Presentation is loading. Please wait.

Presentation is loading. Please wait.

Proving Your Case - Computer Security Terrence P. Maher Abrahams Kaslow & Cassman

Published byAshley Morris Modified over 8 years ago

Similar presentations

Presentation on theme: "Proving Your Case - Computer Security Terrence P. Maher Abrahams Kaslow & Cassman"— Presentation transcript:

1 Proving Your Case - Computer Security Terrence P. Maher Abrahams Kaslow & Cassman tmaher@akclaw.com

2 Common Types of Computer Crime b Fraud by computer manipulation b Computer forgery b Damage to or modifications of computer data or programs b Unauthorized access to computer systems and service b Unauthorized reproduction of computer programs

3 Essential Components of Security b Administrative and organizational security b Personnel security b Physical security b Communications - electronic security b Hardware and Software security b Operations security b Contingency planning

4 Administrative and Organizational Security b Development of procedures to identify risks b Definition of individual security duties and assignment of responsibilities b Designation of restricted areas b Establishment of authorization procedures b Identification of external dependencies b Preparation of contingency plans

5 Personnel Security b Specify security requirements in job descriptions b Insure personnel meet the requirements - background investigations b Adequate security motivation and training b Have adequate corporate policies in place b Remember to check contractors who are provided access to premises or systems

6 Personnel Security b Supervising access to and control over system resources through identification and authorization measures - monitoring b Enforce vacation policies and rotate assignments b Termination procedures b Expect revenge from disgruntled employees or ex-employees

7 Physical Security b Site planning - location and layout, building construction, fencing and shielding b Control of access - perimeter security, visitor control, access devices and badges, guards and anti-intrusion devices b Protection against physical damage and environmental failures b Protection of media and supplies b Random checks and tests

8 Communications-Electronic Security b Access control - passwords, password controls, smart cards and biometric devices b Physical security of network cabling and telecommunications equipment b Shielding of cables b Firewalls b Encryption

9 Hardware and Software Security b Identification measures to identify authorized users b Isolation features to restrict access to unauthorized devices, software and data b Access control for selective sharing of system resources b Surveillance and detection measures b Response techniques to counter harm

10 Operations Security b Identification of assets requiring protection b Establishment of value of those assets b Identification of threats associated with each asset b Identification of the vulnerability of the system to such threats

11 Operations Security b Assessment of the risk exposure associated with each asset b Selection and implementation of security measures b Testing of security measures b Audit and refinement of security program on a continuing basis

12 Planning for Computer Crime b Place various detection measures in place in order to quickly identify when a crime occurs b Assemble a team who will respond to incidents b Determine how the team will respond to different types of intrusions b Test and update the procedures

13 Detection Tools b Intrusion detection systems are not designed to collect and protect the integrity of the type of information required to conduct law enforcement investigations b There is a lack of guidance to employees as to how to respond to intrusions and capture the required information

14 Detection Tools - Logs b System logs b Audit logs b Application logs b Network management logs b Network traffic capture b Contemporaneous manual entries b Logs maintained by the intruder, an ISP or telecommunications provider

15 Detection Tools - Logs b Logs may make little immediate sense without training in the operation of the intrusion detection tool and understanding the principles upon which it operates b Logs may lack sufficient detail b Logs may not cover relevant time periods b Logs may not be sufficient to permit comparison of normal vs. abnormal activity

16 Detection Tools - Logs b In real time detection, the detection tool may not be sufficient to keep up with network traffic or it may be positioned on the network in a way that it is unable to capture all relevant data b Logs may not identify the perpetrator in any useful way b Logs may have been compromised

17 The Response Team b Have the team formed ahead of time b Team members should include a manager, systems operator, auditor, investigator, technical advisor, and legal

18 The Response Team b Manager Team leader and decides on response to incidentTeam leader and decides on response to incident Person should be able to assess the value of the compromised information and the potential impact of the loss on the organizationPerson should be able to assess the value of the compromised information and the potential impact of the loss on the organization Responsible for documenting all events that have taken placeResponsible for documenting all events that have taken place

19 The Response Team b System Operator May be a systems manager or systems programmer must know his or her way around the system(s) involvedMay be a systems manager or systems programmer must know his or her way around the system(s) involved For crimes in progress, the systems operator will track the criminal and monitor system activity -For crimes which have taken place, the systems operator will be responsible for reconstructing what took placeFor crimes in progress, the systems operator will track the criminal and monitor system activity -For crimes which have taken place, the systems operator will be responsible for reconstructing what took place Responsible for documenting what happenedResponsible for documenting what happened

20 The Response Team b Auditor Help the systems operator follow the trail of the crime using audit tools and audit trailsHelp the systems operator follow the trail of the crime using audit tools and audit trails Responsible for documenting the economic impact of the incidentResponsible for documenting the economic impact of the incident Includes tangible and intangible losses, as well as lost productive timeIncludes tangible and intangible losses, as well as lost productive time

21 The Response Team b Investigator Usually from the law enforcement agency that has jurisdiction over the crimeUsually from the law enforcement agency that has jurisdiction over the crime Duty is to make sure all evidence is collected using proper means and in accordance with legal requirementsDuty is to make sure all evidence is collected using proper means and in accordance with legal requirements Will be responsible for securing appropriate judicial authorization for search warrants and monitoring of communicationsWill be responsible for securing appropriate judicial authorization for search warrants and monitoring of communications

22 The Response Team b Technical Advisor Usually a technical expert who understands both technology and criminal investigation techniquesUsually a technical expert who understands both technology and criminal investigation techniques Usually from the law enforcement agency which has jurisdiction over the crimeUsually from the law enforcement agency which has jurisdiction over the crime Will work closely with the systems operator to analyze system logs and other system activity that may explain the crime and identify the suspectWill work closely with the systems operator to analyze system logs and other system activity that may explain the crime and identify the suspect

23 The Response Team b Legal Risk managementRisk management Insurance recoveryInsurance recovery Civil prosecutionCivil prosecution

24 Response b Should you call in law enforcement? trap and trace devicestrap and trace devices pen registerspen registers dialed number recordersdialed number recorders search warrants for third party and intruder facilities, equipment, systems and recordssearch warrants for third party and intruder facilities, equipment, systems and records b Interview witnesses and informants

25 Evidence and Legal Proceedings b Admissibility and Weight of Evidence b Hearsay Rule b Business records exception b Authentication b Best Evidence b Reliability of witnesses b Chain of possession

26 Evidence and Legal Proceedings b Discovery b Protective Orders b Testimony

27 Terrence P. Maher Abrahams Kaslow & Cassman 8712 West Dodge Road Suite 300 Omaha, Nebraska 68114 tmaher@akclaw.com

Download ppt "Proving Your Case - Computer Security Terrence P. Maher Abrahams Kaslow & Cassman"

Similar presentations

Museum Presentation Intermuseum Conservation Association.

Museum Presentation Intermuseum Conservation Association.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Control and Accounting Information Systems

Control and Accounting Information Systems
Auditing Computer Systems

Auditing Computer Systems
The Islamic University of Gaza

The Islamic University of Gaza
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Forensic and Investigative Accounting

Forensic and Investigative Accounting
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Evidence Computer Forensics. Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject.

Evidence Computer Forensics. Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Information Systems Security Officer

Information Systems Security Officer
Pertemuan 20 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan 20 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Session 3 – Information Security Policies

Session 3 – Information Security Policies

Similar presentations

Ads by Google