• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Computer forensics paradigm

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Computer Forensics and Incident Response

View previous topic :: View next topic  
Author Message
qazi
Just Arrived
Just Arrived


Joined: 23 Jul 2010
Posts: 0


Offline

PostPosted: Fri Jul 23, 2010 4:06 pm    Post subject: Computer forensics paradigm Reply with quote

i find myself in an awkward position working as a security engineer for my company. The reason for confusion and disarray is mainly due to the reason my company has recently decided to hire the consultancy of a computer forensics company to do their digital artifact identification and analysis.

This decision came when the company security department exists as an logical entity and is still working working on blue-prints and design to develop information security infrastructure for the entire organization. This includes risk analysis, vulnerability assessment and lot others sec assessment exercise(s). The department is not even mature to the point where it could afford additional task of computer forensics. So to me and my fellow engineers this came as a shocking surprise.

There is no existence of log motoring / auditing capability existing to facilitate such an effort. Even the basic level of log monitoring e.g local sys logs, syslog is not operating. Even more important there is no process defining incident response and reporting procedure.

In the backdrop of such disarrayed situation of security is calling the forensics guys a bit too early for the organization.? We are preparing a case for the management to disown and completely reject any proposal of adopting and exercising computer forensics capabilities at this point.

To what i heard that the company was able to convince the management by creating this security hype / scare that you network,services and system are under great threat and risk is all time high. Call it an effective sales pitch success or our senior mangers disillusioned state of security but they have some how miraculously convinced all concerned stakeholders to adopt their solution so they could mitigate those threats and make the organization risk free.

We have a meeting (internal) coming up in next time and we are been given the task by our manger to come up with strategies and good discussion point which we can be used to convince the higher management to dis-announce the entire idea of forensics analysis at this time.

How could you effectively handle this situation.?

1) could you guys provide me some architectural designs which would help me understand where the forensics lies in the entire security landscape for the organisation.

2)Does the realm of vulnerability and threat analysis comes under the realm of computer forensics. What i have heard that these guys would be carrying out some test which would help the organization to have an idea of their security posture / index. Explaining through digital artifacts the state of information and how is it possible to make use for possible exploitation.? is computer forensics eating their way out in domain vulnerability analysis and pen testing?

3) What are the list of prerequisite a company should have in place in terms of technology and standards before calling up computer forensics.

4) What are disadvantages for calling up forensics for an ill-prepared
company?

Other than these basic question kindly help with information which help me build my case make sure that considering i have to pitch my case with the management it doesn't have to be too technical for their appetite. TERMS like ROI and risk analysis would really hit home Smile

Thank you Kindly help
Back to top
View user's profile Send private message
srohrbach
Just Arrived
Just Arrived


Joined: 03 Nov 2010
Posts: 0
Location: San Diego

Offline

PostPosted: Fri Nov 19, 2010 9:11 pm    Post subject: Reply with quote

Sorry, no architecture to provide, but just some thoughts. I would do as your management has done, and perhaps only added a little more communication up front to you than you have indicated they provided. For many reasons I would have third party professionals who are not payroll employees as my eyes and ears. I have even advised managers to find these outside consultants prior to hiring system and security architects and sysadmins. I have also advised to use both stealth and plainly visible individuals on a case by case basis. I am a strong believer that security serves the business model. From your posting, it seems you are a very communicative person with a very high level of concern for security, a true professional. However, too many security people create ivory towers around themselves and try to change, alter or influence the business model too much or do not communicate from behind the locked gate of the tower. Also, I am a strong believer in auditing the system admins and architects, and then auditing the auditor. In most corporations, there is too much at risk to take anything for granted in information security.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Computer Forensics and Incident Response All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register