Forensics and Security - Essay Example

Forensics and security report Introduction As defined by Landoll , security assessment is a means to enhance information technology security of an organization. The major aim of carrying out security assessment is often to determine an organization’s maturity level and enable it discover its organizational, legal as well as technical risks. This implies specifically detecting the major vulnerabilities/weak points within the protection system. The assessment then concludes with an enhancement plan whose activation facilitates the development of a protection system hence an improvement in terms of the organization security level. It is within this background therefore that this particular report intends to provide an analysis on security assessment touching on the processes involved, the key technologies used and the necessity for forensic procedures and policies. Processes Involved in a Security Assessment With the increased dependence on the computer systems, the risk relating to information security has no doubt joined a range of risks that organizations have to manage (Landoll, 2011). Regardless of the risk type, all risk assessments normally contain the following processes: Defining the Security Domain: This step involves the identification of the major security areas that are deemed vulnerable to security risks or simply the identification of the risk within a chosen domain/field of interest. Risks are often about events ,as a result, their identification can begin with finding out their sources, which may be either internal or external Identifying Assets: This stage involves identifying as well as determining the value, sensitivity, as well as the criticality of not only the assets but also the operations that may be affected if a given threat occursto ascertain the operations and even assets that are most significant. The step often involves classifying that which is significant or of value to the organization including the tangible assets such as the data processing machines/equipment, buildings and employees, as well as the intangible assets, which may include the intellectual property Identifying threats: This step involves detecting threats deemed to harm and, therefore, seriously affect not only the critical operations but assets as well. The threats may include things such as disgruntled employees, intruders, terrorists, criminals and even natural disasters. Identifying Vulnerabilities: This entails identifying and estimating the probability that given threats may materialize by relying on past information as well as judgment of well-informed experts. This often calls for a detailed evaluation of a business organization’s risks and their vulnerabilities including internal users, third parties and internal systems. When carrying out the evaluation of the probability and the likely impact of threats to the organization’s internal systems, the assessment team ought to evaluate the vulnerabilities relating to hardware, software, networks, system interfaces as well as devices in use (Rhoads, 2012).Generally, the infrastructure supporting data transmission represents significant high risk unless monitored regularly to deter unauthorized use. Calculating the risk: This involves simply carrying out estimation for most critical as well as sensitive operations and organization assets, or the likely losses/damage that may occur should a threat occur, including the recovery costs. Identifying the Cost-effective actions aimed at Mitigating or Reducing Risk: This step normally entail the implementation of the new organizational policies as well as the technical/physical controls. The techniques of managing the risks once identified may fall into various categories include avoidance,retention,sharing or reduction (Dorfman,2007).However, the ultimate employment of these strategies might not be easy as a number of them entail trade-offs that are unacceptable to either the company or the individual carrying out the risk decisions. Documentation of the Results: This is in most cases the final step of risk assessment process and entails detailing of the results and thereafter coming up with an action plan. Key Technologies used in Computer Security Information Technology has no doubt played a significant role in linking organizations with its customers, suppliers, remote employees and business partners at a relatively cheaper cost than other linkages. To remain competitive implies that they have to extend to the outside world. On the other hand, organizations currently face complicated security threats with the expanding technology. It is thus inevitable that organizations protect their networks (Shim et.al, 2013). Some of the key technologies employed in Computer security include: Firewalls: This technology guards against any unauthorized entry coming from outsiders or even individual departments Intrusion Detection Monitors: This guard/watch the internal network traffic as well as the servers for any signs of threat Central Event Manager: This technology significantly integrates all distributed components of security Vulnerability Scanners: This particular technology proactively scans internal network for possible security weaknesses Virus/Content Scanners: This technology searches for any malicious codes including viruses The requirement for Forensic Procedures and Policies,identifying and implementing those relevant to evidence collection and preservation There are often many situations in which an organization may accrue benefits from its capability to not only gather but also safeguard digital evidence prior to an incidence occurring. A forensic procedure is often employed by an organization as an after-event response or reaction to a very serious information security incident. Preparing to use the particular evidence may often entail enhanced system and employee monitoring, physical, procedural as well as procedural means to obtain information to evidential standards of permissibility/admissibility, processes as well as procedures to make certain that employees recognize the significance and the legal sensitivities of the evidence, and proper legal counsel and interface with law enforcement (Rowlingson, 2004). Given this, the forensic laboratory often develops and maintains various guidelines and procedures for conducting tasks regarding the procession of forensic cases. As a result, it is inevitable or a requirement to develop forensic procedures and policies as they often help in ensuring that consistency exists in the manner in which materials are processed, a procedure Watson & Jones (2013) argue leads to proper practices and approach to tasks involving forensic activitiesand, in so doing, ensuring that all the cases are processed within the same standard whether they are expected to be taken to a court or not.The policies and guidelines also ensures that the collected evidence, for instance, a case that begins as an internal punitive action as a result of a computer misuse, may be employed if found out that there existed a serious incident of crime that might lead to an individual being prosecuted.Generally,by employing the use of the policies and guidelines to facilitate consistency, the reliability of any information used or the outcomes obtained can be demonstrated. This supports the acceptability of any given evidence produced into legal proceedings. Conclusion From the report, there is no doubt that security assessment is an integral risk management element for any business organization. Carried out properly, security risk assessments gives organization managers a feedback required to clearly understand the significant threats to the organization assets, identify the vulnerabilities of the current controls, in addition to selecting appropriate safeguards. On the other hand, when performed incorrectly, security risk assessment may give a wrong sense regarding security which may allow possible security threats to build up into catastrophic losses of not only capital but also proprietary information and business value as well. Bibliography Dorfman, M, 2007, Introduction to Risk Management and Insurance, 9th edition, Prentice Hall Landoll, Douglas, 2011, The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments, Second Edition, illustrated, revised, CRC Press Rowlingson, R, 2004, A Ten Step Process for Forensic Readiness, International Journal of Digital Evidence Winter, Vol.2, Iss.3 Rhoads, J, 2012, Security Risk Assessments in Five Steps, Baseline magazine Shim, J, Qureshi, A & Siegel, J.G, 2013, The International Handbook of Computer Security, Routledge Watson, D.L & Jones, A, 2013, Digital Forensics Processing and Procedures: Meeting the Requirements of ISO 17020, ISO 17025, ISO 27001 and Best Practice Requirements, Newnes Read More