Cyber Forensics Assurance

As the usage of Cyber Forensics increases, so does the potential for errors in the practice of applying Cyber Forensic. Errors in opinions derived from faulty practices have resulted in grievous miscarriages of justice. However, utilizing the foundations of Information Systems Assurance and Information Quality, a solid foundation for improving the quality and effectiveness of Cyber Forensics can be derived. The foundations of Information Systems Assurance and information Quality provide a solid foundation for improving the current efforts in Cyber Forensics. With increasing computer and network systems usage as well as the increasing frequency of attacks on information systems, the need for controlling risks in information systems have become more apparent. Meeting that need, Information Systems Assurance has continued to evolve: from the CIA (confidentiality, integrity, and availability) into variations such as the five pillars (confidentiality, integrity, availability, authenticity, and nonrepudiation) and the Parkerian Hexad (confidentiality, integrity, availability, authenticity, possession, and utility). Also, with the continuing growth of information systems, the need for improving the quality of such systems has also evolved focusing on various components of information Quality (accuracy, relevance, consistency, timeliness and completeness). Utilizing the foundations of Information Systems Assurance and information Quality a model is derived for Cyber Forensics Assurance

The 2007 Analysis of Information Remaining on Disks offered for sale on the second hand market

All organisations, whether in the public or private sector, increasingly use computers and other devices that contain computer hard disks for the storage and processing of information relating to their business, their employees or their customers. Individual home users also increasingly use computers and other devices containing computer hard disks for the storage and processing of information relating to their private, personal affairs. It continues to be clear that the majority of organisations and individual home users still remain ignorant or misinformed of the volume and type of information that is stored on the hard disks that these devices contain and have not considered, or are unaware of, the potential impact of this information becoming available to their competitors or to people with criminal intent. This is the third study in an ongoing research effort that is being conducted into the volume and type of information that remains on computer hard disks offered for sale on the second hand market. The purpose of the research has been to gain an understanding of the information that remains on the disk and to determine the level of damage that could, potentially be caused, if the information fell into the wrong hands. The study examines disks that have been obtained in a number of countries to determine whether there is any detectable national or regional variance in the way that the disposal of computer disks is addressed and to compare the results for any other detectable regional or temporal trends. The first study was carried out in 2005 and was repeated in 2006 with the scope extended to include additional countries. The studies were carried out by British Telecommunications, the University of Glamorgan in the UK and Edith Cowan University in Australia. The basis of the research was to acquire a number of second hand computer disks from various sources and then determine whether they still contained information relating to a previous owner or if information had been effectively erased. If they still contained information, the research examined whether it was in a sufficient volume and of enough sensitivity to the original owner to be of value to either a competitor or a criminal. One of the results of the research was that, for a very large proportion of the disks that were examined, there was significant information present and both organisations and individuals were potentially exposed to the possibility of a compromise of sensitive information and identity theft. The report noted that where the disks had originally been owned by organisations, they had, in most cases, failed to meet their statutory, regulatory and legal obligations. In the third and latest study, conducted in 2007, the research methodology of the previous two studies conducted was repeated, but in addition to Longwood University in the USA joining the research effort, the scope was broadened geographically and the focus was extended to determine what changes had occurred in the availability of sensitive information might be occurring over time

Using journals to assess non-STEM student learning in STEM courses: A case study in cybersecurity education

Embry-Riddle Aeronautical University offers a minor course of study in cybersecurity as an option in our undergraduate Homeland Security program. Since the students are, by and large, social scientists, the focus of the program is to build hyper-awareness of how cybersecurity integrates within their professional aspirations rather than to provide cybersecurity career-level proficiency. Assessing student learning of the technical aspects cannot be performed using traditional tests, as they would not properly measure what the students are learning in a practical sense. Instead, we employ journals and self-reflection to ask the students to express and demonstrate their learning. Although somewhat harder to grade, the journals have huge benefits to the learning environment as well as to actual learning

The 2007 Analysis of Information Remaining on Disks Offered for Sale on the Second Hand Market

All organisations, whether in the public or private sector, increasingly use computers and other devices that contain computer hard disks for the storage and processing of information relating to their business, their employees or their customers. Individual home users also increasingly use computers and other devices containing computer hard disks for the storage and processing of information relating to their private, personal affairs. It continues to be clear that the majority of organisations and individual home users still remain ignorant or misinformed of the volume and type of information that is stored on the hard disks that these devices contain and have not considered, or are unaware of, the potential impact of this information becoming available to their competitors or to people with criminal intent. This is the third study in an ongoing research effort that is being conducted into the volume and type of information that remains on computer hard disks offered for sale on the second hand market. The purpose of the research has been to gain an understanding of the information that remains on the disk and to determine the level of damage that could, potentially be caused, if the information fell into the wrong hands. The study examines disks that have been obtained in a number of countries to determine whether there is any detectable national or regional variance in the way that the disposal of computer disks is addressed and to compare the results for any other detectable regional or temporal trends. The first study was carried out in 2005 and was repeated in 2006 with the scope extended to include additional countries. The studies were carried out by British Telecommunications, the University of Glamorgan in the UK and Edith Cowan University in Australia. The basis of the research was to acquire a number of second hand computer disks from various sources and then determine whether they still contained information relating to a previous owner or if information had been effectively erased. If they still contained information, the research examined whether it was in a sufficient volume and of enough sensitivity to the original owner to be of value to either a competitor or a criminal. One of the results of the research was that, for a very large proportion of the disks that were examined, there was significant information present and both organisations and individuals were potentially exposed to the possibility of a compromise of sensitive information and identity theft. The report noted that where the disks had originally been owned by organisations, they had, in most cases, failed to meet their statutory, regulatory and legal obligations. In the third and latest study, conducted in 2007, the research methodology of the previous two studies conducted was repeated, but in addition to Longwood University in the USA joining the research effort, the scope was broadened geographically and the focus was extended to determine what changes had occurred in the availability of sensitive information might be occurring over time

BLOGS: ANTI-FORENSICS and COUNTER ANTI-FORENSICS

Blogging gives an ordinary person the ability to have a conversation with a wide audience and has become one of the fastest growing uses of the Web. However, dozens of employee-bloggers have been terminated for exercising what they consider to be their First Amendment right to free speech and would-be consumer advocates face potential liability for voicing their opinions. To avoid identification and prevent retribution, bloggers have sought to maintain anonymity by taking advantage of various tools and procedures - anti-forensics. Unfortunately some anonymous bloggers also post content that is in violation of one or more laws. Some blogging content might be viewed as harassing others - an area known as cyber-bullying. Law enforcement and network forensics specialists are developing procedures called Counter Anti-forensics that show some promise to identify those who violate the law. However, these techniques must be used with caution so as not to violate the rights of others

INFOSEC: What Is The Legal Standard Of Care?

The convenience of conducting personal business in the comfort of one’s home attracts millions of individuals to shop, pay bills, and bank online. In the process, sensitive personal and financial information is disclosed and the exchange of this information creates a risk of identity theft. Providing effective cyber security is an issue with significant implications for companies.  Failure to provide adequate security for consumer information may subject a company to legal action by the Federal Trade Commission (FTC).  Information vulnerability, recent security failures and the standard of care are discussed

Employee Blogs: Protected Speech Or Grounds For Discharge?

Posting and reading blogs is one of the fastest growing uses of the Web.  Blogging gives an ordinary person the ability to have a conversation with a wide audience.  Dozens of employee-bloggers have been “dooced” (terminated) for exercising what they consider to be their First Amendment right to free speech.  An important legal issue with significant implications for both employers and employees is to what extent are employee blogs a form of protected speech.  The First Amendment, employment at will, and laws protecting employee speech are discussed.  Suggestions are made for procedures employees should follow to safely blog.       &nbsp

The 2009 Analysis of Information Remaining on Disks Offered for Sale on the Second Hand Market

The ever increasing use and reliance upon computers in both the public and private sector has led to enormous numbers of computers being disposed of at the end of their useful life within an organisation. As the cost of computers has dropped, their use in the home has also continued to increase. In most organisations, computers have a relatively short life and are replaced on a regular basis with the result that, if not properly cleansed of data, they are released into the public domain containing data that can be relatively up to date. This problem is exacerbated by the increasing popularity and use of smart phones, which also contain significant storage capacity. From the results of the research it remains clear that the majority of organisations and private individuals that are using these computers still remain ignorant or misinformed of the potential volume and type of information that is stored on the hard disks contained within these systems. The evidence of the research is that neither organisations nor individuals have considered, or are aware of, the potential impact of the information that is contained in the disks from these systems becoming available to an unintended third party. This is the fifth study in an ongoing research programme being conducted into the levels and types of information that remain on computer hard disks that have been offered for sale on the second hand market. This ongoing research series has been undertaken to gain an understanding of the level and types of information that remains on these disks, to determine the damage that could potentially be caused if the information was misused, and to determine whether there are any developing trends. The disks used have been purchased in a number of countries. The rationale for this was to determine whether there are any national or regional differences in the way that computer disks are disposed of and to compare the results for any regional or temporal trends. The disks were obtained from a wide range of sources in each of the regions in order to minimise the effect of any action by an individual source. The first study was carried out in 2005 and since then has been repeated annually with the scope being incrementally extended to include additional research partners and countries. The study in 2009 was carried out by British Telecommunications (BT) and the University of Glamorgan in the UK, Edith Cowan University in Australia, Khalifa University in the United Arab Emirates and Longwood University in the USA. The core methodology of the research has remained unaltered throughout the duration of the study. The methodology has included the acquisition of a number of second hand computer disks from a range of sources and determining whether the data contained on the disks has been effectively erased or if they still contain information relating to previous owners. If information was found on the disks from which the previous user or owner could be identified, the research examined whether it was of a sensitive nature or in a sufficient volume to represent a risk. One of the consistent results of the research through the entire period has been that, for a significant proportion of the disks that have been examined, there was sufficient information present to pose a risk of a compromise of sensitive information to either the organisation or the individual that had previously used the disks. The potential impacts of the exposure of this information could include embarrassment to individuals and organisations, fraud, blackmail and identity theft. In every year since the study started, criminal activity has also been exposed. As has been stated in the previous reports, where the disks had originated from organisations, they had, in many cases, failed to meet their statutory, regulatory and legal obligations

The Evolving Role of the Digital Forensics Expert: Protective Orders

AM Session The Evolving Role of the Digital Forensics Expert: Protective Orders Glenn S. Dardick, Longwood University, US

Introductions

Introductions by Glenn S. Dardick, Conference Chair and Director of the ADFS