1. Investigation Myths and Facts November 29, 2011 IOT Security: Caroline Drum Bradley

2. About IOT Security IOT provides computer support for approximately 34,000 state workers and contractors Handling investigation requests is just part of what we do Most common investigation requests involve employee discipline, public record request and litigation requests IOT Security receives around four requests per week, these vary in size and complexity. IOT Security also proactively notifies agencies of issues that often lead to investigations due to malware and other suspicious activity. IOT Security cannot perform criminal or forensic investigations

3. Myths Every Email Sent or Received can be recovered Actual Computer Activity can be measured Network Login and Logout times are available (indefinitely) Internet Activity and time spent on a particular page can be determined IOT can identify all data lost in a security breeches and fix it so no reporting is required.

4. Facts IOT can provide point in time back-ups of email Computer Activity can not be directly measured Logs of Login and Logout times to the network are overwritten quickly Internet Activity history is stored for 8 weeks The most common Security Breech involve the loss of equipment – laptops or USB sticks

5. Email Email can be restored from point in time backups for the previous 4 quarter and year end from 2006 on. Current email box contents can also be provided Email needs to be restored by user, a specific topic or message can not be searched for Email must be reviewed and searched by requesting agency, search terms may need to be adjusted and sensitive data may need to be redacted. There is a charge for restores based on time periods requested and number of people.

6. Computer Activity Computer logs if available do not actually record all activity of users. Various information can be pieced together to determine if individual is performing required duties. Email, internet, application logs (if applicable) and cell phone logs can be examined, depending on investigation needs. Unlike Internet reports and mailbox provision, IOT can do very little to help with time abuse from a policy or technical standpoint

7. Login and Logout Times Network logs have limited storage and are frequently overwritten. Users do not always log off the network daily Application logs can sometimes provide more accurate data. Generally login and logout times cannot take the place of overall good management.

8. Internet History Internet history is available for the previous 8 weeks. Internet activity for a user while not on the state network is not captured at this time. Internet activity consists of websites the user visited including the pop-ups and ads contained on a webpage. Internet activity needs to be reviewed with knowledge of individual’s job requirements. Keep in mind that internet should be thought of as a business tool.

9. Security Breeches Most security breeches occur when computer equipment of external USB drives, tapes or CDs are lost. Management of data and its location is the best prevention of breeches. Users should know what type of data is stored on their computer or external media. IOT cannot determine content once the item is gone. Encryption should be used to protect data on portable devices and sensitive data should be stored on network drives rather than on local computer drives.

10. Miscellaneous Email encryption is available Computer tracking is available for most computers Data Loss Prevention product is in place to help better manage data storage and transmission.

11. Questions ??? Contact Information: Caroline Drum Bradley Director of Compliance cbradley@iot.in.gov 317.234.3872