2.0, Value according to the Four
‘Are’s as
described in the information paradox [34]
C. Risk Management
For applicable IT related business risk to be mitigated using
corporate forensic practices, CF governance would help ensure
that corporate forensic practices are an integral part of
enterprise risk management program. CF governance will also
ensure that corporate forensic strategy and program will help
organizations achieve acceptable level of applicable IT related
business risk. A structure for risk assessment as defined by
NIST 800-30 is shown in figure 3 below. If corporate forensic
practices are part of enterprise risk management program,
potential evidence sources will be identified in a proactive
manner. Also, CF governance will ensure legal risk involved
during corporate forensic practices are fully identified,
communicated, mitigated and managed.
Fig. 3. NIST 800-30 Risk Assessment Methodology [32]
Furthermore, from the risk assessment methodology shown
in Figure 3, step 4 requires control analysis and selection. This
736
is where different controls are selected for all identified risks.
Different controls are weighed and analyzed based on their
strength and weaknesses and the best control to mitigate each
118. risk effectively is selected. All risks that could be best
mitigated with corporate forensic practices should be identified,
documented in a risk profile chart and rated to show their
potential value impact to the business. This is one of the
principles of good CF governance which will ensure that all
risk that could be mitigated with corporate forensic practices
are mitigated and optimized.
D. Resource Optimization
This principle of good corporate forensic governance deals
with planning, allocation and control of corporate forensic
resources which include people, processes and technologies
(increased automated forensic suites) towards adding value to
the business. CF resources need to be managed properly for its
effectiveness. Proper CF resource management will ensure that
corporate forensic practices are efficient, cost effective and
most importantly ensure corporate forensic is effectively
addressing applicable business needs.
E. Performance Evaluation
Since there is a clear saying that “you cannot manage what
you cannot measure,” the governance of corporate forensic
practices will ensure measures are in place to monitor corporate
forensic processes and measure its performance. This will help
management to make informed decisions about the state of
corporate forensic program and ascertain if it is effective or
not. Methods like Maturity model, checklist and other tools
could be used. Some of the indicators of effective corporate
forensic program as observed from performance measurement
include: the time it takes to detect and uncover potential
security threats to the business; number of threats effectively
traced to their sources within minimal time interval without
interruption to the business; number of security breaches
reported (lesser number of reported breaches means
119. effectiveness of the control in terms of deterrent). The
performance measurement module of the governance
framework is represented in the corporate forensic evaluation
(CFE) domain of the proposed framework.
IV. RELATED WORK
Researchers like [4][6][7][8] have looked into some form of
forensic readiness while [2][8][9][21] have looked into some
form of proactive digital forensics which are considered part
but not a comprehensive representation of good governance
practices. They did not comprehensively address the
establishment of a good governance framework and major
governance processes for corporate forensics practices which
will obviously make their work more effective. In other words,
they did not address in details how corporate forensic practices
could be enhanced using governance best practices. Lack of CF
governance practices might explain why management see
digital forensic as an abstract and highly technical field and
have very little interest in leveraging on its benefits to achieve
some of their corporate goals. Good governance referred to in
the beginning of this section means getting senior management
involved in an interactive manner by using globally adopted
common business languages in a governance framework for
forensic practices; management taking ownership of forensic
program by assuming responsibility and accountability (RACI
Chart) of forensic processes; use of increased automated
forensic suites with generation of user friendly executive
reports, remote forensics and automated processes; use of
forensic practices to minimize high IT related business risk. All
these enhancements are expected to help organizations
maximize the benefits of forensic practices in an efficient and
effective way. Discussing proactive or corporate forensic
readiness by [2][4][6][7][8][9][21] without the establishment of
a governance structure, framework and obtaining management
120. support will result in the corporate forensic readiness program
not being fully effective and efficient.
Furthermore, at the time this paper was written, only one
researcher, Grobler et al [5], to the best of our knowledge, had
researched on the governance of digital forensics. Their paper
was a preliminary framework in the form of an outline for the
governance of digital forensics. The scope of the paper did not
comprehensively address how globally accepted governance
best practices [10][11][22] can be used to enhance a corporate
forensic program in enterprise organizations.
V. DESCRIPTION OF THE PROPOSED FRAMEWORK
According to best practice [11] a governance framework
should consist of two major processes: the governance and
management processes. The governance processes involve
direction in strategic alignment, risk management, resource
optimization, value delivery and performance evaluation. The
governance field directs the management field and ensures
management processes are achieving their goals. The
management field is responsible for executing and
implementing directions from the governance field. The
management processes involved specialized and operational
processes which governance uses to achieve its tactical and
operational goals. The management section performs more
hands-on tasks than the governance section. The proposed
framework was developed with this principle. The framework
was categorized into three domains namely Corporate Forensic
Governance ((CFG) governance processes), Corporate Forensic
Management ((CFM) management processes) and Corporate
Forensic Evaluation (CFE). The third domain CFE maintains a
life cycle model for the framework by evaluating, monitoring
and continually improving forensic processes through lesson
learned and evaluation using maturity model. Figure 4 shows
the corporate forensic governance framework lifecycle.
121. Fig. 4. The three major domains of the proposed corporate
forensic
governance framework lifecycle
The proposed corporate forensic governance framework
was developed with the common languages and best practices
used in related governance models.
737
A. Corporate Forensic Governance (CFG)
Corporate Forensic Governance was developed with the
major principles of best governance practices as recommended
by COBIT [10][11] and Board briefing on IT governance [22],
which includes strategic alignment, risk management, resource
optimization, and value delivery. These principles represent
control objectives CFG 1 to CFG 4 of the corporate forensic
governance domain. Detailed control practices were developed
under each of these control objectives.
B. Corporate Forensic Management (CFM)
The second domain Corporate Forensic Management
(CFM) contains functions classified as management functions
in the framework. This domain was developed from best
practices, Rowlingson’s work [4] and all other literatures
reviewed in the reference section. The control objectives in
these domain (CFM 1 to CFM 10) include: manage legal and
ethical requirements; define policies; define procedures;
manage education, training and awareness; perform pro-active
evidence identification; collect evidence; examine and analyze
evidence; manage evidence; manage third party; document,
122. report and present evidence. Detailed control practices were
developed under each of these control objectives.
C. Corporate Forensic Evaluation (CFE)
The third domain Corporate Forensic Evaluation (CFE)
contains processes to evaluate (maturity model), monitor,
assess and improve (with lesson learned and feedback) forensic
practices to ensure the objective of the framework is
continuously achieved. The objective of the framework
includes performing corporate forensic activities in an efficient
and effective way, with minimal disruption to the business;
collecting evidence in a forensically sound way and reduction
of applicable potential IT related risk to the business. This
domain was developed from process assessment best practices
from all the literatures reviewed. Detailed control practices
were developed under each of the control objectives (CFE 1 to
CFE 3) for this domain.
D. Corporate Forensic Governance Structure
Figure 5 shows a high level hypothetical corporate forensic
governance structure. Other Assurance functions like HR,
Internal Audit, Privacy, Value Management office, Legal etc
are part of the corporate forensic strategy and steering
committee. To establish effective CF governance program, the
first step is to establish a governance structure that will oversee
the governance of corporate forensics program. This is one of
the requirements of good governance. According to several
regulations and best practices [11][22], senior management is
ultimately responsible for good governance and to exercise due
care in performing task involving all specialized disciplines.
Corporate forensics, Information technology and Information
Security are examples of those specialized disciplines in a
corporate environment. Therefore the overall accountability of
good governance is the responsibility of the board of directors.
123. The Board or the CEO should set up a steering and strategy
committee to oversee its corporate forensic responsibilities and
report back to them since they have many commitments. This
responsibility could also be taken by the CIO depending on
how large the organization is or the business environment of
the organization. Therefore, this is just a hypothetical structure;
organizations can set up their governance structure as it suits
their business environment. For instance, if an organization is
experiencing various insider frauds and other negative publicity
due to security breaches, the Board of directors will be
interested in knowing the most effective mitigation strategy to
mitigate that risk. This will increase the organization’s interest
in implementing a corporate forensic program which the CEO
or board might want to oversee.
Fig. 5. A hypothetical corporate forensic governance structure
Each member of the governance and management teams in
the proposed framework has assigned roles and responsibilities
similar to those seen in [22]. They are either responsible,
accountable, consulted and/or informed on each of the
governance, management and evaluation processes of the
corporate forensic governance framework. This is achieved
using the RACI chart which means who is Responsible,
Accountable, Consulted and/or Informed. Table I briefly
explains the RACI chart.
E. Corporate Forensic Governance Framework
The framework consists of 3 domains (CFG, CFM & CFE),
17 high level control objectives (CFG1-CFG4, CFM1-CFM10,
CFE1-CFE3) and 119 detailed control practices. The control
practices and RACI assignment of roles and responsibilities
can be adjusted to suit each organization’s needs and business
environment. In other words some of the control practices
124. might not be applicable in some organizations depending on
how they are structured and what their business environment is
like.
TABLE I. THE RACI CHART
RACI Task
R means Responsible Those responsible for performing the task
or ensuring the task is done
A means Accountable The person who must approve or sign off
before the process is effective or person accountable for the
success of the process.
738
C means Consulted Those who provide input needed to complete
the task
I means Informed Those who are regularly updated on the
outcome of decisions, processes and actions taken
In addition, some of these controls have already been
implemented in some organizations (maybe for information
security) enhancement is needed in such scenario to
accommodate forensic practices. During implementation of the
framework CFG1 – CFG4 will be implemented first before
CFM1 – CFM10 and then CFE1 – CFE3. RACI chart was used
in assigning roles and responsibilities to the governance and
management team according to best practices [10][22]. Refer to
Section V. for more explanation on the structure of the
proposed framework. Brief explanation of the scope and
control objectives of the proposed framework is shown in
Table II.
The scope of the proposed corporate forensic governance
125. framework is based on the use of increased automated forensic
suites like Encase Enterprise for forensic practices. These
increased automated suites are known for increased automation
and provision of ease of use approach towards performing
forensic practices. However, a forensic expert is needed in the
forensic team for effective and efficient use of these automated
suites to achieve applicable organizational goals. The
framework was designed for global use and in a high level
format with general requirements for performing forensic
practices using automated forensic suites. Brief explanation of
the control objectives are shown below.
TABLE II. EXPLANATION OF THE SCOPE AND CONTROL
OBJECTIVES FOR THE PROPOSED FRAMEWORK
Control objectives Brief explanation of the controls in the
proposed framework
CFG1 Strategic alignment This control ensures clear goals and
objectives of a corporate forensic program are defined and that
these defined
goals and objectives are strategically aligned to enterprise goals
and objectives. In other words this control ensures
that corporate forensic program is helping the organization
achieve some of its goals and objectives.
CFG2 Ensure risk is optimized with
CF implementation
This control ensures that business risk …