1 / 27

Proving Your Case - Computer Security

Learn about common types of computer crime and essential components of security. Explore administrative, personnel, physical, communications, hardware, software, and operations security. Discover ways to plan for computer crime, detect intrusions, and form a response team.

josefinar
Télécharger la présentation

Proving Your Case - Computer Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Proving Your Case - Computer Security Terrence P. Maher Abrahams Kaslow & Cassman tmaher@akclaw.com

  2. Common Types of Computer Crime • Fraud by computer manipulation • Computer forgery • Damage to or modifications of computer data or programs • Unauthorized access to computer systems and service • Unauthorized reproduction of computer programs

  3. Essential Components of Security • Administrative and organizational security • Personnel security • Physical security • Communications - electronic security • Hardware and Software security • Operations security • Contingency planning

  4. Administrative and Organizational Security • Development of procedures to identify risks • Definition of individual security duties and assignment of responsibilities • Designation of restricted areas • Establishment of authorization procedures • Identification of external dependencies • Preparation of contingency plans

  5. Personnel Security • Specify security requirements in job descriptions • Insure personnel meet the requirements - background investigations • Adequate security motivation and training • Have adequate corporate policies in place • Remember to check contractors who are provided access to premises or systems

  6. Personnel Security • Supervising access to and control over system resources through identification and authorization measures - monitoring • Enforce vacation policies and rotate assignments • Termination procedures • Expect revenge from disgruntled employees or ex-employees

  7. Physical Security • Site planning - location and layout, building construction, fencing and shielding • Control of access - perimeter security, visitor control, access devices and badges, guards and anti-intrusion devices • Protection against physical damage and environmental failures • Protection of media and supplies • Random checks and tests

  8. Communications-Electronic Security • Access control - passwords, password controls, smart cards and biometric devices • Physical security of network cabling and telecommunications equipment • Shielding of cables • Firewalls • Encryption

  9. Hardware and Software Security • Identification measures to identify authorized users • Isolation features to restrict access to unauthorized devices, software and data • Access control for selective sharing of system resources • Surveillance and detection measures • Response techniques to counter harm

  10. Operations Security • Identification of assets requiring protection • Establishment of value of those assets • Identification of threats associated with each asset • Identification of the vulnerability of the system to such threats

  11. Operations Security • Assessment of the risk exposure associated with each asset • Selection and implementation of security measures • Testing of security measures • Audit and refinement of security program on a continuing basis

  12. Planning for Computer Crime • Place various detection measures in place in order to quickly identify when a crime occurs • Assemble a team who will respond to incidents • Determine how the team will respond to different types of intrusions • Test and update the procedures

  13. Detection Tools • Intrusion detection systems are not designed to collect and protect the integrity of the type of information required to conduct law enforcement investigations • There is a lack of guidance to employees as to how to respond to intrusions and capture the required information

  14. Detection Tools - Logs • System logs • Audit logs • Application logs • Network management logs • Network traffic capture • Contemporaneous manual entries • Logs maintained by the intruder, an ISP or telecommunications provider

  15. Detection Tools - Logs • Logs may make little immediate sense without training in the operation of the intrusion detection tool and understanding the principles upon which it operates • Logs may lack sufficient detail • Logs may not cover relevant time periods • Logs may not be sufficient to permit comparison of normal vs. abnormal activity

  16. Detection Tools - Logs • In real time detection, the detection tool may not be sufficient to keep up with network traffic or it may be positioned on the network in a way that it is unable to capture all relevant data • Logs may not identify the perpetrator in any useful way • Logs may have been compromised

  17. The Response Team • Have the team formed ahead of time • Team members should include a manager, systems operator, auditor, investigator, technical advisor, and legal

  18. The Response Team • Manager • Team leader and decides on response to incident • Person should be able to assess the value of the compromised information and the potential impact of the loss on the organization • Responsible for documenting all events that have taken place

  19. The Response Team • System Operator • May be a systems manager or systems programmer must know his or her way around the system(s) involved • For crimes in progress, the systems operator will track the criminal and monitor system activity -For crimes which have taken place, the systems operator will be responsible for reconstructing what took place • Responsible for documenting what happened

  20. The Response Team • Auditor • Help the systems operator follow the trail of the crime using audit tools and audit trails • Responsible for documenting the economic impact of the incident • Includes tangible and intangible losses, as well as lost productive time

  21. The Response Team • Investigator • Usually from the law enforcement agency that has jurisdiction over the crime • Duty is to make sure all evidence is collected using proper means and in accordance with legal requirements • Will be responsible for securing appropriate judicial authorization for search warrants and monitoring of communications

  22. The Response Team • Technical Advisor • Usually a technical expert who understands both technology and criminal investigation techniques • Usually from the law enforcement agency which has jurisdiction over the crime • Will work closely with the systems operator to analyze system logs and other system activity that may explain the crime and identify the suspect

  23. The Response Team • Legal • Risk management • Insurance recovery • Civil prosecution

  24. Response • Should you call in law enforcement? • trap and trace devices • pen registers • dialed number recorders • search warrants for third party and intruder facilities, equipment, systems and records • Interview witnesses and informants

  25. Evidence and Legal Proceedings • Admissibility and Weight of Evidence • Hearsay Rule • Business records exception • Authentication • Best Evidence • Reliability of witnesses • Chain of possession

  26. Evidence and Legal Proceedings • Discovery • Protective Orders • Testimony

  27. Terrence P. Maher Abrahams Kaslow & Cassman 8712 West Dodge Road Suite 300 Omaha, Nebraska 68114 tmaher@akclaw.com

More Related