Cybersecurity

The word Cybersecurity is thrown around so much these days it has almost become overused in many conversations. This is due to the vast number of topics associated with its meaning. So how can we define it better? Traditionally Cybersecurity has described as a process for securing information or assets owned by governments, organizations, and individual people. The term itself can be considered a discipline that drives security initiatives and categorizes risks, vulnerabilities, and threats. (Assante & Tobey, 2011) describe Cybersecurity as people (both defenders and attackers), engaged in a contest of playing out on a field of information systems and technology. Cybersecurity influences organizational processes, policies and overall strategy through principles and frameworks. This better informs and fosters the awareness of threats, management of risk, and development of resilient multi-layered security systems. Homeland Security describes the importance of cybersecurity in protecting infrastructure that is vulnerable to a wide range of risk stemming from both physical and cyber threats and hazards (“Cybersecurity Overview,” n.d.). These threats can include internal personnel within an organization, external people, and natural threats such as electricity outages. Within the organization, employees are typically categorized as the highest threat. ...

The term asymmetric refers to an unequal balance or when thinking about threats, an unfair advantage to the perpetrator. Phillips, A (2012) provided an excellent overview of what an asymmetric threat is. He described attacks of this nature to be undetectable, and once occurred, impossible to determine its origin. Rubin (2007) further elaborates on this concept by defining the term asymmetry as that which focuses on placing one strength against an adversary’s weaknesses, even when the overall forces may favor the adversary. This is opposed to traditional combative threats, which require much more planning, financial means and well-coordinated execution through military groups. ...

The purpose of business continuity planning is to ensure continued operations of an organization in the event of a catastrophic event, whether this may be a natural disaster or something more sinister. In recent years, we have seen the increase of cyber-attacks and breaches to the point that they have become common news worldwide. As systems have grown in complexity and capacity to store large amounts of data, so too has the appeal of targeting such systems by cyber criminals. In order to meet these challenges head on, business organizations must adapt and implement a comprehensive business continuity plan. Cerullo and Cerullo (2004) describe a business continuity plan as dynamic and evolving as the business environment changes and its dependency on advanced technology changes. They go on to describe three interdependent objectives which include identification of major risks, development of a plan to mitigate or reduce impact of risks, and testing and training. While there is no single recipe to the ideal continuity plan, stakeholders across the organization must play a role in building out a framework for business continuity management that can be used to mitigate major risks while maintaining ‘business as usual’ in the event of a disaster. ...

This article provides an overview of four different data sources used in various forensics investigations. The first source includes system log files containing system logs within the operating system as well as an overview of some tools that can be used in order to effectively understand these logs. File systems are also discussed including the effectiveness of metadata and their overall relevance to an investigation or analysis. The third source involves intrusion detection and prevention systems that give a greater overview of traffic at the network layer. Finally, the most volatile of data sources, memory is examined in depth along with the impact such data may have on an investigation. ...

Business continuity planning in any organization today must incorporate aspects of computer forensics in order to be sustainable. According to Majore, Yoo & Shon (2014) in their article on secure and reliable electronic record management, over 90% of records created today are electronic. In addition to this electronic records require a greater amount of maintenance due to their volatility and dependence on reliable hardware and software. In continuity planning, organizations must face these challenges head on and prepare strategies that integrate digital forensics disciplines into their underlying processes. ...

Computer forensics can play a vital role in an organization’s recovery from a cyber attack. By properly following forensics processes carefully in the aftermath of an attack, recovery can begin to play out. According to Čisar & Maravić Čisar (2012), in accordance with digital forensic analysis methodology three processes are essential, which include preparation, identification, and analysis. It is during these processes that a post-mortem analysis occurs including file system, event logs, and recovery of deleted files. ...

Malicious code detection is an ongoing obfuscation-deobfuscation game because of the nature of the malware or goals of the attacker. Detection of malicious executables known to an investigator is usually performed using signature-based techniques. In their forensic research article, Rozenberg, Guides, Elovici and Fledel (2010) made the point that obfuscated or encrypted files could not easily be detected this way. Instead they recommended a behavioral approach to real time detection. As hackers continue to find new and more advanced techniques to encrypt and hide malicious code, security personnel will have to continue to upgrade their skills and toolsets used in investigations, resulting in an ongoing obfuscation-deobfuscation game. ...

Remote Access Trojans have become a serious security concern as hackers have developed more sophisticated code that can be installed and hidden on a target system, unknown to the user. According to UMUC (n.d.) Remote Access Trojans are a form of backdoor that can provide unauthorized access and use of digital assets on a victim’s computer system. It essentially masquerades as a legitimate application. They allow hackers to perform a number of malicious tasks such as stealing information from a system, or installing other malicious software. ...

Testifying and writing a report are both essential ingredients to a successful digital forensics investigation. Digital forensics personnel will potentially spend months of time working with complex data and processes. The delivery and result of this work is reflected in the forensics report and then ultimately testified in court. Cohen (2012) discussed the report as integral to the overall investigation. Evidence, analysis, interpretation, and attribution, must ultimately be presented in the form of expert reports, depositions, and testimony. The report will present the data captured during the investigation in a way that can be communicated with other people. In addition to this, it serves as a living record that will be referenced and updated throughout the investigation. ...

The terms risk, vulnerability and threat are often confusing and sometime interchangeable leading to a lack of understanding when presenting evidence. Risks are usually based on a probability that a threat of some kind will exploit a vulnerability or weakness in a system or network. In recent years risks have been taken more seriously with many businesses that conduct online activities. Vulnerabilities as mentioned above are typically weaknesses that can be exploited by an attacker. This can include anything from poorly configured software and firewalls to badly written pieces of code that can affect secrecy, integrity and control of data and functionality within a system. Bergeron et al. (2001). ...