About Expert
Traditional approach to Incident Response - A Boon or a Bane?
Digital forensics is a minor branch of forensics that deals with the process of uncovering and interpreting electronic data. Evidence, being the pivotal part of this branch is preserved in its most original form and is later used for the purpose of reconstructing past events. These evidences pave a way for identification of culprits that have caused the security breach and also the potholes of the organization that lead to such an unusual happening. The data collected in the process are later used in a court of law or simply as inoculums for other field investigations. Digital forensics has an evidentiary nature and for this reason pre evidences hold a first place in the process. (John J. Barbara, 2015)
The collected evidences are to be strong enough to bear the challenges during cross examinations in court. Hence, law enforcement plays an inevitable role in investigation processes in this field. Incident Response is nothing but a set of procedures that a technician follows in order to investigate a computer security breach. According to the researchers in the field, “Computer investigations more a lot have a fluid nature and hence Incident Response in such a field is not just about science but includes an artistic tinge too”. The response is carried out in response to a security attack and involves cautious steps to evaluate the actual cause of the incident and collect myriads of information (in the form of evidences) related to it. Security Breach here is nothing but any incident that simply results in unauthorized access of secured and private data or applications in the absence of the actual user.
In today’s challenging and dynamic world, there is no term such as Privacy. Security Breach being a primer stage of malicious security attack by any hacker, cracker or intruder needs a strong legal base for the verification of the incident and its associated offenders. In the traditional approaches, the incident response as a process included collection of forensically sound evidences that could be presented in the courtroom. The collection of these evidences was unquestionably a tedious cum unreliable process. The investigators worked round the clock to churn out insipid and shallow evidences that were not even accepted in the courtroom. This was not a regular event because some evidences formed a major part of the investigations. This increasing unreliability of the evidences caused the organization to develop a static aversion against legal options and courtroom complexities. The other related reasons were organizational reputation related issues resulting from such security attacks and the downsizing of firm’s resource with the advent of the investigation process. These complexities held-back the investigators to promote evidence-based examination of the attacks. As the evidences took the back seat, the organizations now-a-days began to follow an advanced approach of Incident response. (NIST, 2012)
This approach did not include any legal complexities and on occurrence of any security attacks the organization technicians started favoring network restoration process as rapidly as possible. They paid no heed in the collection of forensically sound information that could be later used in a courtroom as strong evidences. Such a modern approach is no doubt a swift one and is in compliance with the main motive of all the modern-world organizations which clearly states that- “the productivity of a firm can never be ceased as it ultimately aims to satisfy consumer needs”. But looking over the broader implications of completely ignoring the traditional approach of law enforcement, a company can never succeed if it fails to examine the root causes of its pitfalls. And to evaluate these impetus causes of security attacks one has to completely rely on strong forensic evidences. These evidences don’t only play a crucial role in accelerating the pace of current investigation, but also form a firm basis of investigation of any further attacks.
Legal complexities often require time, labor and ample of patience from all the participants. Apart from these abstract resources the real materialistic resources of a company are also kept on stake. The latter resources include company’s assets, revenues and shares in the market. Law enforcement has never been an economic process but still it top the priority list of all the rational and few modern thinkers. (Swauger, Pollitt, & Craiger, 2005)
The reason behind this could be the factual response it includes in its process along with the proper analysis of the evidences that avoids any future occurrence of such breaching. The law enforcement in collaboration with the current government legal policies of a country allows an organization to report such incidents in the courtroom and take the required legal actions against the intruders. The government agencies at the time of security attacks, provides a lot of assistance to organizations either in the form of monetary help or in a form of skilled professionals that carry out the investigation process in a more efficient way. A statistical report of the defense force intelligence unit of Australia has revealed that cyber attacks on Australian business and government has risen by 20% in the last year. (ADHIKARI, 2013)
This data quite clearly depict the urgent need of the firms to have a sound security basis and this type of security could only be a result of investigations that are carried out on the basis laws which always values evidences on top. The modern approaches, although promises a complete annihilation of current issues by a proper restoration of networks and creating a similar working environment that occurred before, yet it never promises to minimize the chances of recurrence of such attacks again. When an organization lay down policies for the betterment of its customers along with its employees, it keenly looks into the corporate working strategy and then includes the required legal objectives in it. On the other hand, if a company overlooks the legal policies of the prevailing government and simply hire private bodies as the investigators then there are sure chances of evidence loss or improper collection of information. As, each and everyone is considered equally before the law, hence there are minimum chances for the escape of the intruders. (Boddington, 2015)
The researchers now-a-days are arguing on both the available approaches of Incident Response. As already stated, incident response is the crucial event following the security attack and preceding the next possible security breach. The modern approach involves a hasty process of restoring productivity by restoring all the network functions. During this approach an investigator fails to recognize the available evidences and again faces subsequent attacks in following few days. (Laliberte & Gupta, 2004)
However, the traditional approach has a possible implication that it can minimize the recurrence of these attacks to 50% as the evidences available could be used as an effective learning for next attacks. An organization could not be simply forced back to revert from its modern approach to the traditional one of Incident response. However, it can rather be encouraged to include reformed objectives of the traditional approach that are in compliance with corporate working strategies of the company. Including this approach step by step in the strategies of a firm will eventually result in profitable outcomes. The modern approach also includes some abstract ideologies which deliberately fail when applied to real-world security attacks. This point could be supplemented with a fact that there is at least 1 data breach activity once in a week in Australia and the office of Australian Information commissioner was notified of 56 data breaches in the last financial year. (Timson, 2012)
These statistics show that even on adopting the advanced approach of Incident Response the country is still facing continuous security attacks. This not only shows the inefficiency of the current approach, but also a dire need of adoption of the reformed traditional approach. The possible reformations in the traditional approach could be minimizing the time allocation for evidence collection, avoidance of irrelevant evidences, allocating a pre-decided budget and resources to the data collection event and hiring of skilled professionals for quick and effective execution of the process. These reformations are to be amalgamated with common, obsolete objectives of traditional, law enforcement approach of incident response. This coalescence will form a sound forensic based data collection process for an organization which will be error-free and a potent one. The agencies involved in enforcement have evolved measures to combat with the after effects of security attacks as well as prevent these attacks at the time of their occurrence. When an organization fabricates its policies in compliance with the legal obligations of a country, then there are increased chances that the government will readily support the organization in times of crisis. Hence gaining a strong government support is yet another implication of adopting traditional, law enforcement approach. The government could also ask other strong private organizations to look into the matter and resolve it as quickly as possible. If the organization has global subsidiaries, the leading government bodies of the host country could convince other countries’ officials to aid the subsidiaries in best possible ways. (Noblett, Pollitt, & Presley, 2000)
Hence, although the traditional approach encompasses all sorts of time consuming and resource utilizing process yet it is far better than the modern productivity restoring approach which entirely eliminates the value of evidence collection and its usage in consequent security attacks. If reformed a bit then, there are increased chances of a reduction in recurrence of such attacks. The organizations could not spontaneously adopt this approach, but could be encouraged to adopt those reformed objectives that are in compliance with their current corporate strategies. All traditional aspects are never of substandard grade only if created, applied and maintained in an efficacious manner. The organizations can definitely rethink the implications of traditional, law enforcement approach to Incident response and digital forensics.
The collected evidences are to be strong enough to bear the challenges during cross examinations in court. Hence, law enforcement plays an inevitable role in investigation processes in this field. Incident Response is nothing but a set of procedures that a technician follows in order to investigate a computer security breach. According to the researchers in the field, “Computer investigations more a lot have a fluid nature and hence Incident Response in such a field is not just about science but includes an artistic tinge too”. The response is carried out in response to a security attack and involves cautious steps to evaluate the actual cause of the incident and collect myriads of information (in the form of evidences) related to it. Security Breach here is nothing but any incident that simply results in unauthorized access of secured and private data or applications in the absence of the actual user.
In today’s challenging and dynamic world, there is no term such as Privacy. Security Breach being a primer stage of malicious security attack by any hacker, cracker or intruder needs a strong legal base for the verification of the incident and its associated offenders. In the traditional approaches, the incident response as a process included collection of forensically sound evidences that could be presented in the courtroom. The collection of these evidences was unquestionably a tedious cum unreliable process. The investigators worked round the clock to churn out insipid and shallow evidences that were not even accepted in the courtroom. This was not a regular event because some evidences formed a major part of the investigations. This increasing unreliability of the evidences caused the organization to develop a static aversion against legal options and courtroom complexities. The other related reasons were organizational reputation related issues resulting from such security attacks and the downsizing of firm’s resource with the advent of the investigation process. These complexities held-back the investigators to promote evidence-based examination of the attacks. As the evidences took the back seat, the organizations now-a-days began to follow an advanced approach of Incident response. (NIST, 2012)
This approach did not include any legal complexities and on occurrence of any security attacks the organization technicians started favoring network restoration process as rapidly as possible. They paid no heed in the collection of forensically sound information that could be later used in a courtroom as strong evidences. Such a modern approach is no doubt a swift one and is in compliance with the main motive of all the modern-world organizations which clearly states that- “the productivity of a firm can never be ceased as it ultimately aims to satisfy consumer needs”. But looking over the broader implications of completely ignoring the traditional approach of law enforcement, a company can never succeed if it fails to examine the root causes of its pitfalls. And to evaluate these impetus causes of security attacks one has to completely rely on strong forensic evidences. These evidences don’t only play a crucial role in accelerating the pace of current investigation, but also form a firm basis of investigation of any further attacks.
Legal complexities often require time, labor and ample of patience from all the participants. Apart from these abstract resources the real materialistic resources of a company are also kept on stake. The latter resources include company’s assets, revenues and shares in the market. Law enforcement has never been an economic process but still it top the priority list of all the rational and few modern thinkers. (Swauger, Pollitt, & Craiger, 2005)
The reason behind this could be the factual response it includes in its process along with the proper analysis of the evidences that avoids any future occurrence of such breaching. The law enforcement in collaboration with the current government legal policies of a country allows an organization to report such incidents in the courtroom and take the required legal actions against the intruders. The government agencies at the time of security attacks, provides a lot of assistance to organizations either in the form of monetary help or in a form of skilled professionals that carry out the investigation process in a more efficient way. A statistical report of the defense force intelligence unit of Australia has revealed that cyber attacks on Australian business and government has risen by 20% in the last year. (ADHIKARI, 2013)
This data quite clearly depict the urgent need of the firms to have a sound security basis and this type of security could only be a result of investigations that are carried out on the basis laws which always values evidences on top. The modern approaches, although promises a complete annihilation of current issues by a proper restoration of networks and creating a similar working environment that occurred before, yet it never promises to minimize the chances of recurrence of such attacks again. When an organization lay down policies for the betterment of its customers along with its employees, it keenly looks into the corporate working strategy and then includes the required legal objectives in it. On the other hand, if a company overlooks the legal policies of the prevailing government and simply hire private bodies as the investigators then there are sure chances of evidence loss or improper collection of information. As, each and everyone is considered equally before the law, hence there are minimum chances for the escape of the intruders. (Boddington, 2015)
The researchers now-a-days are arguing on both the available approaches of Incident Response. As already stated, incident response is the crucial event following the security attack and preceding the next possible security breach. The modern approach involves a hasty process of restoring productivity by restoring all the network functions. During this approach an investigator fails to recognize the available evidences and again faces subsequent attacks in following few days. (Laliberte & Gupta, 2004)
However, the traditional approach has a possible implication that it can minimize the recurrence of these attacks to 50% as the evidences available could be used as an effective learning for next attacks. An organization could not be simply forced back to revert from its modern approach to the traditional one of Incident response. However, it can rather be encouraged to include reformed objectives of the traditional approach that are in compliance with corporate working strategies of the company. Including this approach step by step in the strategies of a firm will eventually result in profitable outcomes. The modern approach also includes some abstract ideologies which deliberately fail when applied to real-world security attacks. This point could be supplemented with a fact that there is at least 1 data breach activity once in a week in Australia and the office of Australian Information commissioner was notified of 56 data breaches in the last financial year. (Timson, 2012)
These statistics show that even on adopting the advanced approach of Incident Response the country is still facing continuous security attacks. This not only shows the inefficiency of the current approach, but also a dire need of adoption of the reformed traditional approach. The possible reformations in the traditional approach could be minimizing the time allocation for evidence collection, avoidance of irrelevant evidences, allocating a pre-decided budget and resources to the data collection event and hiring of skilled professionals for quick and effective execution of the process. These reformations are to be amalgamated with common, obsolete objectives of traditional, law enforcement approach of incident response. This coalescence will form a sound forensic based data collection process for an organization which will be error-free and a potent one. The agencies involved in enforcement have evolved measures to combat with the after effects of security attacks as well as prevent these attacks at the time of their occurrence. When an organization fabricates its policies in compliance with the legal obligations of a country, then there are increased chances that the government will readily support the organization in times of crisis. Hence gaining a strong government support is yet another implication of adopting traditional, law enforcement approach. The government could also ask other strong private organizations to look into the matter and resolve it as quickly as possible. If the organization has global subsidiaries, the leading government bodies of the host country could convince other countries’ officials to aid the subsidiaries in best possible ways. (Noblett, Pollitt, & Presley, 2000)
Hence, although the traditional approach encompasses all sorts of time consuming and resource utilizing process yet it is far better than the modern productivity restoring approach which entirely eliminates the value of evidence collection and its usage in consequent security attacks. If reformed a bit then, there are increased chances of a reduction in recurrence of such attacks. The organizations could not spontaneously adopt this approach, but could be encouraged to adopt those reformed objectives that are in compliance with their current corporate strategies. All traditional aspects are never of substandard grade only if created, applied and maintained in an efficacious manner. The organizations can definitely rethink the implications of traditional, law enforcement approach to Incident response and digital forensics.
References
• ADHIKARI, S. (2013, May 27). Data breaches leave the Australian public fuming. (B. S. Ltd., Editor) Retrieved from http://www.businessspectator.com.au/: http://www.businessspectator.com.au/news/2013/5/27/technology/data-breaches-leave-australian-public-fuming
• Boddington, R. (2015, March 15). Cyber CSI: the challenges of digital forensics. http://theconversation.com/. Retrieved from http://theconversation.com/cyber-csi-the-challenges-of-digital-forensics-37902
• John J. Barbara. (2015, February 17). Streamlining the Digital Forensic Workflow: Part 3. (L. Digital Forensics Consulting, Ed.) Forensic Magazine. Retrieved from http://www.forensicmag.com/articles/2015/02/streamlining-digital-forensic-workflow-part-3
• Laliberte, S., & Gupta, A. (2004, October 1). The Role of Computer Forensics in Stopping Executive Fraud. In A. Gupta, & S. Lalliberte, Defend I.T.: Security by Example (pp. 3-9). Retrieved from http://www.informit.com/articles/article.aspx?p=336258&seqNum=3
• NIST. (2012, July 16). Digital Evidence. (N. I. Technology, Producer) Retrieved from http://www.nist.gov : http://www.nist.gov/oles/forensics/digital_evidence.cfm
• Noblett, M. G., Pollitt, M. M., & Presley, L. A. (2000). Recovering and Examining Computer Forensic Evidence. (U. D. Justice, Ed.) Retrieved from https://www.fbi.gov: https://www.fbi.gov/about-us/lab/forensic-science-communications/fsc/oct2000/index.htm/computer.htm
• Swauger, J., Pollitt, M., & Craiger, J. P. (2005). Law Enforcement and Digital Evidence. National Center for Forensic Science & Department of Engineering Technology, Assistant Director for Digital Evidence. University of Central Florida. Retrieved from http://euro.ecom.cmu.edu/program/law/08-732/Evidence/Craiger.pdf
• Timson, L. (2012, April 30). One data breach a week: Australia. (T. S. Herald, Editor) Retrieved from http://www.smh.com.au/: http://www.smh.com.au/it-pro/security-it/one-data-breach-a-week-australia-20120430-1xulv.html
• Boddington, R. (2015, March 15). Cyber CSI: the challenges of digital forensics. http://theconversation.com/. Retrieved from http://theconversation.com/cyber-csi-the-challenges-of-digital-forensics-37902
• John J. Barbara. (2015, February 17). Streamlining the Digital Forensic Workflow: Part 3. (L. Digital Forensics Consulting, Ed.) Forensic Magazine. Retrieved from http://www.forensicmag.com/articles/2015/02/streamlining-digital-forensic-workflow-part-3
• Laliberte, S., & Gupta, A. (2004, October 1). The Role of Computer Forensics in Stopping Executive Fraud. In A. Gupta, & S. Lalliberte, Defend I.T.: Security by Example (pp. 3-9). Retrieved from http://www.informit.com/articles/article.aspx?p=336258&seqNum=3
• NIST. (2012, July 16). Digital Evidence. (N. I. Technology, Producer) Retrieved from http://www.nist.gov : http://www.nist.gov/oles/forensics/digital_evidence.cfm
• Noblett, M. G., Pollitt, M. M., & Presley, L. A. (2000). Recovering and Examining Computer Forensic Evidence. (U. D. Justice, Ed.) Retrieved from https://www.fbi.gov: https://www.fbi.gov/about-us/lab/forensic-science-communications/fsc/oct2000/index.htm/computer.htm
• Swauger, J., Pollitt, M., & Craiger, J. P. (2005). Law Enforcement and Digital Evidence. National Center for Forensic Science & Department of Engineering Technology, Assistant Director for Digital Evidence. University of Central Florida. Retrieved from http://euro.ecom.cmu.edu/program/law/08-732/Evidence/Craiger.pdf
• Timson, L. (2012, April 30). One data breach a week: Australia. (T. S. Herald, Editor) Retrieved from http://www.smh.com.au/: http://www.smh.com.au/it-pro/security-it/one-data-breach-a-week-australia-20120430-1xulv.html
Place Order For A Top Grade Assignment Now
We have some amazing discount offers running for the students
Place Your Order
Give your grades a boost
Just share your requirements and get customized solutions on time.
-
1,168,768 Orders
-
4.9/5 Overall Rating
-
5,052 Experts
+1-817-968-5551
+44-7480-542904
+61-488-839-676