Upload
theodora-woods
View
222
Download
2
Tags:
Embed Size (px)
Citation preview
PPB Forensics – May 2010
IP TheftIT Forensic Solutions
Chris HatfieldSenior Manager, IT Forensics
Risk Management
The process of determining the maximum acceptable level of overall risk to and from a proposed activity, then using risk assessment techniques to determine the initial level of risk and, if this is excessive, developing a strategy to ameliorate appropriate individual risks until the overall level of risk is reduced to an acceptable level.
http://en.wiktionary.org/wiki/risk_management
Security Triad
Security Triad
Authentication
Layer 1
Layer 2
Layer 3
Sources
A CB
Mobile Devices
A E
G I
C
M ON
B
F H J
K L
D
Hard Copy
BA C
Web mail, mail clients and mail servers.
Email Communication
B CA
Local, Remote and Hosted.
Data Locations
BA C
Pro-Active Solutions
Pro-Active Solutions
• Data transfer restrictions• Internet Logging• Personal email restrictions• Disable unnecessary media connections (USB/CD)• Monitor USB connections• Restrict working hours on IT equipment• Monitor/log printing habits• Monitor customer relationship software• Restrict access to only data they require access to• Log user activity• Keep reliable backups• Multi user authentication
Re-Active Solutions
POLICE POLICE POLICE POLICE POLICE POLICE POLICE POLICE POLICE
Re-Active Solutions
• Control crime scene• Equipment• Locations• People
• Contain evidence• Forensic image• Backup tapes• Physical segregation
• Evidence continuity• Do not touch original• Document all actions
Re-Active Solutions
• Conduct Forensic Analysis• Time of compromise• Extent of compromise• Threat assessment• USB access lists• Internet activity• Events timeline• Personal email activity• Business email activity• Printing activity• File access
Questions
PPB Forensics – May 2010
Joe DicksPartner, Melbourne
03 9269 4209 [email protected]
Phillip RussoDirector, Perth08 9216 7634
Andrew McLeishSenior Manager, Melbourne
03 9269 4276 [email protected]
Chris HatfieldSenior Manager, Sydney
02 8116 [email protected]