Information Security Lab Design Project, Case Study Example

Abstract

Information security management has become extremely prevalent as more and more of individuals information and vital data is stored, transferred and used in information technology systems. With the ease of access and use of personal information there is also a rise in the need for laws and regulations governing the use, access and security of that data. Accompanied by the laws and regulations there are also specific techniques and best practices that can be implemented at each level of access to mitigate the risk of security breach and provide control over the integrity of the information. Each area of information security has specific focal points for ensuring data security and includes risk mitigation as a keystone to data integrity.

Information Security and Digital Forensic Evidence

Information security requires a high level of rigor regarding safeguarding the information, ensuring it is used appropriately and serves its intended purpose. To ensure that these key areas are focused upon there are rules, policies, regulations and laws that support the environment to create an environment that can adequately safeguard the private information. There are specific rules and regulations that govern specific subject areas regarding areas such as patient information, employee data, demographics, credit card data, social security numbers, financial information, research and development, intellectual property and disclosure options to name a few (Cappelli, 2012). Data is a powerful tool and protecting that information falls into the responsibility of many parties. All the way from the individual making the transaction to the corporation that is utilizing that data to better serve their customer, each level must follow the regulations and comply with the laws governing information security.

Based upon these generalized requirements there is a need to design and build a digital forensic laboratory to ensure that if there was a breach there are actions that could create a risk mitigation opportunity that they are either stopped or an action plan is put in place. The laboratory will have a primary objective of the forensic laboratory is to analysis data regarding digital forensic evidence. First and foremost it is important to understand the scope of the investigation. By answering “Who, what, when and where” the scope of the discovery will define itself. Knowing what data to use can be daunting with the amount of information flow that occurs in business today but knowing who is a great starting point. Data is created differently in different sections of business. Executives could create memorandums or other guidance documents in common office suites such as Microsoft Word or PowerPoint and a finance section may use entire enterprise suites in Oracle or SAP which include large databases. Knowing what type of data is needed will determine the best way to gather and process the data.Now the question of who and what data the question is where. The data could be stored on servers in the data center, backed up on personal computers, or on flash drives. The main portion of the where question is scheduling a Rule 30 (b)(6) for disposition of the subject matter expert on the most likely locations of the electronic data. Lastly the question of when needs to be answered. There are two parts to “when”. The first is “when does the duty to archive and keep data end and the second is when the data was created. (Llewellyn 2004).

Policies

All processes will be documented through-out the investigation. The investigation team will determine the scope of the investigation by answering the “who, what, when, and where”. All personnel performing the investigation will be trained on the policy and procedures for digital investigation. Only copied data will be assessed and examined when possible. Data integrity is of utmost importance and a data roll back plan will be in place with exact backups of evidentiary data.The number one goal for the entire examination team is to have little or no impact on the critical business data. As a subset to that goal it is paramount that there is no data damage or corruption throughout the entire process. This will be accomplished by have the proper examiners working the investigation. Utilizing the correct tools to perform the investigation as well as documenting every step of the process to know what has been done and what steps we took to accomplish each objective in the examination process. Strict policies and procedures for digital investigations are in place to set the standard for the examiners. Also, all examinations of data will be performed on a copy of the original information so that at no time would the manipulation of the original data be an issue. If at any time the business needs to roll back the data to an earlier time we have the policies and actions in place to roll back to specific points in time. A set of dedicated servers are in place to provide redundancy to the data integrity system so at no time would the investigation be performed on production (business use) servers(Carrier and Spafford, 2003).

Requirements, Budget and Cost Management

In order to a digital forensic laboratory it requires multiple layers of security, technology and safeguarding capabilities to ensure a redundant and secure system. The data integrity is paramount with any digital forensic evidence and the laboratory must be developed and implemented to ensure integrity, documented procedures, traceability into processes, duplication of data policies and the ability to revert or roll back their data (US. Department of Justice, 2004).Each layer of the laboratory and security measure provides its own unique strengths and weaknesses and each layer would complement the other layers weaknesses with their own strengths and vice versa. This in essence would create a nearly impervious security system which would negate risks to the network, information and other information technology systems. This umbrella of cohesive and conjunctive security layers will provide the confidentiality of information, the integrity of the data and the ability for the users to access the system as needed in a secure environment.

The laboratory would be laid out in different areas covering network, physical, system, data and employee security (Carrier and Grand, 2004). There is also an element of disaster recovery and failover associated with the laboratory and their operating procedures. The basis for the organization is that they are not a high level opportunity for a threat to attack, destroy, obtain or decrease the integrity of their data. The reality is that with the increased capability their opportunity for a threat grows exponentially. The forensic evidence could potentially remain under constant threat and risk. When transmitting new information that is highly guarded there is ultimately a requirement for new security standards. There will also be a requirement to consistently and repetitively complete risk assessments or audits on their security systems, policies or procedures. With each audit and review there are opportunities for growth within the security provisions of the company.

The budget for the project is based upon the developed requirements from the stakeholders, internal users, risks acceptance levels by the organization and policy and procedure compliance. Risk is the possibility of a deviation from the expected result. The ensuing result of the risk to the budget and project would be dependent upon the variables of the risk such as probability or likelihood of occurrence, level of deviation from the intended plan and the breadth or impact of the risk. Each would be measured, monitored and controlled through different types of risk mitigation. The budget is established by accumulating the project hardware and software purchases, effort to build and configure those items, project team effort including variable and fixed costs associated with completing the project. In calculating the budget there are three tools that must come into the plan in order to build the digital forensic laboratory. These tools include the Internet Evidence Finder, NetworkMiner and ACR’s Data Recovery tool. This is in addition to the servers and PC’s that are requirement to run and store the data. They were chosen based upon their focused efforts in research and recovery efforts on the internet, networks and data recovery and retention ability.

Privacy and ensuring the safeguard of individuals personal information takes on multiple facets of prevention, protection and mitigation. The information technology advancements coupled with the laws and regulations that govern our actions and how we treat data allows for the mitigation of risk and lessens the chance of compromised data.

References

Cappelli, P. (2012). How to get a job? beat the machines. Time: Business & Money. Retrieved: http://business.time.com/2012/06/11/how-to-get-a-job-beat-the-machines/

Carrier, B., & Grand, J. (2004).A hardware-based acquisition procedure for digital investigations.Digital Investigation Journal, 1, 3-13. Print.

Carrier, B., &SpaffordE. (2003).Getting physical with the digital investigation process.International Journal of Digital Evidence.Print.

Llewellyn, Virginia. (2004). Prepare for e-Discovery in four easy steps: identify the who, what, were, and when. Retrieved from http://apps.americanbar.org/lpm/lpt/articles/ftr07042.html

U.S. Department of Justice. (2004). Forensic examination of digital evidence: aguide for law enforcement. Retrieved from https://www.ncjrs.gov/pdffiles1/nij/199408.pdf