is3350 security issues in legal context unit 10
DESCRIPTION
IS3350 Security Issues in Legal Context Unit 10 Risk Analysis, Incident Response, and Computer Forensics. Learning Objective. Explain the importance of forensics Examination in legal proceedings. Key Concepts. Risk analysis Incident response procedures Disaster recovery plans - PowerPoint PPT PresentationTRANSCRIPT
© ITT Educational Services, Inc. All rights reserved.
IS3350 Security Issues in Legal Context
Unit 10
Risk Analysis, Incident Response, and Computer Forensics
© ITT Educational Services, Inc. All rights reserved.Page 2IS3350 Security Issues in Legal Context
Learning Objective
Explain the importance of forensics
Examination in legal proceedings
© ITT Educational Services, Inc. All rights reserved.Page 3IS3350 Security Issues in Legal Context
Key Concepts
Risk analysis Incident response proceduresDisaster recovery plansCybercrime investigations
© ITT Educational Services, Inc. All rights reserved.Page 4IS3350 Security Issues in Legal Context
EXPLORE: CONCEPTS
© ITT Educational Services, Inc. All rights reserved.Page 5IS3350 Security Issues in Legal Context
Key Elements of Risk Analysis
Form a team
•Form a risk assessment team
Define a plan
•Clearly define the risk assessment plan
Identify
key asse
ts
•Identify key and safeguard controls
Identify
threats
•Identify threats and vulnerabilities to assets
Use analysis
•Conduct quantitative or qualitative risk analysis
Document
•Document needed security controls
© ITT Educational Services, Inc. All rights reserved.Page 6IS3350 Security Issues in Legal Context
Contingency Planning
• Incident Response Planning• Disaster Recovery Planning• Business Continuity Planning
© ITT Educational Services, Inc. All rights reserved.Page 7IS3350 Security Issues in Legal Context
Computer Forensics InvestigationProcess for examining data from electronic
devices Discovery of evidence for a particular event
or crimeUse of specialized software and tools Collect and interpret stored digital evidence Collect and interpret evidence in transit
between electronic devices
© ITT Educational Services, Inc. All rights reserved.Page 8IS3350 Security Issues in Legal Context
Areas of Computer Forensic Investigation• Media analysis
• Collect and examine data stored on physical media • Computer systems and mobile storage devices
• Code analysis • Review programming code for anomalies • Discover malware added to cause harm or steal
information
• Network analysis
• Collect and examine electronic data transmission• Identify communication from one electronic device to
another
© ITT Educational Services, Inc. All rights reserved.Page 9IS3350 Security Issues in Legal Context
EXPLORE: PROCESS
© ITT Educational Services, Inc. All rights reserved.Page 10IS3350 Security Issues in Legal Context
Digital Evidence Recovery Procedures
Protect the data on any electronic deviceAvoid deleting, damaging, or altering dataMake exact copies of electronic data
without altering the original deviceDiscover normal, deleted, password-
protected, hidden, and encrypted files
© ITT Educational Services, Inc. All rights reserved.Page 11IS3350 Security Issues in Legal Context
Digital Evidence Recovery Procedures
Create timelines of electronic activity Identify files and data that may be relevant
to a caseFully document all evidence-collection
activitiesProvide expert testimony on the steps
taken to recover digital evidence
© ITT Educational Services, Inc. All rights reserved.Page 12IS3350 Security Issues in Legal Context
EXPLORE: ROLES
© ITT Educational Services, Inc. All rights reserved.Page 13IS3350 Security Issues in Legal Context
Computer Forensics Examiner
Finds and collects evidence on electronic devices
Works on civil and criminal cases.Collects evidence in a scientific manner Understands and uses specialized
technologies, hardware, and software
© ITT Educational Services, Inc. All rights reserved.Page 14IS3350 Security Issues in Legal Context
Traits of a Computer Forensic Examiner
• Sound knowledge of various computing technologies and operating systems
• Competent in scientific method • Ability to conduct repeatable and verifiable
examinations• Understanding of the laws of evidence and
legal procedure
© ITT Educational Services, Inc. All rights reserved.Page 15IS3350 Security Issues in Legal Context
Traits of a Computer Forensic Examiner• Ability to access and use computer forensic
tools • Detailed record-keeping • Adept reporting skills • Capable of documenting procedures for
collecting evidence• Communication skills to explain in simple
terms what was discovered in the examination
© ITT Educational Services, Inc. All rights reserved.Page 16IS3350 Security Issues in Legal Context
Summary
Risk analysis Incident response procedures Disaster recovery plans Cybercrime investigations