Computer forensic is an emerging process in the field of IT security. Although it is not very new, many businesses still do not comprehend its value and view it as a highly specialised field that is rarely used. However, banks can benefit from knowing more about computer forensic and how it can improve the bank’s IT risk management procedure.
What is involved in computer forensic?
Computer forensic is part of an incident response process. It is not about preventing security breaches. Instead, it is about keeping the scene of crime secure, and collecting and analysing digital evidence about how the security breach happened. This can be performed by the law enforcement cybercrime team, when an organisation reports a computer security breach. Otherwise, it can also be carried out by an independent consulting company specialising in the field. Using computer forensic does not need complicated IT infrastructure. All an organisation needs is a software designed to discover and save the detailed information of what happened during a security breach.
Do banks need to have a formal forensic investigation for every security breach?
There is no straightforward answer to this question. The decision to have a detailed analysis of the breach should not be left to one person alone, but should be discussed within the organisation. Not all security breaches are serious, but an organisation will not know this until it has conducted a thorough investigation. But regardless of whether the breach is minor or serious, the organisation must know what have been compromised, how the incident happened and how it can be prevented, to ensure that the security breach does not happen again.
Additionally, if an organisation decides to use computer forensic as part of its security compliance strategy, it should not be tapped as, and when the organisation feels it necessary, but a process has to be put in place, detailing when a computer forensic expert needs to be called in.
Types of breaches or cases that may require a computer forensics inquiry:
· SQL injection by attackers to an organisation’s web application to extract sensitive information
· Break-ins into unsecured wireless network and accessing the internal network
· Copying sensitive information to an external hard drive by a member of staff, with the purpose of taking it off-site and sharing it with a third-party
· Lost or stolen device with unencrypted data
Not all security breaches are evident, and it is imperative that banks must ensure that the absence of incident response procedure will not leave a gap in its security risk management and compliance policy.
By Our Staff Reporter