Investigation Myths and Facts November 29, 2011 IOT Security: Caroline Drum Bradley.

Slides:

Advertisements

Similar presentations

1 COMPUTER GENERATED & STORED RECORDS CONTROLS Presented by COSCAP-SA.

Advertisements

Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Data Storage and Security Best Practices for storing and securing your data The goal of data storage is to ensure that your research data are in a safe.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Discovering Computers: Chapter 1

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.

Onetouch Cloud Backup.

Back Up and Recovery Sue Kayton February 2013.

MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.

November 2009 Secure Data Transmission May 2014 What are Secure Methods of Transmission? Encrypted Services Encrypted Memory Sticks Fax Secure.

 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

New Data Regulation Law 201 CMR TJX Video.

IT-Partners Limited © 2011 IT Partners Limited Y OUR IT SOLUTION P ARTNERS Managing Director Confidential Data Loss Prevention Sunny Ho 1.

Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.

Security Equipment Equipment for preventing unauthorised access to data & information.

Security Squad Keeping your Equipment and Information Safe Security Squad Keeping your Equipment and Information Safe Security Squad Video Series, Part.

1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.

CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.

Elite Networking & Consulting Presents: Everything You Wanted To Know About Data Insurance* * But Were Afraid To Ask Elite Networking & Consulting, LLC,

The Office Procedures and Technology

Electronic Public Record What is it, and Where Can Agency Lawyers Find It?

CPS Acceptable Use Policy Day 2 – Technology Session.

ESCCO Data Security Training David Dixon September 2014.

1.1 System Performance Security Module 1 Version 5.

Welcome to E.L. Wright iPad Safety Night I. Using Technology and Protecting Your Child E.L. Wright Technology Department and Richland County Sheriff's.

7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA.

BACKUP AND ARCHIVING DATA BACKUP AND RECOVERY OF DATA.

Storage & Connectivity Devices. Internal / External Hard Drive Also known as hard disks Internal drive stores the operating system software, application.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 7, 2015 DRAFT1.

Session 11 Managing your SAIG Mailbox with EDconnect & TDCM Lydia Morales Sue Rager/Judy Rohrer Session 1.

TECHNOLOGY GUIDE THREE Protecting Your Information Assets.

An Introduction to Computer Forensics Jim Lindsey Western Kentucky University.

Part 1: Android Gateway In this part of the manual, we will learn about the Android Gateway: This includes: How to maintain your Android Gateway See if.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

Dangerous Documents. Legal Compliances State and federal laws Contractual obligations Subject to an affirmative legal duty to establish and maintain certain.

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

Analogue & Digital. Analogue Sound Storage Devices.

Topic 5: Basic Security.

1 Enterprise Requirement Planning For Manufacturing.

Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.

1 Computer Technician Computer Software: Types, Setup, and Ethical Boundaries Copyright © Texas Education Agency, All rights reserved.

Role Of Network IDS in Network Perimeter Defense.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Enw / Name. What is a on-line / paper based data capture form Can you give an example where each are used? Automated data capture systems are used around.

Information Management and the Departing Employee.

Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.

By Jason Swoyer.  Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage mediums.  Computer.

Anytime, Anywhere Access Benefits Functionality Work Order Administration Dispatch Work Order Work Order Details New Work Order Additional Functionality.

18-1 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein.

( ) 1 Chapter # 8 How Data is stored DATABASE.

How to Make Yourself More Secure Using Public Computers and Free Public Wi-Fi.

A LAPTOP containing personal details of scores of NHS patients is one of nearly 200 computers either stolen or missing from public bodies in the Lothians.

CHAP 6 – COMPUTER FORENSIC ANALYSIS. 2 Objectives Of Analysis Process During Investigation: The purpose of this process is to discover and recover evidences.

Protecting Data at Rest Through Encryption CIO Summit November 30, 2007.

Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.

Alicia A. Coon COSC 480 October 27, 2006

Welcome to Microsoft Office 365.

Investigation Myths and Facts

Analogue & Digital.

Staying Austin College

Back Up and Recovery Sue Kayton October 2015.

G061 - Network Security.

Presentation transcript:

Investigation Myths and Facts November 29, 2011 IOT Security: Caroline Drum Bradley

About IOT Security IOT provides computer support for approximately 34,000 state workers and contractors Handling investigation requests is just part of what we do Most common investigation requests involve employee discipline, public record request and litigation requests IOT Security receives around four requests per week, these vary in size and complexity. IOT Security also proactively notifies agencies of issues that often lead to investigations due to malware and other suspicious activity. IOT Security cannot perform criminal or forensic investigations

Myths Every Sent or Received can be recovered Actual Computer Activity can be measured Network Login and Logout times are available (indefinitely) Internet Activity and time spent on a particular page can be determined IOT can identify all data lost in a security breeches and fix it so no reporting is required.

Facts IOT can provide point in time back-ups of Computer Activity can not be directly measured Logs of Login and Logout times to the network are overwritten quickly Internet Activity history is stored for 8 weeks The most common Security Breech involve the loss of equipment – laptops or USB sticks

can be restored from point in time backups for the previous 4 quarter and year end from 2006 on. Current box contents can also be provided needs to be restored by user, a specific topic or message can not be searched for must be reviewed and searched by requesting agency, search terms may need to be adjusted and sensitive data may need to be redacted. There is a charge for restores based on time periods requested and number of people.

Computer Activity Computer logs if available do not actually record all activity of users. Various information can be pieced together to determine if individual is performing required duties. , internet, application logs (if applicable) and cell phone logs can be examined, depending on investigation needs. Unlike Internet reports and mailbox provision, IOT can do very little to help with time abuse from a policy or technical standpoint

Login and Logout Times Network logs have limited storage and are frequently overwritten. Users do not always log off the network daily Application logs can sometimes provide more accurate data. Generally login and logout times cannot take the place of overall good management.

Internet History Internet history is available for the previous 8 weeks. Internet activity for a user while not on the state network is not captured at this time. Internet activity consists of websites the user visited including the pop-ups and ads contained on a webpage. Internet activity needs to be reviewed with knowledge of individual’s job requirements. Keep in mind that internet should be thought of as a business tool.

Security Breeches Most security breeches occur when computer equipment of external USB drives, tapes or CDs are lost. Management of data and its location is the best prevention of breeches. Users should know what type of data is stored on their computer or external media. IOT cannot determine content once the item is gone. Encryption should be used to protect data on portable devices and sensitive data should be stored on network drives rather than on local computer drives.

Miscellaneous encryption is available Computer tracking is available for most computers Data Loss Prevention product is in place to help better manage data storage and transmission.

Questions ??? Contact Information: Caroline Drum Bradley Director of Compliance