Data and Information Security Issues, Essay Example

Introduction

Information technology security is whereby access to sensitive information of an organization is controlled. Organizations all over the world have embraced information technology security as the use of IT grows in different parts of the world. IT security has however become a major challenge and concern as firm strive to maintain secrecy in their transactions, integrity and making information available when required (Oliva, 2004). Today, organizations are faced with the challenge of hackers and naïve users of information technology. Use of company’s laptop at home by employees for individual gain exposes the system to all manner of malware especially when using common browsers whose security details have not been upgraded. Companies should therefore restrict the use of the corporation’s laptop at home and for personal interest (Whitman & Mattord, 2012). Organizations have also invested heavily in the latest software and upgrade on their systems to stay ahead of potential hackers and web attacks.

Information technology breach is a sensitive issue, and whenever such a breach occurs the following approach should be implemented:

Change password

The forensic investigator should ensure that he changes the password before anything else. This is only possible if the hackers failed to change the password (Oliva, 2004). The password should be stronger and least predictable.

Report the bug to the service provider

The investigator should report this incident to the service provider who could advice on security measures to taken as well as identify the source of the attack and the extent of damage caused.

Notify your contacts

The account holder should inform all his contacts about the incident and ask them to ignore any information they received between certain periods (Slay & Koronios, 2006).

Do a computer scan

Using an up to date antivirus, the forensic investigator should scan for any viruses or malware left behind by the wizards and permanently eliminate them from the system.

Change personal settings

The investigator should review his personal settings and change the most predictable ones. He should ensure that a secret address has not been created that can be used to forward his information.

Change security details of other sites

If the account shares password or details with some other account, these details should be changed to reduce the vulnerability of more attacks (Khadraoui & Herrmann, 2007).

However, when the attack is still ongoing, the forensic specialist should:

• Conduct a risk assessment procedure
• Install a capture device
• Activate the collection script
• If completed, remove the device
• Verification of data and power off procedure

The forensic investigator is also expected to take due diligence when investigating the information technology crime. Some of the steps he/she should take for a comprehensive investigation include:

• The forensic specialist should first obtain a permit to search the premises where the crime is suspected to have occurred
• The forensic specialist should ensure that the crime scene is well guarded so that the evidence available is not interfered with (Whitman & Mattord, 2012). This also ensures nothing malicious is brought in the crime scene.
• The specialist should ensure all items seized from the crime scene are well documented in order to account for all items picked from the crime scene.
• Packaging and tagging of the seized equipment then transporting them to the forensic
• Use of sophisticated forensic instruments and tools to extract e-evidence that is used to develop a forensic image.
• The forensic specialist then interprets the information obtained, and comes up with references based on them.
• Presentation of the evidence obtained in a way that is understandable by an ordinary person, and that can be easily read.

However, during the gathering of forensic information, the forensic specialist gathers data in order, which is the order of data loss. The order of volatility includes:

• File system information
• Network processes
• Memory contents
• Swap files
• System processes
• Raw disk blocks

A Technique that can be used in the extraction of volatile data is by saving the random access memory in a compact disk (Khadraoui & Herrmann, 2007). Numerous system files have special features like NTFS and ReiserFS that store a large quantity of the RAM data and these files can be re-integrated to restore the information that was in the RAM.

In the analysis and collection of the highly volatile data, the following should be considered:

• A photograph of the scene should be taken together with the computer.
• The screen should be photographed if the computer is powered.
• All cords should be labeled.
• All steps should be documented.
• Only live data should be collected.

However use of improper documentation and improper tools may render the evidence admissible (Whitman & Mattord, 2012). Improper use of the correct tools and leaving behind acquisition footprints can render the evidence useless.

Conclusion

Information technology security has become a major challenge in the business world. Organizations are trying to find a balance between the need to use information and security of the information. Companies are also investing in the latest software to prevent the frequent web attacks and hacking which have become the order of the day in the modern society.

References

Khadraoui, D., & Herrmann, F. (2007). Advances in enterprise information technology security. Hershey [Pa.: Information Science Reference.

Oliva, L. M. (2004). IT security: Advice from experts. Hershey [Pa.: CyberTech Pub.

Slay, J., & Koronios, A. (2006). Information technology security and risk management. Milton, QLD: Wiley.

Whitman, M. E., & Mattord H. J. (2012). Principles of information security. Boston, MA: Course Technology.