Key Topics
Requirement
Incident Response and Forensic Analysis
Solution
Introduction:
In this Assignment, we will learn Incident Response and Forensic Analysis and bring out the implications of the various suggested measures provided by several reliable resources and provide a detailed conclusion about our findings.
Incident Response and forensic analysis:
It is a response and analysis by the organization to attacks by intruders in order to neutralize the negative impacts it causes to the overall business of an organization. Every organization operating effectively is vulnerable to cyber attacks intended to inflict damages on the organization. The attacks are aimed at reducing its overall capability and to gain from the losses suffered by that organization. It is a well accepted fact that popularity of an organization is directly proportional to its vulnerability to cyber attacks, therefore every organization should have a proper Incident response and analysis measures to negate such attacks.
Under the current global scenario with highly deterring cyber laws existing world-wide, the cyber attacks in general are not pursued by an organisation to another organisation. But with ever increasing various methods to avoid identification it cannot be neglected, more so because of inter- organizational rivalries. Organization may or may not be involved in such attacks is not the actual concern as most of the cyber crimes are committed by expert individuals to demand ransom with threats that the information collected will be exploited in future. Secondly, in most of the cases these are done to directly inflict financial losses and many other damages such as loss of customers or client in which there may be gains for other rival organizations.
In most of the cases the response is restoration of the system to prevent attackers from fulfilling his or her objectives which leads to many complications, such as “data alteration” “regrouping” etc. By doing this productivity is restored but future attacks are not deterred which may results in loss if long term is taken into consideration. This is a traditional method where the organisation takes defensive approach and thus leaves no or very little scope for legal prosecutions under cyber law. Whereas some organisation resort to collecting forensically sound network data for legal proceedings, which can be regarded as an offensive approach aimed at pursuing legal proceedings against the attackers. But this approach also holds certain disadvantages as the attackers may be too ordinary a person to be tried by an organisation. On successfully convicting such intruders an organisation does not really give itself any considerable benefit. It rather becomes like the old saying “ Cut the entire mountain only to find a rat ”.
But overall under the current global information technology scenario the restoration is not preferred as the number of attacks is increasing and every day new methods are being innovatively found and deployed to attack and this has made every organisations vulnerable.
So there are various approachable methods suggested by various agencies to tackle the complexity of the issue relevant to present and ever changing scenario. Those are the prescribed methods provided in detail in their respective Journals or Documents which can be studied to develop idea about the topic. Here we are concerned only to provide implications by taking examples of three of them. For this We have chosen the methods suggested by “ National Institute of Standards and Technology” and a Journal suggesting measures by preparing “ Network Forensic Readiness” and we are going to bring out the implications of their work about what they want to suggest. The point taken for implications below are based on my knowledge and some personal experience on “What affects an organisation most regarding this security threat” which may vary from person to person.
Implications of NIST and the above mentioned Computer Journal
NIST suggests the integration of information security into System Development Life Cycle (SDLC) from the inception of the system for early identification and reduction of severe security related drawback. This provides lower security control implementation cost which can be considered a good approach keeping in mind the cost effectiveness it presumably provides. This system of integration has other advantages like it -
-
Provides awareness related to potential engineering changes which is often takes place when security controls become obligatory.
-
Helps identify shared security services and redeployment of security tools and strategies resulting in reduction of development cost and schedule which improves security related posture.
-
Facilitates informed executive decision making via comprehensive management of risk.
-
Helps in documenting important security related decisions which ensures management that security was never compromised .
-
Helps improve organisation to make its customer feel confident for facilitating adoption and also further promotes government agencies to invest in the organisation.
-
Lastly it improves the interoperability of systems and its integration.
The above suggestions by the NIST if analysed properly can benefit organisations because some of the advantages mentioned in it are must haves with the rapid growth in cyber crimes. The confidence of customers in an organisation is the most vital thing as retaining customers nowadays is not an easy task. A company can lose its clients for many reasons but losing clients for security related loopholes can be very drastic because under such cases regaining the confidence of customers becomes an uphill task. So proper integration can be advantageous as security related fears within the organisations does not enable it to work in an effective way. The other advantages such as public sector investment is vital for every organisation to keep growing since the investments coming from the public sectors are in general of huge amount without which companies’ overall growth prospect gets hampered (NIST, 2008).
The above-mentioned Computer Journal highlights the following concerns found in organizations in adopting a forensically sound data analysis for the legal proceedings:-
-
Organizations reputations: Almost every organization fears for the loss of its reputation once the intrusions become public because nobody likes to trust an organisation which has been found to be vulnerable in terms of security related things which is the most important criteria especially in the field of IT Any disclosure of security vulnerabilities damages reputations severely and gives significant advantages to rival organisations ready to pounce upon with ever increasing competition limiting scope of any minor faults.
-
Loss of share prices: Any public disclosure of cyber attacks to a company may bring the share prices fall like nine pins affecting it adversely which becomes irreparable in most of the cases. Even if repaired the recovery takes really long process and also consumes lots of time.
-
Loss of revenue: This is off course the result of the first two above mentioned points and loss of revenues inflicts severe damages.
-
Seize by Governments: Organisations fear that their security vulnerability once made public will lead to Government intervention as every organisations are under the purview of their governments of the state.
This paper has highlighted that approaches used currently for forensic evidence are not good enough in handling the ever growing cyber crimes and attack. It suggests greater efficiencies should be adopted by organisations to handle it and that it (handling cyber offences) has become more of an art than science. The person involved in analysis has to be proactive through research on various new methods used by the attackers. The analysis thing has no more remained as a designed method as the culprits explore various new measures which demands innovation on part of the person involved in tracking the individual who intrudes. Those new methods found should be applied every time after analysis of the initial data required to detect the attackers for effective legal proof. The prosecution and proving of offences of the offender in court then becomes relatively easy. The journal suggests to maximise the importance of collection of forensically sound information. As per the claim of the “Journal” adopting its measures decreases too much reliance on skilled individuals. It calls for design or enabling of systems for capturing forensic evidences beyond their existing potentials. It also suggests the implementation of ideas endorsed in the “ Journal” put after case studies of two cyber crimes, one that happened in New Zealand and another was related to Russia which was successfully solved. It claims that the theoretical framework presented in the journals can be useful to collect forensically sound data (Deborah A. Frincke, 2007).
There are also several other cases seen in blogs by various persons. They were involved in the process of incident response where they complained that sometimes they find it problematic in attributing the crime to the offenders because of the complexities involved. In many cases they are obstructed by various operations taken by the intruder using various source. They also brought into light the fact that collection of proper forensic evidences involves complications and also consumes lots of time. The time factor and the complexity enables the offenders to become aware. The moment they become aware they either cleverly come up with another measures or stop pursuing intrusion to protect themselves from being prosecuted and convicted. Some of the blogs mentioned the absence of transparent laws in the countries from where the intruders operate (ORLANDO DOCTRINE, 2015) .
Conclusions
After having done the project I have come to conclusions that incident response and forensic analysis is a really uphill task. It is because every method of analysis challenges the intruders to come up with newer methods to successfully pursue their objectives aimed for personal gains or for damaging the reputation of the targeted organisation. On the other hand the restoration of system if adopted regularly can send signals that the organisation is a reactive one which is by any means not acceptable to its client. This policy of restoration also burdens the organisation with extra loads of managing the data again and also gives the offenders free license to pursue their immoral activity. The intruders then work fearlessly knowing very well that they are never going to face prosecution which motivates them more to come up with innovative methods of attacking where an organisation at some point of time may not be able to detect attacks even to pursue restoration. The suggestions by NIST for integration of information system into system development life cycle from its inception seems a very good idea as it has been prepared by NIST and U.S department of commerce. They are the people with high efficient knowledge which they gather through various research works compiled by their team consisting of highly knowledgeable professionals for various aspects of security system. The Journal study reflects the pro activity of the team in getting their cases solved successfully .Other suggestions by the journal enabling of systems for the purpose of capturing foreign evidences can be also considered and the enabling should be done by techies proficient in the field. For effective business you need effective secured system and with the globalisation of Business no organisation can escape the loss due to security failures and every organization should be ethical in this regard even if the need arises to help rival organisations in tracking the intruders. By studying the Journal paper it is evident that tracking the offenders can be of no use if there is no proper cyber law for legal proceedings, so having effective cyber law is the last and the most significant criteria for booking the offenders under law. This laws always acts as a deterrent in most of the cases as the intruders and offenders fear that they may have to serve themselves behind the bar.
Place Order For A Top Grade Assignment Now
We have some amazing discount offers running for the students
Place Your OrderWorks Cited
-
(2008, OCTOBER). Retrieved NOVEMBER 2, 2015, from NIST: http://csrc.nist.gov/publications/nistpubs/800-64-Rev2/SP800-64-Revision2.pdf
-
Deborah A. Frincke, C. A. (2007). A Theoretical Framework for Organizational. JOURNAL OF COMPUTERS , 11.
-
ORLANDO DOCTRINE. (2015). Retrieved November 2, 2015, from orlandodoctrine.com: http://orlandodoctrine.com/