D IGITAL F ORENSICS CS4398 G UEST L ECTURE Jan Kallberg, PhD 11/28/2011.
-
Upload
brett-dean -
Category
Documents
-
view
234 -
download
0
Transcript of D IGITAL F ORENSICS CS4398 G UEST L ECTURE Jan Kallberg, PhD 11/28/2011.
DIGITAL FORENSICS CS4398
GUEST LECTUREJan Kallberg, PhD11/28/2011
• A perspective on security• Systems and today’s challenges• Digital forensics’ role in security• Humans as security risks• New risks: reputation, business risks,
regulatory risks
Topics
2
A perspective on security
•Ensure implementation of decisions•Accountability•Functionality •Institutional control•Maintain trust, authority, and confidence•In government - legitimacy
3
The Ladder of Abstraction
4
Four Steps
TheoryMethodologyToolsImplementation
5
SECURITY CHARACTERISTICSINTANGIBLENOTIONPERCEPTION
6
HOW DO YOU MEASURE SECURITY?
7
GENERAL MISTAKES IN IT-SECURITY
8
CITY WALL
9
Weakness:1.Once given access there are no effective control of actual activity. 2.All of the security processing occur at the point of entrance.
CAPTURE ALL (STASI)
10
Weakness:1.Too much data is captured that no one has enough resources/time to analyze.
2.Security management is overwhelmed by indicators and suffer information overflow.
Example: Pilots in an emergency
11
REFUSAL TO IDENTIFY CRITICAL ASSETS
Weakness:1.All information assets are protected equally leading to what really matters does not get relevant attention.
2.Under time pressure and with the risk that the crime is still perpetrated it is essential to understand what is important to protect and respond to.
Remedy: Business Impact Analysis (BIA).
Systems and today’s challenges
12
ISO 27000
13
The Basic Model
14
The Challenges to ISMS 1(2)• Where does the system begin and end?• Shared resources – responsibility?• Identify resources – cloud, servers, back
locations, devices?• Flat organizations / independent work groups• Remote work – working from home
15
The Challenges to ISMS 2(2)• People • Big plans, mediocre implementation, entropy
over time (Bob retired…)• Stamina in upholding IT-sec policies (Hospital)• Unsafe behavior among executives and mgmt
(laptop DEA)
16
Digital forensics role in IT-security
•Accountability•Regulatory compliance•Audit trail•Monitoring•Policy enforcement•Deterrent
17
Regulatory and Policy Enforcement
• SEC (Securities and Exchange Commission)• SOX audit trail• Internal and external audits• Federal and state law compliance• Agency, corporate or university policies
18
Routine Security Check•Captures all staff/mgmt•You don’t need an excuse to do it•Don’t trigger any concerns•Intermittent pattern
19
Deterrence
• Perpetrators are more focused on the risk of being caught than the repercussions
• Insider information theft are premeditated (Example: sales manager leaving company steals a copy of the customer data base)
• Deterrence only works towards rational actors
• Visible forensic and monitoring abilities deters
• Forensic ability or monitoring structure can not be shared in detail – risk of anti-forensics
20
21
Digital Forensics as a Part of Risk Analysis
Monitoring – Forensics – Incident Reports (feedback loop)
Adaptive “healing” systems
22
Presenting Complex Technical Evidence
23
Humans as risks
•Greed•Jealousy•Vanity•Revanchist•Ideological risks•Addiction (all flavors)
24
Humans vs.
Machines
25
A person works approx 2,000 hrs / year – Google report equals ≈144 years
SECURITY – WORK FLOW
26
Security rules, processes, and policies that are obstacles to work flow tend to be trespassed or ignored.
Office culture prevails.
Collegial bonds are strong
•Don’t disclose to mgmt that something is not right•Often signs are clearly visible•Protecting each other•A + B + C = the complete story
27
• Reputational risks / leaks• Enterprise cloud computing • Facebook• Social media• Google Docs • Unauthorized information
sharing 28
Other considerations
• A perspective on security• Systems and today’s challenges• Digital forensics role in security• Humans as security risks• New risks: reputation, online
clout, business risks, regulatory risks
Topics
29
Discussion
How would you handle the following?
30
1. HOW DO YOU MOTIVATE A BUSINESS LEADER THAT THEIR COMPANY NEEDS IN-HOUSE DIGITAL FORENSIC ABILITY?
31
2. HOW CAN WE LIMIT THE DAMAGE OF CHARACTER FAILURE (UNAUTHORIZED ACTIONS) IN AN ORGANIZATION?
32
3. HOW CAN A SECURITY AWARENESS CAMPAIGN IN A COMPANY PRESENT FORENSICS AS AN INDIVIDUAL DETERRENT?
33
4. TAKING IN ACCOUNT THE ADVANCES IN FORENSICS AND MONITORING. DO YOU THINK IT-SECURITY IS BECOMING EASIER OR HARDER TO EXECUTE?
34