Case Study 2: Developing the Forensics, Continuity, Incident Management, and Security Training Capacities for the Enterprise
The United States of America learned valuable lesson from the September 11 attacks. We realized that we will need to protect the American citizens at all cost. With the use of force and as with the use of internet security. Everyday American companies, government and private citizens comes under cyber-attack. These hackers want to get into our private and personal data
Robert W. Dietz
May 19, 2018
Then the company must consider is it work the cost, when we could store our data on a server that not connected to the server/ The only downfall with this approach is that you will need to schedule a up and it will not backup current and recently save work.
I do feel that cloud service is very reliable option in the recover method as long its being maintained and updated regularly. If this is not being done correctly they when you restore from a previous back up could be out of date and the loss of information will most likely occur.
Each company should have in place a working document that shows and outlines a Business Continuity plan and how it should be carried out. These Roles & Responsibilities are needed when an incident occurs. With these rules set in place there won’t be chaos on what we should do next. Follow the plan and we will be okay. When we follow these roles we employees know what their task are, and they can get back to work on the task assigned to them during this incident. This plan is a set steps or a process that would be consider fundamental building block to get the organization back up and running so that down time can be reduced. These steps should always base on customers privacy and their needs. We must protect this data at all cost. From one data breach can hinder the success the company of they re faced with a law suite that takes the company time to recovery from. Here is when the company focus is switching to proving customer support to defending the company from extreme measures.
A plan should include a process that we should follow, and it should be documented so that there is no confusion. So that each department know what that are to do. The last thing that we want is department overstepping boundaries and infringe on another department process. All these components need to work in harmony and in a complimentary manner if any meaningful progress is to be made in organizational resource allocation for recovery and disaster mitigation (Warkentin & Vaughn, 2006).
Roles, responsibilities, and job duties should be defied within its plan. As mentioned above, duplication of roles can infringe on other duties, this can hinder the time to for recover, additional work and possibility that one process could be done before one is completed, and this could lead to an additional work and the potential the loss of work and data. This could lead to double allocation, or the same data input multiple times. When rule is defined, you are not wasting time and resources. As roles are defined it gives everyone a list of responsibilities that they need to complete this and in this order. If you get a head of yourself, you could lose the import and or cause others to struggle with their input. If this is followed, then you don’t have to worry stepping on outers toes and have them offended and them getting an attitude which could leads to hard feelings and this could slow this process down.
When business continuity is achieved, employees will feel like the play a significant part in the recovery f data and restoring the business back to operation, while we Are still trying to the company back up and running we should not forget about the user rights and permissions. So, their task that’s assigned to them should allied to their security access as well, this can limit the possibilities that one could do an improper process and that steps have to be repeated over. This is where management comes in so that safeguards are set in order, and to set what information is important and should have a higher priority.
Within the It department, there should be policies regarding the protection of security of the network, Fining the breach and implementing that patch to prevent further attacks. With this information, employees know what importance of what information should be restored first. This will clarify what they should expect and when not to expect those that are outline in the plan. Many companies preach accountability, and this is another example of which parts should each user perform and be held accountability if it is failed or if it was successfully. Each employee should know that each employee should know that the company will get through this and that their new security measures should be better going forward.
These are methodologies used to make it difficult for forensic auditors to do their job by interfering with the criminal trial in the system such that it becomes more expensive and difficult to do the investigations. However, acceptable use policies, remote access policies, and email policies could help minimize any anti-forensics in the organization through such measures as integration of forensic steps such that if an anti-forensic attack one of the steps, this does not render the forensic expert so helpless such that he or she cannot have any clue. In the circumstances, it would still be possible to use the trails left in another step to gather sufficient evidence (Warkentin & Vaughn, 2006).
With a policy that is created, no user or employee should implement what they believe is a better way, without running this through management. Management should introduce an e mail policy have trainings to their employees on what could be soma, a phishing attack and much more. With the proper training, many intrusions can be avoided. While the IT department should be able to track which email that are being open, and then this could lead to additional training to staff. I worked for a company that tracked every email that I sent and the ones that I open and deleted. They took their security very seriously, a back of such emails were kept on the server, and if I failed to pass a company test f a phishing test, then they would address accordingly.
Business structure, flow charts, and continuity are tool set in place to help management set you job description, access to what information you are allowed and what access. But more importantly it’s a tool to help with events so that business will not shut down until the fix the issue if its by natural disaster and or by a cyber-attack. By having a plan set in you are guaranteeing that your company will rebound from what evert the cause is in the shortest time. Additionally, you will have access to online tools to help restore data as well as a plan to track which assets that is more important then others. This plan will give you direction and maintain a recovery without getting half way through it and then you find you need a part, or there’s a hick that you have to start all over again.
When deciding on which way you want to go in disaster setting, this level should be decided at a corporate level. It should focus and direct staff in their roles. This plan should include directors, mangers and the staff thereafter. While that’s great giving direction to their employees, but what about allocating funds in recovery. There should be a plan to say that if cost will exceed x amount then its better to replace then repair or vice versa. The business continuity program content focuses on incident management, technology recovery, business recovery and security management. Therefore, an organization needs to apply these parameters in relation to its organizational structure.
If a cyber attack occurred, then we need to have a Digital Forensic department that will oversee the recovery, identify where the attack came from and then implement a patch to repair that breach. With each step, there should be documentation, in hopes that we can gain evidence and tie it back to the one who sent an attack. There should be plan set in place within this department to include mapping the project, preserve information. A forensic analysis and a recovery plan can help in achieving recovery time objective (RTO) by streamlining the process activities and reducing unnecessary processes. As mentioned above by having a plan, this will tell your employees what to do and or not to based on their abilities and job description.
With each plan it should include project conceptualization, which is defining a problem and evaluation of the risk and controlling this situation to eliminate additional risk and to ensure that future risk will not occur by the same way. Business Impact Analysis => Developing Business Continuity Strategies => Emergency Response and Operations +> Developing and Implementing Business Continuity Plans => Awareness creation and Training Programs => Exercising and Maintaining Business Continuity Plans => Public Relations and Crisis Coordination => Establishing framework for coordination with external entities.
As we talked about different teams above, this is very important tool. While one team is focus on recovery, the other team should be focus on collecting and managing the process to get the company back in operation. Each team should focus on the strength of each employee and that which role they will pay in a disaster recovery.
Anti-forensic efforts make forensic experts have a difficult time in performing forensic audits. To ensure that they won’t have a difficult time we should follow a few steps as well as additional training, documentation of what this role will play during a recovery situation. This information passed on to key players should help this team to do their job and then hopefully have that process move just a bit quicker. This training can include a walkthrough the system and its functionality as to how it works so that they have a better understanding of how to develop and counter anti-forensics for the system.
Knowing what the Anti-forensic team does and what information is needed to perform their job duties is important as well during this training you should include ethical and non-ethical behavior on your computer. This can expel the curiosity of an employee to not go or try to access information where he/she shouldn’t go. You can call it computers 101 or the do’s and don’ts training of an operation of a computer. This training should be conducted once a year and case of an update that needs to be done during the year, policies change and or just a refresher just in case we get lack in our work habits. This will also help indoctrinating the new employees to ensure that there are no performance and effectiveness gaps when they get access to the organization’s systems.
Arduini, F., & Morabito, V. (2010, March). Business continuity and the banking industry. Communications of the ACM, 53(3), 121-125
Business Continuity Maturity Model - dodcoop.com. (n.d.). Retrieved from
Certification - DRI - Disaster Recovery Institute. (n.d.). Retrieved from
Dahbur, K., & Mohammad, B. (2011). The Anti-Forensics Challenge. Proceedings from ISWSA '11: International Conference on Intelligent Semantic Web-Services and Applications. Amman, Jordan.
Nemati, H. R. (2008). Information security and ethics: Concepts, methodologies, tools and applications. Hershey PA: Information Science Reference
Maloof, M. A. (2006). Machine learning and data mining for computer security. Methods and applications, London: Springer
Warkentin, M., & Vaughn, R. (2006). Enterprise information systems assurance and system security. Managerial and technical issues, Hershey, PA: Idea Group Pub