In today’s fast paced world, organizations have to rely more and more heavily on technology to remain competitive. Customers have come to expect organizations to have an online presence with professional looking websites, be able to respond quickly to online enquiries, have online chat functionality and have the ability to order online. Technology has become so integrated into people’s lives that they expect to have constant access to their personal emails and to be able to stay in touch with friends even during working hours. What does this mean for organizations? It means that they will face some kind of cyber-security incident and the reality is they are often unprepared to deal with the incident effectively. Organizations are aware they need to have firewalls in place, up to date anti-virus and the latest patches installed. However they often do not enforce their acceptable computer usage policy or give any thought to the control of USB devices that can be plugged into the network or mobile phones that may hold company data. In addition when an employee’s contract is terminated the organization often overlooks the need to quickly close down the employee’s user accounts which can include remote access to the network. Organizations have a legal and moral obligation to protect their customer’s personal information however data leakage remains one of the biggest problems they face in todays’ technological world. Computer forensic investigations require specialist skills which involves not just the preservation and identification of digital evidence but the correct interpretation of that evidence. When confronted with a forensic investigation, organizations initially tend to focus on the costs involved. Yes there is an up- front cost and depending on the complexity of the investigation and the number of computers involved, it can appear to be expensive. However consider the following: Evidence that can only be obtained by a forensic examination can often prove vital to the successful outcome of the investigation. A forensic investigation can often reduce the need for full legal action to be taken. A forensic investigation can save time resulting in a saving of money. When formulating an incident response plan, organizations should be building into that plan a forensic response. This may mean providing staff with computer forensic training, identifying computer forensic companies with the skills already that can assist, or a combination of both. In line with this, the Institute of forensics and ICT Security has organized a 5 days training in digital forensics so come and acquire practical skills on how to identify, collect, and preserve digital evidence with an emphasis on evidence collected from the Windows operating system. |