+1-817-968-5551
+61-488-839-671
+44-7480-542904About Expert
Implications of rethinking the traditional approach to digital forensics
In today’s world of dynamic choices and responses, information security incidents tends to attack the organizational culture as well as corporate working strategy of even a strong and firm organization. These incidents make a firm to suffer staggering financial losses which not only dethrone a successful company from its leading position, but also make it equally hard to cope up from these losses. Looking at the theoretical aspect of incident response, the dictionary describes it as an organized approach to address and manage the aftermath of a security breach, attack or simply an incident. Traditional or advanced, both variants of incident responses are fabricated with an ultimate goal of laying down strategies that tends to limit the caused damage and focuses on reducing the recovery time and costs. N incident response in general includes a well planned policy, created, analyzed and maintained by the computer incident response team that defines the constituency of the security breach, the loopholes of the firm that led to this incident and finally the extent of the impact of the incident. (Grispos, Glisson, & Storer, 2014) This response lately laid down a step-by-step process that is to be keenly followed by the participants when an incident occurs and also just after it’s occurring. Talking about the team, apart from security and general IT staff it may also include representatives from legal, human resource and public relations department also. (Endicott-Popovsky, Frincke, & Taylor, 2007)
Writing Assignment and completing it on time is not an easy job. If you forget to write your assignment you can take urgent essay help from Allassignmenthelp.com. We are a team of professional assignment writers who are talented enough to deliver a plagiarism-free assignment within the given frame. On our website, the students can get information technology assignment help at a very affordable price.
For an incident response team, half of the battle is just to collect the relevant forensic data using the available networks. The technicians could precisely chose between gathering network data that is forensically sound and can bear the legal pressure or just restoring the network while ignoring all the complications of legal processes. With an advanced approach of incident response, the technicians, in order to avoid the implications of expensive labor and time consuming process, tends to support the process of the quick network restoring for swift restoration of productivity of the firm. The latter one may sound promising, but for a leading firm it is equally important to include law enforcements and other legal particular in alignment with its other corporate strategies. While looking over the available industrial reports of the country, for the last decade, a point has been made clear that the major problem with the incident response process these days entirely is due to the current linear plan-driven approach to tackle the security breach. (Kissel, et al., 2008) The traditional approaches that prevailed in the early days of security management valued containment which strictly analyzed the root cause of incidents and planned out simple cum economic measures to prevent its expansion or reoccurring. (Spencer, 2014) The arguments of the recent commercial deliberations reveal that the modern approach of incident response is quite cumbersome in application when it comes to handle real-world security incidents. Gathering network data that have a sound forensic base is a slow process with chances of ineffectiveness and also not providing enough insight into the actual cause of the incident. The advanced approaches focus entirely on eradication of the issue while denying the value of available evidence that may be required for subsequent legal actions. (Brandon, 2013)
The law enforcement process plays a dual role in security incidents. It has a role both in response to a security attack and also in the prevention of future occurrence of such dreadful incidents. In the former task, law enforcement plays a huge role in preserving digital evidence that can be used to track and identify the intruders allows a firm to take a relevant legal action against them as quick as possible. Also, the perpetrators are identified in order to determine the best possible and appropriate governmental response like demarche or prosecution, to the attack. In the latter task, the prosecutors and investigators are supplied with ample of trainings to discourage current and would-be intruders. (Crane, 2013) The legal activities also coordinate with firms to improve their security and intrusion detection capabilities. Law enforcement process at certain time fails to understand the intrusions but if the government equips these departments with skilled and talented professionals then this issue could easily be tackled.
Although not explicitly stated anywhere, yet rethinking the traditional, law enforcement approach to incident response and digital forensics seems quite propitious. The digital forensics emerged more than 20 years ago and from then till now this shift to digital society has raised myriads of concerns with privacy and security issues. Encompassing the most volatile technological aspects this element need to have a bunch of comprehensible tackling methods that is easy to create, implement and manage. (Bit9 Team, 2015) The results of such an approached could be just discussed theoretically because reverting back to traditional approaches from such an advanced platform is a prolonged process. The traditional law enforcement approach involves a concept of network forensic readiness (NFR) in which the credible digital evidences are collected from the environment as a part of the Incident response process. This collection aims to minimize the cost of the process and eventually improves the efficiency of the investigation. The cope up with the increasing aversion of leading firms to pursue legal actions, the firm could employ measures that will convert the traditional reactive incident process into a proactive one. A traditional reactive incident process is based on an assumption that nothing is going on until any security attack occurs and after resolving the incident it goes back to assuming nothing. This kind of approach will definitely not bear fruitful outcomes. Reforming it in a proactive one is a better choice. A proactive traditional approach involves continuous investigations irrespective of the occurrence of any incident. The technicians following this approach work 24 hours round the clock finding the best possible ways to tackle security attacks. (Larson & Bothe, 2011) They do not need any actual occurrences of a security breach as inoculums to their investigation process. Hence, this kind of proactive approach creates a sedulous technical workforce that is highly committed towards their work. Another point of interest that is worth discussing is that as law enforcement tends to consume the resources of a firm from starting of the investigation till the end, then why should an organization go for such tiresome and resource-consuming process. The answer to this query is again the same that this traditional approach values evidences and the security policies designed for the organization are keenly followed. (Harrell, 2015) The involvement of legal actions makes the investigation process a real one rather than the advanced approaches that ultimately yields abstract outcomes. These abstract outcomes could only be linked to the incident of which they are a part of and cannot be used to investigate the other associated attacks. Contrary, if the investigation process is carried out involving the legal practices, then the organization could use the obtained legal outcomes as learning about other security issues. The security policies of the organization created in compliance with the prevailing laws of the country provide numerous benefits to the organization at the time of digital security attacks. (INFOSEC Institute, 2014) In a law enforcement process, the evidences are collected by the local, county and state investigative agencies or rather by Prosecutors and the attorney general. The private people or agencies usually exempted from such a process. This strengthens the fact that the evidences collected are not abstract and they are quite strong. Useless private involvements also have a risk of loss of evidence at a crucial stage of investigation. Hence a law-abiding organization has numerous benefits over the others in competition. Enforcement agencies involve technologies that not only aim to solve the explosion of digital crimes, but also involve measures that have the capabilities to prevent these issues at the time of occurrence only. For better promising results, the security agencies in compliance with the local ruling government could incorporate quick and acceptable changes in the technical and legal abilities of law enforcement. (Kennedy, 2006) This pivotal step is to be taken in order to acquire and analyze the evidences in a better manner.
In the end, it could be concluded be precisely from the above gathered facts and discussions that as the security related issues have a strong impact on the working of an organization, hence it is imperative that the firm adopts best possible measures to eradicate the root cause of the prevailing issues. For this purpose, the firm definitely has to investigate, report and ultimately has to improve all security efforts. (National Institute of Justice, 2015) As the advance approach of the incident response tends to eliminate legal processes, the firm could revert back to the traditional approaches that place law enforcement processes and value of evidences always on the top. It would be definitely a lucrative as well as a wise step for a firm to adopt the traditional and law enforcement approach of incident response as the implications of such an approach is far promising than the modern ones. Legal practices eventually give a sound forensic base to the investigation process as it gives an utmost importance to the evidences and their role in eliminating the recurrence of these attacks. Although the traditional approach to these attacks may not always entertain the thinking and views of the technicians involved in the process, but quick reformations and adoption of periodic changes may definitely make it as the most preferred approach among all the available ones. Strong legal base can definitely strengthen an organization to incorporate policies that will equip its workforce to deal with any prevailing digital forensic security issue. If explored and applied well, a firm can tackle maximum of its security breaches on time and in a proposed budget. (Evidence Based Incorporated, 2012)
Place Order For A Top Grade Assignment Now
We have some amazing discount offers running for the students
Place Your OrderBibliography
-
Bit9 Team. (2015). Rapidly analyze, contain, disrupt and remediate attacks. (Bit9, Inc.) Retrieved from https://www.bit9.com: https://www.bit9.com/solutions/security-incident-response/
-
Brandon. (2013, June 28). When guns are outlawed…. The Network Use of Force Continuum. Retrieved from http://orlandodoctrine.com/?p=251
-
Crane, B. (2013, November 25). Digital Forensics: What's to Come? Digital Forensics. Retrieved from http://www.policemag.com/blog/technology/story/2013/11/digital-forensics-what-s-to-come.aspx
-
Endicott-Popovsky, B., Frincke, D. A., & Taylor, C. A. (2007, May). A Theoretical Framework for Organizational Network Forensic Readiness. JOURNAL OF COMPUTERS, 02(03), 1-8. Retrieved from http://www.academypublisher.com/jcp/vol02/no03/jcp02030111.pdf
-
Evidence Based Incorporated. (2012). Digital Forensics. Digital Forensics. Retrieved from http://www.ebinc.com/law-enforcement/digital-forensics/
-
Grispos, G., Glisson, W. B., & Storer, T. (2014). Rethinking Security Incident Response: The Integration of Agile Principles. University of Glasgow, Savannah, Georgia. Retrieved from http://arxiv.org/ftp/arxiv/papers/1408/1408.2431.pdf
-
Harrell, C. (2015, April 26). Making Incident Response a Security Program Enabler. Continuous Incident Response. Retrieved from http://journeyintoir.blogspot.in/2015/04/making-incident-response-security.html
-
INFOSEC Institute. (2014, march 06). Computer Forensics Investigation – A Case Study. Retrieved from http://resources.infosecinstitute.com: http://resources.infosecinstitute.com/computer-forensics-investigation-case-study/
-
Kennedy, D. B. (2006). Forensic Security and the Law. Retrieved from http://www.forensiccriminology.com/pdf/07HBSE_ch06_118-145_.pdf
-
Kissel, R., Stine, K., Scholl, M., Rossman, H., Fahlsing, J., & Gulick, J. (2008). I N F O R M A T I O N S E C U R I T Y. National Institute of Standards and Technology , Information Technology Laboratory . Gaithersburg: NIST. Retrieved from http://csrc.nist.gov/publications/nistpubs/800-64-Rev2/SP800-64-Revision2.pdf
-
Larson, R., & Bothe, J. (2011). 21st Century Incident Response. Tyrone: ISACA. Retrieved from http://www.isaca.org/chapters2/Pittsburgh/events/Documents/December%202011%20Security%20Conference/21st_Century_Incident_Response.pdf
-
National Institute of Justice. (2015, October 28). Digital Evidence and Forensics. Digital Evidence and Forensics. Retrieved from http://www.nij.gov/topics/forensics/evidence/digital/Pages/welcome.aspx
-
Spencer. (2014, january 23). Military Budget limits cyber weapons proliferation, except in legitimate BUSINESS SELF-DEFENSE. The Orlando Doctrine. Retrieved from http://orlandodoctrine.com/?p=291
Give your grades a boost
Just share your requirements and get customized solutions on time.
-
1,168,768 Orders
-
4.9/5 Overall Rating
-
5,052 Experts
