Computer Forensics and Criminal Justice - Research Paper Example

Full Paper Computer Forensics An incident response team is a dedicated group of skilled professionals responsible for identifying, containing and responding to cyber threats. An incident response team is typically called as computer security incident response team that responds to cyber threats or breaches within organizations (Computer security incident response team.2007). CSIRT is usually incorporated within corporate organizations maintaining large customer databases or federal security systems.

Whenever an incident or a security breach occurs, the team is capable of identifying threats for containing them in a boundary and then initiates a response for recovery (Bhaskar, 2005). However, responding recover from a cyber-threat is not an easy task and is not always possible. Organizations can designate Chief information security officers, information security officers, information security engineers or IT security engineers to be a part of a team. Likewise, it is essential to delegate powers to the team members, as they have to make decisions in real time for taking prompt actions.

Apart from the security personnel, there are other team members as well who play a vital role. Management of the organization has also an important role, as senior members of the management functions must input for making decisions that may impact business goals. Management must assist the incident response team on every step that may incorporate security evaluation, designating or selecting appropriate CSIRT members, developing administrative controls i.e. policies and testing the incident response plan.

The part of the management to play is associated with the authority that will be delegated to the team members for making informed decisions. Similarly, employees associated with the information security domain i.e. Chief Information Security Manager security professionals certified in handling digital forensics are considered to be valuable to the business and the organization because of their competitiveness in handling complexity of these incidents. Moreover, they are also responsible for identifying weaknesses in the IT architecture, calculating damage done, containing the threat, performing digital forensic investigations and recovery.

Moreover, IT professionals are also mandatory in the CSIRT, as they are responsible to safeguard organization’s data. In case of a security breach within an organization, employees associated with the IT function must be updated about the progress of the incident response plan. If employees associated with the IT functions are not in the loop, the evidence may be deleted or be replaced by the backup data. If they are communicated thoroughly along with the technical consequences, they can customize or enable/disable certain options available in applications/systems/networks that may hinder end users during an execution of an incident response plan.

Moreover, auditing function is now considered a premium role in the domain of Information systems auditing. IT auditor is primarily responsible for ensuring processes and procedures are followed or not, policies are followed or not, controls are appropriate and operational or not, conducting post incident reviews for any potential vulnerabilities still not identified. They also play a critical role in a CSIRT. Furthermore, physical security is also a critical domain that requires policing information assets.

It is essential to provide adequate physical security to systems containing critical data, mission critical applications and highly confidential documents. It is possible that a cyber-threat may harm information systems physically. A prime example is a stuxnet virus that embeds itself into a machine code to change voltages of power grids affecting critical infrastructure of a country. A team associated with physical security of an asset evaluates physical damage to an asset and safeguard evidence in between a forensic investigation so that it cannot be altered or deleted.

Apart from these physical security functions, attorneys also play a vibrant role in a legislative domain. The Attorney is responsible for ensuring the originality of the collected forensic evidence against an electronic crime. Moreover, the Attorney also guides organizations for consequences and liability issues for an event. The human resource functions is also involved for issues associated with employees involved in the incident within the organization. However, the human resource is most active when an employee is found to be linked with the incident.

Lastly, the financial auditor holds the ultimate job to calculate the monetary value of the incident, as it is considered to be the most difficult task. It is necessary for the insurance companies, as they need a monetary value for an incident. To address cyber threats, Forum of Incident Response and Security Teams (FIRST) are formed. It is an umbrella organization that is associated with computer security incident response centers around the world to combat cyber-threats, as a collaborative effort is a must to address growing threats around the world (Forum of incident response and security teams.2007). References Bhaskar, R. (2005). A proposed integrated framework for coordinating computer security incident response team.

Journal of Information Privacy & Security, 1(3), 3-17. Computer security incident response team. (2007). Network Dictionary, , 116-116. Forum of incident response and security teams. (2007). Network Dictionary, , 200-200.