Developing the Forensics, Continuity, Incident Management - Case Study Example

Developing the Forensics, Continuity, Incident Management, and Security Training Capacities for the Enterprise Number The technological revolution of the 21st century has posed a lot of challenges to corporate and clients in equal measure. The increasing number of internet connections has brought about security concerns to corporate organizations and individuals alike. Security assurance is therefore necessary if IT benefits are to be realized. Security policies provide a framework for the procedures and steps that should be taken to protect business assets and information from destruction via the physical intervention or use of technology. The core role of such policies is to protect business assets, data confidentiality and integrity (Sumeet Dua, 2012). Information security involves safeguarding the integrity, confidentiality and the availability of information either in electronic or print form while information policy assurance is the practice of managing the risk associated with such data. Resource allocation for business continuity In any organization business continuity plan is crucial to provide a foundation for prevention and recovery from natural and non-natural disaster. Resource allocation therefore constitutes the backbone of the business continuity process. The organization should incorporate realistic and practical ways of resolving the important resource allocation issues that are most likely to impact it. This includes the people, places and things. People includes the employees, insiders, customers, vendors, institution-affiliated and third-party service providers. The places are the facilities that the institution owns, manages, maintains and controls while things is comprised of the assets, equipments, supplies, records and documents available to an organization (Watters, 2010). An effective and credible business continuity plan is developed in a series of steps. Business impact analysis is done to identify the sensitive and crucial business functions and the resources that support them. This process outlines the effects resulting from the interruption of normal business functions and the recovery priorities and strategies (Gerard Blokdijk, 2008). The information is used to decide on the resources to be allocated to the process. Appropriate delegation of planning activities and the involvement of the top and lower management personnel in the implementation of a BCPhas been observed to significantly yield positive results. According to the 2005 Business Continuity Survey by CPM and Deloitte, involvement of junior staff eliminates the otherwise casual approach towards the BCP and improves the response time. After an impact analysis has been done, development and implementation of the plan follow. The plan will require resources from within the business or outside to carry out recovery strategies to restore normal operations. Data recovery softwares, hot sites and offices are required to bring to restore the affected operations. Finally the recovered operations must be kept up to date and constantly testing performed to minimize the risk of future recurrence. Alternative back up sites may be created to safeguard loose of data if the company considers adopting more efficient and effective IT solutions to replace obsolete technology Policies enhancing business continuity Security policies govern the access and use of sensitive information in a business organization. Physical hardware such as routers, switches, firewalls, file servers , desktops and laptops are very important to protect. Likewise software distribution should be maintained through the use of passwords. Using passwords limits the number of people accessing the information thus minimizing the chance of abuse. Data retention policies are documents determining the time period upon which corporations are required to maintain information. Different types of information require different lengths of time before being destroyed. Retention policies are important for business continuity because it describes the procedures for archiving, and destroying after the time limit has been exceeded. For example, electronic data needs to be maintained for a specified period of time according to legal, personal and business requirements. Also all information relating to a lawsuit must be surrendered to authorities for litigation purposes in regardless of the state or medium. Acceptable use policies aim at protecting the companies employees and assets from illegal and damaging actions by individuals either intentional or otherwise. Computer resources provided by companies should not be used to store or sent offensive material. Customer user policy lays down the guidelines to be followed while handling and using company assets. An increase in the use of dial up modem services increases the risk of vulnerabilities and gives administrators a hard time in controlling users access. Secure standards for connecting to the organizational internal systems such as SecureID and Remote Access Dial In User Server should be established. Users on internal networks should be restricted from dialing out of the corporate network whilst on LAN (Lee, 2012). Similarly company provided email systems are managed through email policies to avoid misuse. Emails sent via company networks should strictly be business related to the reason that the company is liable for an employees actions. These policies deter anti-forensic tools designed to eliminate evidence following a criminal or civil investigation by forensic experts. If users are aware that they are under frequent monitoring they can stop the abuse of internet privileges. A scenario from an investigator manager of a major credit card company illustrates this concept. Having noticed a clutch of fraudulent activities in the company he realized that an employee had downloaded an audio file over a lunch break and while playing the song a rootkit hidden inside the song installed and allowed a hacker to establish a secure connection and capture card transactions. Business continuity management model Although there is no single approved model of how to respond and mitigate incidental events, BCM model compiles the standards , processes and experience that organizations use for the purpose of preparing for any eventualities. The structure of this model comprises of the following; Steering committee Response management team Plan administrator Disaster recovery coordinators Business continuity team The senior management team establishes a business continuity strategic plan to mitigate the business risk. The plan outlines the structures of creating, maintaining, executing and training the business plan. It also provides the process for identifying the responsibilities of the team members and the priority events. The emergency response and management team consisting of managers from all departmental areas implement the plan with the help of the plan administrator. A disaster recovery plan approved by the management defines the required sources , actions and tasks needed to ensure a successful recovery effort. Digital forensic process and RTO A well defined digital forensic process begins with a plan that establishes the workflow guidelines to reduce the Recovery Time Objective (RTO) and increase the amount and quality of data retrieved. Investigators and security personnel identify the viable sources of evidence and use the proper forensic procedures. The acquisition and extraction process uses state of the art tools to ensure proper chain of custody is strictly adhered to. Sufficient knowledge of where to look for evidence in the different corporate networks significantly reduces the degree of interruption of normal operations and produce results of the highest value in the shortest time possible. Enterprise continuity process A business continuity process consists of four major steps including; disaster recovery, business recovery, business resumption and contingency planning (Gerard Blokdijk, 2008). Business analysis This step establishes a foundation pertaining the sponsorship and commitment of resources to the recovery plan. A basis of business impact and risk assessment is established to make the plan successful. Development and implementation of the plan This phase involves active participation of all concerned to formulate a plan that will bring the business to normalcy. The plan must detail all the recovery strategies and the components of the test plan. An effective plan should deliver the best results to the enterprise. The business resumption and recovery processes must d be updated and tested regularly. Business response team No matter the level of planning and redundancy system failure still occurs. The role of the response team is to minimize and mitigate the impacts of uncertainties on customers, business and investors. Effective response protects the image of the organization and the safety of employees. The functions of the business response team can be categorized into five groups as follows; Prepare Detect Mitigate Analyze Measure and remediate An incident response plan containing all the activities necessary to mitigate the effects is used to train the team to achieve qualified, quick and orderly members aware of their responsibilities. A comprehensive Continuity Operation Plan that includes incidence response, backup and restore and management change safeguard a recurrence of the disaster (Lee, 2012). Though anti-forensic techniques in the digital realm are uniquely hard and complex to monitor, proper techniques are required to detect these efforts and stop them. Awareness of anti-forensics efforts enhances the ability to protect organizations . General awareness on the need to follow and implement internet security policy should be the responsibility of each and every individual in an organization. A policy that takes advantage of forensic capabilities and methodologies not only prevent fraudulent activities , it also saves the company assets. Thus the policy commitment is crucial to an enterprise starting from the top management to the bottom level (Lee, 2012). Continuous training on the emerging trends of anti-forensic efforts is also necessary. With the ever emerging technologies, enterprises should invest deeply in equipping its personnel with the necessary skills to combat crimes such as espionage. The analysis and acquisition of forensic information should be done by qualified staff rather than IT managers and human resource heads. Mishandling of evidence by unqualified staff destroys the integrity and renders them useless. References Gerard Blokdijk, J. B. (2008). Disaster recovery and business continuity it planning, implementation, management and testing of solutions and services workbook. Lulu.com. Lee, R. (2012). Software engineering research, management and applications 2011. Springer. Sumeet Dua, A. G. (2012). Information systems, technology and management. Springer. Watters, J. P. (2010). The business continuity management desk reference. Jamie Watters. Read More