Presentation is loading. Please wait.

Presentation is loading. Please wait.

MANAGEMENT of INFORMATION SECURITY, Fifth Edition

Published byMiles Simmons Modified over 6 years ago

Similar presentations

Presentation on theme: "MANAGEMENT of INFORMATION SECURITY, Fifth Edition"— Presentation transcript:

1 MANAGEMENT of INFORMATION SECURITY, Fifth Edition

2 Testing contingency Plans
Management of Information Security, 5th Edition, © Cengage Learning

3 Testing Contingency Plans
Very few plans are executable as initially written; instead, they must be tested to identify vulnerabilities, faults, and inefficient processes There are four testing strategies that can be used to test contingency plans: Desk Check Structured walkthrough Simulation Full interruption Management of Information Security, 5th Edition, © Cengage Learning

4 Management of Information Security, 5th Edition, © Cengage Learning
Final Thoughts on CP Iteration results in improvement A formal implementation of this methodology is a process known as continuous process improvement (CPI) Each time the plan is rehearsed it should be improved Constant evaluation and improvement leads to an improved outcome Management of Information Security, 5th Edition, © Cengage Learning

5 Managing Investigation in the Organization
Management of Information Security, 5th Edition, © Cengage Learning

6 Managing Investigations in the Organization
When - not IF - an organization finds itself having to deal with a suspected policy or law violation, they must appoint an individual to investigate it How the internal investigation proceeds will dictate whether or not the organization has the ability to take action against the perpetrator if in fact evidence is found that substantiates the charge In order to protect the organization, and to possibly assist law enforcement in the conduct of an investigation, the investigator (CISO, InfoSec Manager or other appointed individual) must act to document what happened and how Management of Information Security, 5th Edition, © Cengage Learning

7 Management of Information Security, 5th Edition, © Cengage Learning
Digital Forensics Forensics is the coherent application of methodical investigatory techniques to present evidence of crimes in a court or court-like setting Digital forensics involves the preservation, identification, extraction, documentation, and interpretation of computer media for evidentiary and/or root cause analysis Like traditional forensics, it follows clear, well-defined methodologies, but still tends to be as much art as science Management of Information Security, 5th Edition, © Cengage Learning

8 Management of Information Security, 5th Edition, © Cengage Learning
Digital Forensics Evidentiary material (EM), also known as an item of potential evidentiary value, is any information that could potentially support the organizations legal- or policy-based case against a suspect An item does not become evidence until it is formally admitted to evidence by a judge or other ruling official Management of Information Security, 5th Edition, © Cengage Learning

9 Management of Information Security, 5th Edition, © Cengage Learning
Digital Forensics Digital forensics can be used for two key purposes: To investigate allegations of digital malfeasance. A crime against or using digital media, computer technology or related components, is referred to as digital malfeasance To perform root cause analysis. If an incident occurs and the organization suspects an attack was successful, digital forensics can be used to examine the path and methodology used to gain unauthorized access, as well as to determine how pervasive and successful the attack was Management of Information Security, 5th Edition, © Cengage Learning

10 Affidavits and Search Warrants
Many investigations begin with an allegation or an indication of an incident In law enforcement, the investigating agent would create an affidavit requesting a search warrant When an approving authority signs the affidavit or creates a synopsis form based on this document, it becomes a search warrant and grants permission to search for EM at the specified location and/or to seize items to return to the investigator’s lab for examination In corporate environments, the names of these documents may change and in many cases may be verbal in nature, but the process should be the same Formal permission is obtained before an investigation occurs Management of Information Security, 5th Edition, © Cengage Learning

11 Digital Forensics Methodology
In digital forensics, all investigations follow the same basic methodology: Identify relevant items of evidentiary value (EM) Acquire (seize) the evidence without alteration or damage Take steps to assure that the evidence is at every step verifiably authentic and is unchanged from the time it was seized Analyze the data without risking modification or unauthorized access Report the findings to the proper authority Management of Information Security, 5th Edition, © Cengage Learning

12 Digital Forensics Process
Management of Information Security, 5th Edition, © Cengage Learning

13 Evidentiary Policy and Procedures
Organizations should develop specific digital forensics procedures, along with guidance on the use of these procedures EM policy should specify: Who may conduct an investigation Who may authorized an investigation What affidavit-related documents are required What search warrant-related documents are required What digital media may be seized or taken offline What methodology should be followed What methods are required for chain of custody or chain of evidence What format the final report should take, and to whom it should it be given Management of Information Security, 5th Edition, © Cengage Learning

14 Law Enforcement Involvement
When an incident violates civil or criminal law, it is the organization’s responsibility to notify the proper authorities Selecting the appropriate law enforcement agency depends on the type of crime committed: Federal, State, or Local Involving law enforcement has both advantages and disadvantages: They are usually much better equipped at processing evidence, obtaining statements from witnesses, and building legal cases However, involvement can result in loss of control of the chain of events following an incident Management of Information Security, 5th Edition, © Cengage Learning

Download ppt "MANAGEMENT of INFORMATION SECURITY, Fifth Edition"

Similar presentations

Rev. 2/05. For Use in Law Enforcement Training Only This training program was developed by the New Jersey Division of Criminal Justice This training program.

Rev. 2/05. For Use in Law Enforcement Training Only This training program was developed by the New Jersey Division of Criminal Justice This training program.
Criminal Procedure for the Criminal Justice Professional 11 th Edition John N. Ferdico Henry F. Fradella Christopher Totten Prepared by Tony Wolusky Criminal.

Criminal Procedure for the Criminal Justice Professional 11 th Edition John N. Ferdico Henry F. Fradella Christopher Totten Prepared by Tony Wolusky Criminal.
We’ve got what it takes to take what you got! NETWORK FORENSICS.

We’ve got what it takes to take what you got! NETWORK FORENSICS.
Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition
Computer Forensics and Digital Investigation – a brief introduction Ulf Larson/Erland Jonsson.

Computer Forensics and Digital Investigation – a brief introduction Ulf Larson/Erland Jonsson.
BACS 371 Computer Forensics

BACS 371 Computer Forensics
The Corruption and Crime Commission: Threat to organised crime, or to our concept of justice? Malcolm McCusker AO QC The John Curtin Institute of Public.

The Corruption and Crime Commission: Threat to organised crime, or to our concept of justice? Malcolm McCusker AO QC The John Curtin Institute of Public.
Evidence Computer Forensics. Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject.

Evidence Computer Forensics. Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject.
Chapter 17 Videotapes, Photographs, Documents, and Writings as Evidence.

Chapter 17 Videotapes, Photographs, Documents, and Writings as Evidence.
Criminal Justice 2011 Chapter 2: The Crime Scene: Field Notes, Documenting, and Reporting Criminal Investigation The Art and the Science by Michael D.

Criminal Justice 2011 Chapter 2: The Crime Scene: Field Notes, Documenting, and Reporting Criminal Investigation The Art and the Science by Michael D.
Legal Aspects of Criminal Investigation: Arrest, Search and Seizure

Legal Aspects of Criminal Investigation: Arrest, Search and Seizure
INTRODUCTION TO THE LAW OF EVIDENCE

INTRODUCTION TO THE LAW OF EVIDENCE
Introduction to Computer Forensics Fall 2007. Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (http://www.forensics.nl).http://www.forensics.nl.

Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
By Drudeisha Madhub Data Protection Commissioner Date: 12.08.14.

By Drudeisha Madhub Data Protection Commissioner Date:
Unit Five Lesson 31 How do the Fourth and Fifth Amendments Protect Against Unreasonable Law Enforcement Procedures.

Unit Five Lesson 31 How do the Fourth and Fifth Amendments Protect Against Unreasonable Law Enforcement Procedures.
Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition
Proving Your Case - Computer Security Terrence P. Maher Abrahams Kaslow & Cassman

Proving Your Case - Computer Security Terrence P. Maher Abrahams Kaslow & Cassman
Forensic Science Types of Evidence. What is Forensic Science? The use of science in the examination of evidence associated with crime.

Forensic Science Types of Evidence. What is Forensic Science? The use of science in the examination of evidence associated with crime.
Management of Information Security, 4th Edition

Management of Information Security, 4th Edition
Arrests and Miranda. 2 Copyright and Terms of Service Copyright © Texas Education Agency, 2011. These materials are copyrighted © and trademarked ™ as.

Arrests and Miranda. 2 Copyright and Terms of Service Copyright © Texas Education Agency, These materials are copyrighted © and trademarked ™ as.

Similar presentations

Ads by Google