1 / 35

Digital Forensics CS4398 Guest Lecture

Digital Forensics CS4398 Guest Lecture. Jan Kallberg, PhD 11/28/2011. Topics. A perspective on security Systems and today’s challenges Digital forensics’ role in security Humans as security risks New risks: reputation, business risks, regulatory risks.

tcrippen
Download Presentation

Digital Forensics CS4398 Guest Lecture

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Digital Forensics CS4398Guest Lecture Jan Kallberg, PhD 11/28/2011

  2. Topics • A perspective on security • Systems and today’s challenges • Digital forensics’ role in security • Humans as security risks • New risks: reputation, business risks, regulatory risks

  3. A perspective on security • Ensure implementation of decisions • Accountability • Functionality • Institutional control • Maintain trust, authority, and confidence • In government - legitimacy

  4. The Ladder of Abstraction

  5. Four Steps Theory Methodology Tools Implementation

  6. Security CharacteristicsintangibleNotionPerception

  7. How do you measure security?

  8. General mistakes in it-security

  9. City wall Weakness: Once given access there are no effective control of actual activity. All of the security processing occur at the point of entrance.

  10. capture all (stasi) Weakness: Too much data is captured that no one has enough resources/time to analyze. Security management is overwhelmed by indicators and suffer information overflow. Example: Pilots in an emergency

  11. Refusal to identify critical assets Weakness: All information assets are protected equally leading to what really matters does not get relevant attention. Under time pressure and with the risk that the crime is still perpetrated it is essential to understand what is important to protect and respond to. Remedy: Business Impact Analysis (BIA).

  12. Systems and today’s challenges

  13. ISO 27000

  14. The Basic Model

  15. The Challenges to ISMS 1(2) • Where does the system begin and end? • Shared resources – responsibility? • Identify resources – cloud, servers, back locations, devices? • Flat organizations / independent work groups • Remote work – working from home

  16. The Challenges to ISMS 2(2) • People • Big plans, mediocre implementation, entropy over time (Bob retired…) • Stamina in upholding IT-sec policies (Hospital) • Unsafe behavior among executives and mgmt(laptop DEA)

  17. Digital forensics role in IT-security • Accountability • Regulatory compliance • Audit trail • Monitoring • Policy enforcement • Deterrent

  18. Regulatory and Policy Enforcement • SEC (Securities and Exchange Commission) • SOX audit trail • Internal and external audits • Federal and state law compliance • Agency, corporate or university policies

  19. Routine Security Check • Captures all staff/mgmt • You don’t need an excuse to do it • Don’t trigger any concerns • Intermittent pattern

  20. Deterrence • Perpetrators are more focused on the risk of being caught than the repercussions • Insider information theft are premeditated (Example: sales manager leaving company steals a copy of the customer data base) • Deterrence only works towards rational actors • Visible forensic and monitoring abilities deters • Forensic ability or monitoring structure can not be shared in detail – risk of anti-forensics

  21. Digital Forensics as a Part of Risk Analysis

  22. Monitoring – Forensics – Incident Reports (feedback loop) Adaptive “healing” systems

  23. Presenting Complex Technical Evidence

  24. Humans as risks • Greed • Jealousy • Vanity • Revanchist • Ideological risks • Addiction (all flavors)

  25. Humans vs. Machines A person works approx 2,000 hrs / year – Google report equals ≈144 years

  26. Security rules, processes, and policies that are obstacles to work flow tend to be trespassed or ignored. Office culture prevails. Security – Work Flow

  27. Collegial bonds are strong • Don’t disclose to mgmt that something is not right • Often signs are clearly visible • Protecting each other • A + B + C = the complete story

  28. Other considerations • Reputational risks / leaks • Enterprise cloud computing • Facebook • Social media • Google Docs • Unauthorized information sharing

  29. Topics • A perspective on security • Systems and today’s challenges • Digital forensics role in security • Humans as security risks • New risks: reputation, online clout, business risks, regulatory risks

  30. Discussion How would you handle the following?

  31. 1. How do you motivate a business leader that their company needs in-house digital forensic ability?

  32. 2. How can we limit the damage of character failure (unauthorized actions) in an organization?

  33. 3. How can a security awareness campaign in a company present forensics as an individual deterrent?

  34. 4. Taking in account the advances in forensics and monitoring. Do you think IT-security is becoming easier or harder to execute?

  35. Questions?Thank you!jkallberg@utdallas.edu

More Related