StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Developing the Forensics, Continuity, Incident Management - Case Study Example

Cite this document
Summary
This paper 'Developing the Forensics, Continuity, Incident Management' tells us that the technological revolution of the 21st century has posed a lot of challenges to corporate in equal measure. The increasing number of internet connections has brought about security concerns to corporate organizations and individuals alike…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER95.9% of users find it useful
Developing the Forensics, Continuity, Incident Management
Read Text Preview

Extract of sample "Developing the Forensics, Continuity, Incident Management"

Developing the Forensics, Continuity, Incident Management, and Security Training Capacities for the Enterprise Number The technological revolution of the 21st century has posed a lot of challenges to corporate and clients in equal measure. The increasing number of internet connections has brought about security concerns to corporate organizations and individuals alike. Security assurance is therefore necessary if IT benefits are to be realized. Security policies provide a framework for the procedures and steps that should be taken to protect business assets and information from destruction via the physical intervention or use of technology. The core role of such policies is to protect business assets, data confidentiality and integrity (Sumeet Dua, 2012). Information security involves safeguarding the integrity, confidentiality and the availability of information either in electronic or print form while information policy assurance is the practice of managing the risk associated with such data. Resource allocation for business continuity In any organization business continuity plan is crucial to provide a foundation for prevention and recovery from natural and non-natural disaster. Resource allocation therefore constitutes the backbone of the business continuity process. The organization should incorporate realistic and practical ways of resolving the important resource allocation issues that are most likely to impact it. This includes the people, places and things. People includes the employees, insiders, customers, vendors, institution-affiliated and third-party service providers. The places are the facilities that the institution owns, manages, maintains and controls while things is comprised of the assets, equipments, supplies, records and documents available to an organization (Watters, 2010). An effective and credible business continuity plan is developed in a series of steps. Business impact analysis is done to identify the sensitive and crucial business functions and the resources that support them. This process outlines the effects resulting from the interruption of normal business functions and the recovery priorities and strategies (Gerard Blokdijk, 2008). The information is used to decide on the resources to be allocated to the process. Appropriate delegation of planning activities and the involvement of the top and lower management personnel in the implementation of a BCPhas been observed to significantly yield positive results. According to the 2005 Business Continuity Survey by CPM and Deloitte, involvement of junior staff eliminates the otherwise casual approach towards the BCP and improves the response time. After an impact analysis has been done, development and implementation of the plan follow. The plan will require resources from within the business or outside to carry out recovery strategies to restore normal operations. Data recovery softwares, hot sites and offices are required to bring to restore the affected operations. Finally the recovered operations must be kept up to date and constantly testing performed to minimize the risk of future recurrence. Alternative back up sites may be created to safeguard loose of data if the company considers adopting more efficient and effective IT solutions to replace obsolete technology Policies enhancing business continuity Security policies govern the access and use of sensitive information in a business organization. Physical hardware such as routers, switches, firewalls, file servers , desktops and laptops are very important to protect. Likewise software distribution should be maintained through the use of passwords. Using passwords limits the number of people accessing the information thus minimizing the chance of abuse. Data retention policies are documents determining the time period upon which corporations are required to maintain information. Different types of information require different lengths of time before being destroyed. Retention policies are important for business continuity because it describes the procedures for archiving, and destroying after the time limit has been exceeded. For example, electronic data needs to be maintained for a specified period of time according to legal, personal and business requirements. Also all information relating to a lawsuit must be surrendered to authorities for litigation purposes in regardless of the state or medium. Acceptable use policies aim at protecting the companies employees and assets from illegal and damaging actions by individuals either intentional or otherwise. Computer resources provided by companies should not be used to store or sent offensive material. Customer user policy lays down the guidelines to be followed while handling and using company assets. An increase in the use of dial up modem services increases the risk of vulnerabilities and gives administrators a hard time in controlling users access. Secure standards for connecting to the organizational internal systems such as SecureID and Remote Access Dial In User Server should be established. Users on internal networks should be restricted from dialing out of the corporate network whilst on LAN (Lee, 2012). Similarly company provided email systems are managed through email policies to avoid misuse. Emails sent via company networks should strictly be business related to the reason that the company is liable for an employees actions. These policies deter anti-forensic tools designed to eliminate evidence following a criminal or civil investigation by forensic experts. If users are aware that they are under frequent monitoring they can stop the abuse of internet privileges. A scenario from an investigator manager of a major credit card company illustrates this concept. Having noticed a clutch of fraudulent activities in the company he realized that an employee had downloaded an audio file over a lunch break and while playing the song a rootkit hidden inside the song installed and allowed a hacker to establish a secure connection and capture card transactions. Business continuity management model Although there is no single approved model of how to respond and mitigate incidental events, BCM model compiles the standards , processes and experience that organizations use for the purpose of preparing for any eventualities. The structure of this model comprises of the following; Steering committee Response management team Plan administrator Disaster recovery coordinators Business continuity team The senior management team establishes a business continuity strategic plan to mitigate the business risk. The plan outlines the structures of creating, maintaining, executing and training the business plan. It also provides the process for identifying the responsibilities of the team members and the priority events. The emergency response and management team consisting of managers from all departmental areas implement the plan with the help of the plan administrator. A disaster recovery plan approved by the management defines the required sources , actions and tasks needed to ensure a successful recovery effort. Digital forensic process and RTO A well defined digital forensic process begins with a plan that establishes the workflow guidelines to reduce the Recovery Time Objective (RTO) and increase the amount and quality of data retrieved. Investigators and security personnel identify the viable sources of evidence and use the proper forensic procedures. The acquisition and extraction process uses state of the art tools to ensure proper chain of custody is strictly adhered to. Sufficient knowledge of where to look for evidence in the different corporate networks significantly reduces the degree of interruption of normal operations and produce results of the highest value in the shortest time possible. Enterprise continuity process A business continuity process consists of four major steps including; disaster recovery, business recovery, business resumption and contingency planning (Gerard Blokdijk, 2008). Business analysis This step establishes a foundation pertaining the sponsorship and commitment of resources to the recovery plan. A basis of business impact and risk assessment is established to make the plan successful. Development and implementation of the plan This phase involves active participation of all concerned to formulate a plan that will bring the business to normalcy. The plan must detail all the recovery strategies and the components of the test plan. An effective plan should deliver the best results to the enterprise. The business resumption and recovery processes must d be updated and tested regularly. Business response team No matter the level of planning and redundancy system failure still occurs. The role of the response team is to minimize and mitigate the impacts of uncertainties on customers, business and investors. Effective response protects the image of the organization and the safety of employees. The functions of the business response team can be categorized into five groups as follows; Prepare Detect Mitigate Analyze Measure and remediate An incident response plan containing all the activities necessary to mitigate the effects is used to train the team to achieve qualified, quick and orderly members aware of their responsibilities. A comprehensive Continuity Operation Plan that includes incidence response, backup and restore and management change safeguard a recurrence of the disaster (Lee, 2012). Though anti-forensic techniques in the digital realm are uniquely hard and complex to monitor, proper techniques are required to detect these efforts and stop them. Awareness of anti-forensics efforts enhances the ability to protect organizations . General awareness on the need to follow and implement internet security policy should be the responsibility of each and every individual in an organization. A policy that takes advantage of forensic capabilities and methodologies not only prevent fraudulent activities , it also saves the company assets. Thus the policy commitment is crucial to an enterprise starting from the top management to the bottom level (Lee, 2012). Continuous training on the emerging trends of anti-forensic efforts is also necessary. With the ever emerging technologies, enterprises should invest deeply in equipping its personnel with the necessary skills to combat crimes such as espionage. The analysis and acquisition of forensic information should be done by qualified staff rather than IT managers and human resource heads. Mishandling of evidence by unqualified staff destroys the integrity and renders them useless. References Gerard Blokdijk, J. B. (2008). Disaster recovery and business continuity it planning, implementation, management and testing of solutions and services workbook. Lulu.com. Lee, R. (2012). Software engineering research, management and applications 2011. Springer. Sumeet Dua, A. G. (2012). Information systems, technology and management. Springer. Watters, J. P. (2010). The business continuity management desk reference. Jamie Watters. Read More
Tags
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Developing the Forensics, Continuity, Incident Management, and Case Study”, n.d.)
Developing the Forensics, Continuity, Incident Management, and Case Study. Retrieved from https://studentshare.org/information-technology/1611083-developing-the-forensics-continuity-incident-management-and-security-training-capacities-for-the-enterprise
(Developing the Forensics, Continuity, Incident Management, and Case Study)
Developing the Forensics, Continuity, Incident Management, and Case Study. https://studentshare.org/information-technology/1611083-developing-the-forensics-continuity-incident-management-and-security-training-capacities-for-the-enterprise.
“Developing the Forensics, Continuity, Incident Management, and Case Study”, n.d. https://studentshare.org/information-technology/1611083-developing-the-forensics-continuity-incident-management-and-security-training-capacities-for-the-enterprise.
  • Cited: 0 times

CHECK THESE SAMPLES OF Developing the Forensics, Continuity, Incident Management

Gaining Approval from Organizational Leaders

The paper "Gaining Approval from Organizational Leaders" states that Ferszt et al developed an educational support plan for nurses nurturing pregnant women in prison.... This plan highlighted the plight of the pregnant women in prison, and how the support group increased their comfort.... ... ... ...
6 Pages (1500 words) Research Paper

Fault tolerance and system/network survivability

The security of these computer network systems are required to be established to support the new development of a Computer Forensic division called SCORP forensics.... CORP forensics will be erected in Sydney metropolitan area in down-south Australia to cater for the capital city's law enforcement agencies and the local New South Wales (NWS) police force.... The primary service provided by SCORP forensics is consulting services.... Due to the nature of business and high sensitivity work done by SCORP forensics, the security of all aspects of its computer facility will be of the utmost importance....
13 Pages (3250 words) Essay

Information systems security incident

This paper describes the types of logs that are maintained at B-Concepts, the log management system and discusses the advantages of security logs.... Security fault logs are recorded in absence of security policy and risk management strategy.... CONOP outlines the key players, their roles and responsibilities in the event of information security incident.... CONOP outlines the key players, their roles and responsibilities in the event of information security incident....
8 Pages (2000 words) Essay

Computer Forensics Challenges

Documents maintained on a computer are covered by different rules, depending on the nature of the documents.... Many court cases in state and.... ... ... The Fourth Amendment of the US Constitution ( and each state's constitution) protects everyone's right to be secure in their person, residence and property from search and seizure....
26 Pages (6500 words) Essay

Information Security System Management for Swift Courier Company

From the paper "Information Security System management for Swift Courier Company" it is clear that it is important for a company to evaluate its position and systematically come up with methods that are meant to help in improving and achieving the company's targets.... Collectively, the company management team has at least 50 years of experience in areas like transportation planning, logistics, operations, routing, as well as managing mail/postage delivery.... Swift Courier's main requirements are in the areas of contingency planning, risk management, security policies, security staffing, and security awareness....
44 Pages (11000 words) Capstone Project

Impact of the Buncefield Oil Depot Fire

This incident forced hundreds of nearby residents to leave their dwellings.... uring the time of the incident, the present inventory in the depot was more than 35 million liters of petrol, diesel, and aviation fuel in which a third of it lost due to the fire (CDRP, 2007) ...
11 Pages (2750 words) Case Study

The Establishment of an Incident Command System in Buncefield

The paper "The Establishment of an incident Command System in Buncefield" outlines that several people were injured during the incident but no one died.... This incident of the explosion damaged fuel tanks which most of which were of large storage capacity.... ind reasons for the establishment of an incident command system in large-scale incidents....
11 Pages (2750 words) Case Study

Control Systems Security - Resilience Capability Plan

Ensuring sufficient cybersecurity measures is the only way through which delivery systems that support energy distribution are key in facilitating continuity as well as protecting the interest of all shareholders who rely on energy-based resources.... As the paper "Control Systems Security - Resilience Capability Plan" tells, the performance of creating resilient security systems is to enable the development of new defense architecture that offers an in-depth defense and which employs interoperable, extensible as well as fail-safe systems....
8 Pages (2000 words) Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us