The problems of the modern day cyber security are as urgent as never before. With enterprises relying on computer and internet networks more and more often, IT security faces a significant number of issues. Researchers determine the nature of such problems in different ways. For example, Grau and Kennedy (2014) define such problems as “common threats faced today, such as malware, physical attacks, social engineering, social media, misuse, errors, and environmental effects” (p. 53). Moreover, the problems are approached from the perspective of their relation to different strata of society (e. g. citizens, governments, banks, and key infrastructures). The authors then note that the problems are caused by various “actors.” These are “the criminal,” “the hactivist,” and “the nation-state” (Grau and Kennedy 2014, p. 54).
Based on these findings, authors present the current trends and trends that are in development as of now. There are six current trends of interest. Firstly, the man-in-the-browser attacks, which are characterized by the criminal’s attempting to emulate a believable browser experience to gather information on security details (logins, passwords, etc.). Secondly, the ransomware is emerging; it is a malware that is embedded in the operational system as an anti-virus or any other type of malware protecting software. The goal of this malware is also to gather sensitive or compromising data. The third trend is the development of polymorphisms. This is a sophisticated malware that is generated for each user while remaining equal functionality-wise. Remaining trends drawn out by the authors include other types of malware (package exploit kits, new-generation botnets) and methods of causing network malfunctions (DDoS)
Other researchers focus on different topics; some may argue that these subjects are based on more general problems. Chin, Kaplan and Weinberg (2014) concentrate on the general problems that the current cybersecurity units face. These include insufficient cyberattacks protection, minimal efforts of improving cyber security in various institutions, and low engagement of senior leaders of public and private institutions in the problems of cyber security. Another article by Tisdale (2015) suggests that, despite the widespread problems which seem to take over the cybersecurity efforts, it is wrong to approach the solution search in technical, and information technology connected way. Instead, Tisdale argues, recent researches in cyber security call for a “comprehensive approach that considers business objectives, governance, and risk management along with organizational psychology and other factors such as those described in the Clinger-Cohen Act” (p. 191).
Thus, the trends may be perceived in different ways and via different approaches. Some argue that the cyber security efforts must be focused on fighting off the new-generation malware developed en masse by various criminals and criminal collectives across the world. Others call for developing a new perspective that would alter the approach to cyber security with taking different nuances into account. As of right now, there is no way to tell which approach will be the most beneficial one. However, while some tend to focus on developing the methods to fight off malware and cyber attacks, other researchers create new-generation tools that allow ensuring a higher quality of cyber security. For example, Fielder, Panaousis, Malacaria, Hankin and Smeraldi (2016) in their article provide “an analysis of a hybrid game-theoretic and optimisation approach to the allocation of an SME’s cyber security budget” (p. 22).
Another example of approaching cyber security is, for instance, an article by Craigen, Diakun-Thibault and Purse (2014) that has a goal of providing a more precise definition of what the cybersecurity must be. The authors conclude that “the more inclusive, unifying definition presented in this article aims to facilitate interdisciplinary approaches to cybersecurity” (Craigen, Diakun-Thibault & Purse 2014, p. 18). Thus, a more sophisticated theoretical approach is taken to represent the goals of cyber security. This allows for clearer understanding of the primary focuses that the cyber security units must preserve.
On the other hand, some researchers tend to concentrate on identifying practical approaches either undertaken by some organizations, or the approaches that are still being developed. For example, Nelson and Madnick (2017) provide a “list of approaches around cyber-security measurement and reporting” (p. 12). These approaches include measures of cyber-security compliance, tracking of risk based on business models, and cyber-risk activities tracking. Thus, it is evident that there is a focus on both theoretical and practical aspects of the problem. The question is, then, what approach to cybersecurity is the most beneficial one?
Research Model
The research model would include the evaluation of beneficial nature of current approaches to cyber security as a dependent variable. The independent variable would then be the researches focused on both practical and theoretical aspects of the debate. The moderating variable that determines the relationship between dependent and independent variables is the prevalence of research data on either theoretical or practical solution proposed by researchers. A mediating variable, in turn, is the effectiveness of cyber security measures perceived from theory- and practice-related standpoints. These variables are meaningful because they allow determining which approach to cyber security is prevailing and what types of solutions it offers.
Identification Hypothesis
The first hypothesis is as follows: identifying which approach to cyber security is more efficient (practical or theoretical) will allow ensuring better means of cyber security. This hypothesis will rely on the results drawn out by researchers. While performing either theory-based or practice-focused research, each approach is aimed at providing a more in-depth analysis of the situation. However, while the theoretical studies have a goal of better understanding the nature of the problems that the cyber security faces in the modern environment, the practical researches focus on providing means to fight off different types of cyber attacks. Therefore, understanding each perspective may be equally important, while providing insight on which one is better in the modern era of cyber security. If this hypothesis is correct, any research that tries to cover each approach would be perceived as excessive and lacking focus on significant problems that are not currently included.
Equality Hypothesis
The second hypothesis is: both methods to researching cyber security are equally important and must not be separated; rather, both theory and practice must be viewed as inseparable means to provide a better environment in which cyber security will function to its maximum extents. This hypothesis may be equally as vital because the nature of cyber attacks requires both understanding of the means used to compromise security and development of means of protection against possible or actual attacks. If this hypothesis proves to be correct, there would seem to be no point in carrying out research that is focused solely on one approach to increasing cybersecurity. If on the other hand, the hypothesis proves to be wrong, the current researches focused on theory and practice separately would be strengthened and proved to be equally important.
Craigen, D., Diakun-Thibault, N., & Purse, R. (2014). Defining Cybersecurity. Technology Innovation Management Review, 4(10), 13-21.
Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., & Smeraldi, F. (2016). Decision support approaches for cyber security investment. Decision Support Systems, 86, 13-23.
Grau, D., & Kennedy, C. (2014). TIM lecture series – the business of cybersecurity. Technology Innovation Management Review, 4(4), 53-57.
Nelson, N., Madnick, S. (2017). Trade-offs between digital innovation and cyber-security. Cambridge, MA: Massachusetts Institute of Technology.
Tisdale, S. M. (2015). Cybersecurity: Challenges from a systems, complexity, knowledge management and business intelligence perspective. Issues in Information Systems, 16(3), 191-198.
Computer Forensics is a branch of digital forensics which is used in “identifying, preserving, recovering, analyzing and presenting facts and opinions about the information” (Caloyannides, 2001, p. 22). This branch is mainly associated with the wide range of computer crimes. With the discovery of internet, computer crimes have been reached a significant level. There are many activities like viruses through which computer systems either in digital or electronic form are attacked all over the world. Computer Forensics teams are present to monitor and investigate such intrusions and protect computers and networks from such situations.
Several research tools are introduced by the software developing companies which facilitate examinations of cyber-attacks for computer forensics teams. Some of the most wide-spread tools are given below:
Appliance for Digital Investigation and Analysis (ADIA)
File Recovery Software
File Viewers
Password Recovery Software
X-Ways Forensics
Writing Tools
Network Tools
Appliance for Digital Investigation and Analysis (ADIA): It is a VMware based appliance which is used for digital investigation and acquisition. Some of the best features of this tool are that it is built from public domain software and is free of charge. Besides, it is released on March 2012 and publically available.
File Recovery Software: Another research tool used by computer forensics is file recovery software, which helps to find out the deleted files. Moreover, in many cases it also assists in recovering the files which are very difficult to analyze.
File Viewers: There are various types of file viewers software which enable computer forensics to view the file without actual opening it.
Password Recovery Software: This is another tool that helps computer forensics team regain the password. It can be considered one of the best tools since it is used to access password protected files. In addition, even if the password list is destroyed password recovery software can still recover it. By using the tool, computer forensics can investigate cybercrime more efficiently.
X-Ways Forensics: Integrated Computer Forensics Software: It is an advanced research environmental tool for computer forensics. Being very efficient, it runs fast and finds deleted files. It is comprised of imaging, disk cloning, data interrupter, etc. (ISFCE: Certified Computer Examiner, 2005).
Writing Tools: Writing tools replicate the data of hardware and software.
Network Tools: Network tools are applied to analyze network traffic. For this purpose, packet sniffers are used which help computer forensics detect and analyze a live attack on the system. By using such tools, computer forensics team can perform its duties in a more effective manner. The team will be able to define the place where the attack has been carried out from. All the tools mentioned above are used by computer forensics to detect and control computer intrusions. All of them are also to decrease the rate of computer crimes.
Thus, there are several Forensics Toolkits available in the markets which are free of charge, for example, CERT Forensics Toolkit. CERT Forensics Toolkit contains tools that are freely available to federal, state, local law enforcement agencies, including the Department of Defense, within the USA (Caloyannides, 2001). Apart from this, there are also some tools which are open source and are free for everyone. Some of them are Data Acquisition, Volume Systems, File System, Memory and etc.
References
Caloyannides, M. (2001). Computer Forensics and Privacy. Boston, MA: Artech House.
In the context of cyber security, agility is a concept that refers to measures that corporate organizations are taking in order to ensure operational flexibility and quick response to dynamic environmental factors that affect their normal operation. This concept is the one that is used to establish stable and secure cloud management systems for an internet-based data storage facility. Governance is comprised of activities executed by those responsible for the success of a corporate enterprise (the board and executive management). Their major responsibilities are strategy formulation and execution to ensure that both long and short-term objectives are achieved. Among the strategies formulated are risk reduction mechanisms. Cyber security is a concept that defines an enterprise’s reliance on cyberspace that is full of threats. Cyber security governance, therefore, entails the security governance of an organization’s information system. It is noticeable that features of information management address information security outside online storage facilities. The movement of information between offline and online dimensions is so frequent that cyber security management should encompass information security governance (Weill & Jeanne 163).
Components of agility
Responsiveness-it is the ability of an enterprise to quickly react to information system jeopardy attempts. It measures the flexibility of an enterprise. An enterprise should, therefore, deploy mechanisms to enable it to detect and respond to indications of unauthorized attempts to access its database. Responsiveness is important for an organization’s success because an earlier detection of unauthorized information access will allow an enterprise ample time to identify the source of cyber security weakness and take corrective measures. Earlier detection will also prevent huge damage or disruption of information in a Company’s database. Information loss prevention plays an important role in cost management. The information-gathering process is an expensive process therefore, reducing the frequency with which it is performed saves a lot of money. Unauthorized access into and tampering with an organization’s database has a potentially negative effect on an organization’s ability to carry out its normal business (NDIA 24). Disruption of an organization’s information system affects its decision-making processes. The effect has a bearing on the fact that decision-making, for instance, financial decisions, is based on historical information. Therefore, organizations should develop processes that provide alternative decision-making processes in the event that their adversaries, through cyberattacks, interfere with the critical facet of an organization’s decision-making process (NIST 21).
Timely-in the context of agility, timely is a concept referring to the availability of cyber security measures and when needed by an enterprise. An organization should implement a process that provides an alternative decision making, which allows timely decision and delegation of responsibilities in the event that an adversary’s actions result in a successful long-term disruption of an enterprise’s primary decision-making process, or otherwise renders it unable to make a timely response to security issues (NIST 16).
Importance of agility in the decision-making process
Because of the concept of agility, organizations have implemented processes that provide a secondary decision-making mechanism, which supports responsibility allocation if it occurs that information damage results in long-term disruption of decision-making facets (Lewis & Baird 214). Agility facilitates the delegation of decision-making responsibilities from general managers to heads of various departments. This reduces the decision-making period thus reducing time wastage. It also brings together heads of various departments, for instance, agency officials, information security officers and CEOs, thus ensuring a perfect decision making-process (GAO 4).
SA and agility
Organizations should create situation awareness programs to sensitize their employees on the actual existence of adversaries with the malicious intention for an organization’s information system. In addition, awareness should also be created on the available mechanisms put in place by the organizations to mitigate the risk attributed to its dependability on cyberspace (Selke & Renn 97). To ensure uniform effort towards the implementation of cyber security measures in an organization, it is imperative that employees are involved in the process. Their involvement will familiarize them with the organization’s long-term plan to invest in cyber security, which security measures need to be integrated into the organization’s system and its core missions (IRGC 6). Situational awareness should aim at enlightening members of an organization on the urgency for investing in cyber security as compared to other areas of investment. The awareness will also inform lower departmental managers on how the organization can make cyber-security investment decisions. There should also be aware of strategic integration to address the scope of cyber-security strategy integration into an organization’s risk management process. Situational awareness enlightens members of an organization about various disciplines that are involved in cyber security (Clark & Sitko 17). For instance, the safety of information and communication system is among the disciplines involved. The discipline awareness will create awareness of the interdependency between the disciplines. For instance, distribution of information and management among heads of operational activities in different areas as well as organization baselines among those who are responsible for strategic planning are unleashed. Situational awareness should also relay the risk mitigation approach to the organization members (Posthumus & Rossouw von 123). The approach of an organization to alleviate risk reflects its commitment to conform to principles of excellent performance. For instance, an organization can decide to focus on conformity to principles of good performance to facilitate strong characteristics of its cyber security management with compliance. Situational awareness is also important because it informs decision-makers and strategic planners about the necessity of identifying and assessing risk factors. Various factors can form the basis of cyber risk modeling. They include factors related to threats, vulnerability and consequences (Hamilton 9).
Why agile in cyber security
Cyber security measures should be agile to facilitate earlier detection of threats to an organization’s database and to ascertain whether a threat source exists within the organization or not. Classification, processing and storage of information in an organization will be effective and efficient with the implementation of agility in cyber security. Corporate entities with large information files stored in online facilities rest assured of the safety and security of their information resources and protection against the existing persistent threat from cyber attackers (“Cyber security Today and Tomorrow” 79).
Importance of increasing agility, which increases overall SA agility
An increase in agility demands that an organization tailors its governance and security measures to the threat it faces. The levels of preparedness for cyber threats vary depending on how current, clear, and precise an organization’s security plans should be in order to report to the strategic planning process on threat mitigation and operational decisions. Intelligence should, therefore, increase agility in organizations in order to establish strong, resilient, and penetration-resistant information systems that support the core missions of an organization. An increase in agility will also facilitate continuous improvement in security controls and increase flexibility in risk management activities to reduce cyber threats. An increase in agility will increase the responsiveness of an organization in detecting insider threats and reduce supply chain risk as security assurance and trustworthiness of information systems are upheld. The functionality of cyber security will be enhanced by developing appropriate services and risk-mitigating mechanisms to strengthen security and ensure correctness, completeness, and resistance information system (Eberstein 222).
Conclusion
Cyber threat is a nightmare to corporate entities that practice cloud computing. Information resources are important in an organization and thus, should be protected against malicious damage. As a result, measures should be implemented to create cyber security, which will protect the information resources of an organization from damage. Situational awareness should be made to organization members to facilitate the implementation of security strategies. A secure organization information system will stabilize decision-making processes in an organization.
Works Cited
Clark, Tammy & Sitko Toby. Information Security Governance: Advancing the State of the Practice. PDF file. 2008. Web.
Cyber security Today and Tomorrow: Pay Now or Pay Later. Washington, D.C: National Academy Press, 2002. Print.
Eberstein, M. Mark. Agility: Competing and Winning in a Tech-Savvy Marketplace, Hoboken: J. Wiley & Sons, 2010. Print.
GAO. Cyberspace: United States Faces Challenges in Addressing Global Cyber security and Governance. PDF file. 2010. Web.
Hamilton, A. Booz. Information Security Governance: Governance Considerations for the Cloud Computing Environment. PDF file. 2009. Web.
IRGC: An Introduction to the IRGC Risk Governance Framework. 2008. Web.
Lewis, James, & Zoë Baird. Cyber Security. Washington, D.C: CSIS Press, Center for Strategic and International Studies, 2003. Print.
National Defense Industrial Association (NDIA). Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure. 2009. Web.
NIST. Information Security Guide for Government Executives. 2007. Web.
NIST. Information Security Handbook: A Guide for Managers. PDF file. 2006. Web.
Posthumus Shaun & Rossouw von Solms. “A framework for the governance of information security”, Computers & Security. 23 (2004): 638-646. Print.
Selke, Piet & Renn Ortwin. “Risk Governance of Pervasive Computing Technologies”, The International Journal of Technology, Knowledge and Society, 4 (2008). Print.
Weill, Peter and Jeanne Ross. A Matrixed Approach to Designing IT Governance, MIT Sloan Management Review, Winter: Thomson Learning, 2005. Print.
The term cyber threat is mainly used to describe information security issues. It is a crime aimed to steal information, damage data, or ruin digital life. Cyber security threats can take such forms as phishing, spying, DoS attacks, data breaches, cyber fraud, politically motivated attacks, and so forth. Not all malicious cyber actions can be considered cyberwar. Some cyberattacks are aimed to harm individuals, steal their personal information, or disrupt intellectual property. Others make part of cyberwarfare and are defined by Aboul Enein (2017, 16) as “the use of force to cause damage or destruction for a political purpose by states or political groups.” This presentation will discuss cyber security threats, their impact on UAE international security, and ways to address them.
Imranuddin (2017, 30) distinguishes the following types of cybercrime:
Hacking. This type of cyber offense involves impinging upon and changing software or hardware which is not protected adequately by creators.
Data breach. It means that some critical information is stolen from a system without permission. Data breaches can happen to both large and small organizations.
Cyber Threats in United Arab Emirates
The issue of cyber threats has been a point of multiple concerns in the UAE recently. In 2018, the UAE government and private sector were the subject of a total of 230 cyber attacks, as The National UAE reports (“More Than 200 Cyber Attacks So Far This Year,” 2019). The described statistics is quite troubling, even given the global trends. Specifically, the 2019 reports mention 80,000 cyber attacks per day in 2018 (“The Ultimate List of Cyber Security Statistics for 2019,” 2020). Therefore, immediate measures are overdue so that cybercrime could be addressed in the UAE.
Common Cybercrimes in the UAE
Currently, several types of cybercrimes appear to be prevalent in the UAE environment. Among these, financial fraud is the most frequently committed one (“The Rise of Cybercrime in Dubai and UAE,” 2015). Financial fraud poses the greatest threat to cybersecurity in the UAE since, in most cases, the threat causing a rise in cybercrime rates comes from within organizations (“The Rise of Cybercrime in Dubai and UAE,” 2015). Therefore, the level of cybersecurity needs to be updated to protect UAE organizations from malicious intents of some of its less trustworthy staff.
As far as the types of attacks that the UAE owners of online data have to face on a daily basis, one should mention ransomware and adware. According to the 2015 data, AdWare.Win32.BetterSurf.b was the most notorious ransomware in 2014, having infected more than 1,228,000 computers (“The Rise of Cybercrime in Dubai and UAE,” 2015).
Preparedness of the Middle East countries for cyberattacks
In general, the Middle East countries demonstrate different levels of preparedness for cyberattacks, with the UAE being among the most prepared ones (Chandra et al. 2019).
Laws that ensure cyber security in the UAE
When speaking about the UAE governmental methods of addressing cyber threats, it is crucial to mention its cyber legislation. There are two primary laws that ensure cyber security in the UAE. They include Federal Law No. 1 of 2006 that governs transactions and e-commerce and Federal Law No. 5 issued in 2012 and aimed to assist in combatting cyber security. The latter has changed the definition of a privacy breach, expanded the list of offenses and penalties (Imranuddin 2017).
According to the law No. 5, any unpermitted access to websites or data is considered an offense charged under liability standards. Penalties are applied if anyone tries to access websites, systems, or sensitive data without authorization. Disruptors might be deported or committed to prison. The law controls the policy connected with international communication and data technologies. It also enacts penalties for other cyber violations such as spreading pornography, insulting religious traditions, casting aspersions on public officials, falsifying documents, stealing passwords, pin codes, and other financial data (Imranuddin 2017).
Cybercrime Threat Analysis
National Interest Scale
With the rise in attention to the problems of cybersecurity, the perception of the subject matter as the issue of the national interest has grown substantially. Therefore, on the national interest scale, the concern of cybersecurity and the reduction in the levels of cybercrime can be regarded as quite high. Indeed, given the 2006 and 2012 regulations that the UAE government established as the means of protecting its citizens, the extent of national interest toward the problem has grown. However, with no additions to the current regulations despite the time passed since their adoption, the national interest rates may reduce, which will contribute to a rise in the level of threat.
Use of History
Using retrospective analysis to evaluate the current problem of cyberattacks , on will notice that the level of threat from cybercrime tends to increase as digital technologies become more complex. However, the existing UAE regulations have not been updated accordingly, which creates additional obstacles to improving the rates of cybersecurity. For instance, in 2011, the number of cyberattacks in the UAE amounted to 588; however, in 2020, the specified issue has risen to 70,000 for smartphones alone (Gulf Information Security Expo and Conference, 2020). In turn, the regulatory strategies have remained the same.
UAE and U.S.
The outlined information is quite troublesome, even though the threat of cyberattacks has become ubiquitous across the globe. Indeed, comparing the existing strategies for addressing cybercrime in the UAE to those of other countries, including those in Europe and the U.S., one will find similar concerns. For instance, in the U.S., the rise in reported cybercrimes (approximately 1,300 per day) and a total of more than $3.5 billion damage to organizations have shown the need for tougher cybercrime regulations and an enhanced framework for cybersecurity (Federal Bureau of Investigation, 2020).
Logical Fallacies in Addressing Cybersecurity Issues in the UAE
Likewise, the application of the analysis driven by the identification of common logical fallacies in the discourse will help to determine the nature and extent of the threat.
Ad Hominem
The ad hominem fallacy, which occurs most frequently when discussing the problem of cybersecurity, suggests that it is natural for people to make mistakes, including the errors that they make when managing online interactions (Butwick and Weiniger, 2019). Therefore, the specified assumption suggests that reinforcing cybersecurity further or trying to educate people in the issue of cybersecurity is pointless. The described sentiment is quite far from the truth; moreover, it prevents effective dissemination of knowledge about cybercrime prevention.
Onus Probandi
Another type of fallacy, onus probandi, or the burden of proof, is often used to reduce the impression of threat that the presence of cybersecurity issues entails. Namely, a range of sources of information fail to provide sufficient evidence to support their claims concerning high security rates of digital data, which leads to misinformation. The described issue occurs in the UAE setting quite often, with newspaper rarely shedding enough light on the problem of cybersecurity (Dederer and Singer, 2019).
The Ways to Address Cyber Security Threats in the UAE
Presently, the fine for cybercrime ranges from AED 250,000 to 500,000. At first glance, the price to pay is quite ample. However, the specified measure appears to be lacking efficiency due to the low effect of the legal repercussions. Although the fine is quite large, potential perpetrators do not face an incentive powerful enough to make them avoid cybercrimes (UAE Department of Justice, 2020). Therefore, extra repercussions, including a jail time, must be added to the list.
In addition, increasing the level of education among average users should be central to the mitigation of cybercrimes in the UAE. Although updating the existing regulations and reinforcing the security system will play a vital role in reducing the risks, it will also be essential to ensure that the human factor should not become a source of threat. Therefore, cybersecurity education should be made readily available to all users as a part of the national security program. The specified service should be advertised copiously on all possible platforms, especially social media sites.
Educational institutions, Society, and Industry
Educational institutions
UAE educational establishments play a pivotal role in strengthening cyber security. They aim to educate prospective cyber security employees that would protect the nation from any cyber threats. It is also crucial to cooperate with industry working groups to keep the knowledge up-to-date and useful. Cyber security should be included in special training programs and courses at universities. The UAE has already created several centers focused on cyber security research; for example, the Information Security Research Center at the Khalifa University (Chandra et al. 2019). The UAE has a vast number of long-term educational projects; one of them is to build a cyber security academy.
Society
UAE residents should be taught how to prevent and address possible cyber threats. The new generations should be aware of how to surf the Internet safely and protect their personal information. According to Chandra et al. (2019, 2808), in 2018, “the initiative “Cybersecurity Ambassador” was launched to build a secure e-culture, empowering Emirati students as ambassadors for cybersecurity to promote a secure electronic lifestyle in the UAE.”
Industry
Since the UAE has been subject to numerous cyberattacks in recent years, it has become evident that it is critical to invest into high-capacity, reliable technologies. Moreover, it is crucial to teach personnel how to observe safety and use technologies correctly. Training on cyber security can help mitigate possible risks and even increase efficiency and productivity. As described by Chandra et al. (2019, 2807), “UAE organizations can enhance their IT security and make attacks difficult merely by addressing some essential vulnerabilities that include obsolete and unsupported software, weak passwords, unpatched systems, and weaknesses in configuration management.” It is also vital to enhance the collaboration between international and national entities. In this way, many innovative technologies can be implemented into private enterprises to improve their safety and security.
To conclude, the UAE is one of the most promising and highly developed Middle East countries. Unfortunately, it is often subject to cyber security threats and attacks. The state implements a number of efficient measures to strengthen its cybercrime defenses.
Since the UAE has been subject to numerous cyberattacks in recent years, it has become evident that it is critical to invest into high-capacity, reliable technologies. Moreover, it is crucial to teach personnel how to observe safety and use technologies correctly. Training on cyber security can help mitigate possible risks and even increase efficiency and productivity. As described by Chandra et al. (2019, 2807), “UAE organizations can enhance their IT security and make attacks difficult merely by addressing some essential vulnerabilities that include obsolete and unsupported software, weak passwords, unpatched systems, and weaknesses in configuration management.” It is also vital to enhance the collaboration between international and national entities. In this way, many innovative technologies can be implemented into private enterprises to improve their safety and security.
To conclude, the UAE is one of the most promising and highly developed Middle East countries. Unfortunately, it is often subject to cyber security threats and attacks. The state implements a number of efficient measures to strengthen its cybercrime defenses.
Conclusion
To outline the findings, one will need the tools such as the national interest scale. The specified analytical tool allows gauging the extent of threat when considering the existing statistical information. Namely, according to the recent facts concerning the rate of cybercrimes identification, the UAE cybersecurity has been improved significantly. However, when examining the statistics on cybercrime prevention, one will admit that the specified issue represents a serious gap in the UAE cybersecurity strategy.
In addition, looking back at the analysis performed above, one should mention that the historical analysis and the introduction of logical fallacies have contributed significantly to the understanding of what affects the rise in cybersecurity risks in the UAE. Namely, the historical assessment has shown the gaps in the development of cybersecurity strategies in the UAE. In turn, the application of the logical fallacies to the case has shown why a significant number of people tend to overlook obvious security concerns when using digital technology.
References
Aboul Enein, Sameh. 2017. Cybersecurity Challenges in the Middle East. Geneva: Geneva Papers.
Butwick, A. J., & Weiniger, C. F. 2019. “Combatting Myths and Misinformation about Obstetric Anesthesia.” International Journal of Obstetric Anesthesia, 40: 1-3.
Chandra, Geetanjali Ramesh, Bhoopesh Kumar Sharma, and Iman Ali Liquat. 2019. “UAE’s Strategy Towards Most Cyber Resilient Nation.” International Journal of Innovative Technology and Exploring Engineering (IJITEE), 8(12): 2803-2809.
Dederer, H. G., and Singer, T. 2019. “Adverse Cyber Operations: Causality, Attribution, Evidence, and Due Diligence.” International Law Studies, 95 (1): 14.
Imranuddin, Mohammed. 2017. “A Study of Cyber Laws in the United Arab Emirates.” PhD diss., Rochester Institute of Technology.
Aboul Enein, Sameh. 2017. Cybersecurity Challenges in the Middle East. Geneva: Geneva Papers.
Butwick, A. J., & Weiniger, C. F. 2019. “Combatting Myths and Misinformation about Obstetric Anesthesia.” International Journal of Obstetric Anesthesia, 40: 1-3.
Chandra, Geetanjali Ramesh, Bhoopesh Kumar Sharma, and Iman Ali Liquat. 2019. “UAE’s Strategy Towards Most Cyber Resilient Nation.” International Journal of Innovative Technology and Exploring Engineering (IJITEE), 8(12): 2803-2809.
Dederer, H. G., and Singer, T. 2019. “Adverse Cyber Operations: Causality, Attribution, Evidence, and Due Diligence.” International Law Studies, 95 (1): 14.
Imranuddin, Mohammed. 2017. “A Study of Cyber Laws in the United Arab Emirates.” PhD diss., Rochester Institute of Technology.
The video is called “Adrian Lamo’s Hacking”; it consists of six parts available from YouTube. As it usually happens there are two different opinions that can be suggested in this case. The first opinion suggests the idea of knowledge that can exist for knowledge. The example of Galileo introduces a theory about the construction of the Solar System that was the target of interest of the well-known scientist.
In this case, he was regarded as a hacker because he explored the earth and its movement. This does not mean that he wanted to use this knowledge to raid a bank or crack security software of the governmental organisation. I find it interesting to compare the hacking activity with the cowboys of the Wild West when all people lived in accordance with their own lows and there was no universal punishment for some sort of crime.
So, contemporary hackers that explore computers, telecommunications, and other complicated mechanisms of communication have established their own rules of ethical decision-making. In this respect, curiosity that makes a hacker crack the system is claimed to be of little danger whereas people that rob banks with the help of hacking should be punished.
Telephones and their development from the hard-wired phones to the cell phones have become the reason for development of hacking skills necessary to hack the phone and to call somebody for free. This can be considered one of the damage-brining factors considering the hacking activity.
Having access to all automated systems that store some information can be really dangerous in terms of consequences of those interventions. As hackers do not always know what type of information they change, they can alter some minor facts in the system causing environmental and even military catastrophes.
So, hacking has become one of the most effective weapons for terroristic organisations in the contemporary global society.
Being engaged into terrorist organisations’ activities makes hackers’ exploration of cyber-space unethical because they perform that for the only reason only; this reason includes cooperation with terroristic organisations for the purpose of cracking various security systems of strategic targets and various governmental organisations. So, as every concept in the world, hacking activity has its pros and cons.
Pros stand for mere exploration of some construction, structure, the way something operates and finding some ways to improve its operation or increase productivity whereas cons include actions that are aimed at gaining personal benefits or at destructive activities that can be really damaging.
However, some hackers try to cooperation with the national security offices that are in charge of the national security programs and various preventive methods. The only thing that ruins this light image of cooperation is that hackers warn the organisations responsible for security about vulnerability of some parts of the security network while they did not listen.
To conclude, hacking as it appears to be performed by Adrian Lamo is absolutely safe and can be used to improve various security systems. Besides, hacking can be peaceful if a person does something out of curiosity. However, hacking can be dangerous if some information goes to wrong people that present the radical movement or want to do something destructive.
In other words, it is better not to explore the way some machine works if you are not ready to be responsible for that intervention and cannot suggest any alternative for that security system.
On the other hand, people 9governmental agencies) should cooperate with hackers to master their skills in this area and be ready to parry hostile hackers’ attacks aimed at destruction of the governmental network and providing terrorists with their assistance.
Cyberattacks aimed at hacking and abducting strategically important information of the National Security Agency (N.S.A.) are a potential threat to the integrity of the country’s entire defence complex. Apart from the degree of significance of the stolen data, an insufficiently reliable security system is the reason for concern. The possibility of hacker access to the Agency resources opens up many opportunities for opponents, including the ways to develop plans for a successful attack. All these factors determine the need to analyse specific risks of threats and the ways to deal with them.
Targeted Search for Important Information
It is logical to assume that a group of hackers working to discredit the N.S.A. and seize valuable data leads an intentional cyberwar. The possibilities of modern technologies prove that even such a reliable system as the Agency’s internal database can be hacked, and, as practice shows, the attempt can be very cynical. According to Sanger (2016), the original program code used by the group of hackers caused the leakage of any data that were later sold at auctions for much money. It allows saying that cybercriminals are deliberately looking for ways to find certain valuable information in order to extract it from the database and expose it as a lot. Consequently, the implication for the Agency can mean that many cranking governments may be aware of the significant aspects of American politics and its government leaders’ purposes. Moreover, the quality of hackers’ work leaves little doubt that professional work was prepared, and the goals were determined in advance. Therefore, in order to prevent the recurrence of such attacks, the N.S.A. needs to strengthen the security system of particularly essential information to eliminate its diversion.
Lack of Opportunity to Rely on the Existing System
In order for the data protection system to work properly, it is necessary to ensure that all firewalls are able to withstand external attacks and prevent unauthorised persons from accessing databases. However, the previous program showed its insolvency and vulnerability, which calls for the creation of a new advanced system by the Agency. In case the representatives of the N.A.S. information department does not establish the work of their protective mechanism, other scandals on the basis of data leakage may occur. As van Der Walt (2017) notes, the need to protect virtual information has never been as relevant as it is today since, judging by experience, the cases of theft of valuable information are often encountered. Therefore, the N.S.A. may be involuntarily involved in other sound cases of hacker attacks if the Agency’s representatives do not take urgent measures to protect their resources.
The threat for the Agency calls for the development of innovative ways to keep the information of national importance and the creation of advanced mechanisms for repelling threats. For these purposes, the N.S.A. needs to periodically check the software for protection and test the system in time to identify potentially vulnerable sectors. The threat can be eliminated, but for this purpose, specialists of the National Agency need to carry out intensive work and achieve complete data protection in order to avoid their leakage. Therefore, new technologies should be taken into account, and the experience of professional staff will be useful to develop an enhanced and relevant mechanism that allows the N.S.A. to prevent dangerous hacker attacks and information theft.
The Need for Developing a Unique and Innovative Protection System
In case the National Agency does not attempt to achieve the maximum degree of protection and does not begin to develop a new security system, scandals related to the data security can be repeated. Modern professionals of cyber attacks are able to access even the most classified databases. Moreover, according to Solenberger (2017), absolutely any software can be attacked, starting from the Windows operating system and ending with top-secret programs containing the information of national importance. Hackers are not stopped by complex passwords and encryption systems, and it is useless to rely solely on the reliability of this or that protection method if it has already been hacked once.
The Agency can hire highly qualified specialists working in the field of creating advanced cybersecurity and providing protection to the cloud and other virtual resources. As Segal (2017) remarks, in any large company where information is a valuable resource, only modern means of preventing attacks should be used for the secrecy of all the data not to be completely fictitious. In such a structural unit as the N.S.A., ensuring the protection of state secrets should not only become a necessity but an integral part of the work process. If the representatives of the Agency can ensure the creation of an appropriate firewall and achieve the complete security of its system, it will put an end to the scandals associated with data theft. Otherwise, regular attempts to steal information will be committed, which in the end will eventually lead to people’s discontent with the national security system. All cases of cyber-attacks are made public. Therefore, it is in the interests of civil servants to secure the complete protection of information held in their department.
Consequences of Public Discontent
The financing of state programs is carried out at the expense of the budget, which, in its turn, is replenished due to taxpayers. In case the citizens of the country see that their money is spent ineffectively, and the state suffers enormous losses because of the inability to resist cyber threats from outside, it can lead to massive dissatisfaction with the existing government. As Rid and Buchanan (2015) note, professionals working in the field of protecting essential information from virtual attacks should have a number of skills, including a competent time distribution, the understanding of limitations and potential problems, and some other attainments. The absence of such specialists in the state security system is a cause for concern of not only senior management officials but also ordinary citizens who have the right to expect an effective distribution of their tax payments.
The country’s security system can be seriously affected if there are not enough funds to invest in its development. In order to create a modern and fully protected program in a virtual space, much money is required since such work is highly valued. According to Dwyer (2018), some encryption codes created by qualified specialists can have the highest level of protection. Nevertheless, the services of such specialists cost much, and the N.S.A. will have to pay money to ensure that their database is completely protected from threats. As Payne, Abegaz, and Antonia (2016) claim, the search for professionals can be conducted everywhere, even in colleges because not deserts but the level of training plays a significant role. If adequate protection is provided, the population will be able to believe in the effectiveness of the Agency’s work and its desire to correct made mistakes.
Confronting Growing Pressure
The threat to the security of data stored in the N.S.A. classified databases provokes a wide public response, especially when the facts of hacking become known and constantly discussed in the media space. Accordingly, the representatives of the Agency need to continually resist growing pressure and not to react to provocations of those who intentionally discredit the state board. In order to avoid condemnation and to organise work, the N.S.A. establishes public-private relationships and defines strategies for further development (Carr 2016). Such a measure enables the Agency to find partners in the activities to protect data from cyber-attacks and successfully resist any manifestations of public discontent.
The ownership of the N.S.A. is determined by the status that this Agency has at the state level. Responsibility for the safety of important information, as Toch et al. (2018) claim, completely lies on the representatives of the authorities, and in case of hacking of the secret system, they will be responsible for a specific cyber attack. Such pressure is an incentive to create an advanced system of protection against hacker threats. The Agency has ample opportunities to use the latest developments in the technical field and introduce appropriate technologies. Fleming, Qualkenbush, and Chapa (2017) mention a secret war that is being waged against the United States in order to disrupt the integrity of the country and extract valuable data. To successfully resist these attacks, the corresponding software should be developed and implemented. Increasing pressure caused by repeated cases of data leakage calls for urgent measures to be taken to ensure the security of the US secret data.
Financial Implications for the N.S.A.
From a financial point of view, the need to develop and implement a new security program that provides safety for the US secret data certainly requires substantial monetary investment. The government should ensure that the new system meets modern standards of protection against cyber attacks. Strategic budget planning that should be carried out before introducing the program may include a one-time payment to create the appropriate firewall, as well as further investments in improving and updating the system. According to Vogel (2016), the continual emergence of novelties in the computer sphere explains the need to close all possible security gaps that inevitably arise. It also requires financial investments, therefore, costs are significant.
If costs are unavoidable, a special fund can be created in order to keep money and use them to develop a cybersecurity system. Chang, Zhong, and Grabosky (2018) give an example of such a measure as citizen co-production when people are attracted to help the authorities control the level of security of the virtual space. It, in its turn, allows monitoring the social sector of the Internet, controlling people’s activities. Also, according to Voskoboiniсov and Melnyk (2018), technological progress and the continuous appearance of novelties in the information technology market are an incentive for attracting experienced professionals who can provide their assistance in securing essential data. Certainly, all these factors require financial investments. Nevertheless, in case of successful work, all the spent funds will pay off soon, and the N.S.A. will manage to protect its resources from cyber attacks.
Ethical Implications for the N.S.A.
From the point of view of the ethical question, the Agency’s inability to resist regular hacker attacks is a serious factor that allows doubting the competence of its employees. If the N.S.A. cannot provide its secret information with reliable protection, it reflects the US government is not the most favourable light. Cavelty (2014) claims that the dilemma faced by government officials affects the complex choice between eliminating system vulnerabilities and finding potential threats. In case the Agency in practice proves its worth and will be able to provide conclusive evidence of the involvement of specific hacker groups in performed attacks, it will increase people’s confidence and help to restore lost credibility.
Additional attention should be paid to cooperation with partner companies. The N.S.A. is a large agency operating at the state level. In case this unit does not cope with its duties and is regularly involved in various scandals caused by hacker attacks, it can cause concern among other government agencies. According to Knowles et al. (2015), security management cannot affect only one branch. Regardless of whether virtual data or some other sector is threatened, protection should work at all levels. It is in this way possible to earn the trust of citizens and at the same time protect valuable data from the threat of theft and hacking.
Conclusion
The threat of cyber attacks on valuable data stored in the N.S.A. necessitates the creation of a modern and reliable system of protection against hacker threats. Citizens’ discontent can be caused by constant scandals in which the Agency is involved. In order to resist public condemnation, it is required for the N.S.A. to take urgent measures to develop and implement an effective program. The assistance of qualified staff specialists is necessary since the competence of the current staff of the department is questioned. The financial and ethical implications for the Agency can be expressed, and all the conclusions are that urgent measures should be taken to detect the source of the threat and eliminate it.
Reference List
Carr, M 2016, ‘Public-private partnerships in national cyber-security strategies’, International Affairs, vol. 92, no. 1, pp. 43-62.
Cavelty, MD 2014, ‘Breaking the cyber-security dilemma: aligning security needs and removing vulnerabilities’, Science and Engineering Ethics, vol. 20, no. 3, pp. 701-715.
Chang, LYC, Zhong, LY & Grabosky, PN 2018, ‘Citizen co-production of cyber security: self-help, vigilantes, and cybercrime’, Regulation & Governance, vol. 12, no. 1, pp. 101-114.
Dwyer, AC 2018, ‘The NHS cyber-attack: a look at the complex environmental conditions of WannaCry’, RAD Magazine, vol. 44, no. 512, pp. 25-26.
Fleming, TC, Qualkenbush, EL & Chapa, AM 2017, ‘The secret war against the United States: the top threat to national security and the American dream cyber and asymmetrical hybrid warfare an urgent call to action’, The Cyber Defense Review, vol. 2, no. 3, pp. 25-32.
Knowles, W, Prince, D, Hutchison, D, Disso, JFP & Jones, K 2015, ‘A survey of cyber security management in industrial control systems’, International Journal of Critical Infrastructure Protection, vol. 9, pp. 52-80.
Payne, BR, Abegaz, T & Antonia, K 2016, ‘Planning and implementing a successful NSA-NSF GenCyber summer cyber academy’, Journal of Cybersecurity Education, Research and Practice, vol. 2016, no. 2, pp. 3-16.
Rid, T & Buchanan, B 2015, ‘Attributing cyber attacks’, Journal of Strategic Studies, vol. 38, no. 1-2, pp. 4-37.
Segal, A 2017, ‘Bridging the cyberspace gap’, Prism: A Journal of the Center for Complex Operations, vol. 7, no. 2, pp. 66-77.
Solenberger, P 2017, ‘What goes around comes around: NSA’s cyberwarfare blowback’, Against the Current, vol. 32, no. 4, pp. 7-9.
Toch, E, Bettini, C, Shmueli, E, Radaelli, L, Lanzi, A, Riboni, D & Lepri, B 2018, ‘The privacy implications of cyber security systems: a technological survey’, ACM Computing Surveys (CSUR), vol. 51, no. 2, pp. 36-45.
van Der Walt, C 2017, ‘The impact of nation-state hacking on commercial cyber-security’, Computer Fraud & Security, vol. 2017, no. 4, pp. 5-10.
Vogel, R 2016, ‘Closing the cybersecurity skills gap’, Salus Journal, vol. 4, no. 2, pp. 32-46.
Voskoboiniсov, S & Melnyk, S 2018, ‘Cyber security in the modern sociation and improvement of preparation of future factors in the field of competent approach’, Social Work and Education, vol. 5, no. 1, pp. 103-112.
Every organization wants a rigid and high-quality information technology security system that can make it safe, preventing devastating cyber crimes from occurring. Significantly, corporations have the responsibility of ensuring the safety of customers’ and other stakeholders’ personal information. When a company is establishing a system, which can guarantee the highest degree of cybersecurity, it must focus on the dexterity of different options, hence making the appropriate decisions regarding the most effective framework. Denotatively, COBIT5 is a globally comprehensive and recognized business-oriented framework, helping companies to make the best use of their information technology by providing a management and governance outline for enterprises (Astuti et al., 2017). The Information Technology Infrastructure Library (ITIL4) is an advanced framework, having detailed practices of IT service management (ITSM) which focuses on aligning the IT function with the business needs. Therefore, ITIL4 is the better option for cybersecurity over COBIT5, considering that it incorporates different experts throughout the world to formulate the most effective cybersecurity platforms hence reducing hacking incidents.
Background
Adding more IT-related systems to the management of a business company is critical, especially regarding the IT assets and business processes. According to Patón-Romero et al. (2017), different frameworks offer blueprints for attaining organizational goals, including security and compliance. Holistically, there are three popular information technology frameworks of governance which are ITIL4, COBIT5, and TOGAT. Various enterprises globally use these frameworks, hence need to advise on the most effective to bolster cybersecurity and enhance digital resilience.
COBIT5 is created by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute. The Control Objectives for Information and Related Technology (COBIT) significantly help organizations in the creation, maintenance, and monitoring of IT management and governance practices (Patón-Romero et al., 2017). Currently, COBIT is on its sixth version (COBIT 2019), heavily used by the IT business process, stakeholders, and managers to ensure reliability control and subsequent quality of the information systems within a business organization. The current framework version, COBIT5 promotes shorter feedback loops, better agility, and collaboration, hence being effective in reducing different risks in IT implementation (Patón-Romero et al., 2017). In other words, the framework ensures that an organization effectively uses the IT approach in coordinating its different functions. Connectedly, COBIT5 ensures that an organization oversees its services and progress in a single interface.
Discussions about ITIL4 surround IT service management and even ITSM. Significantly, ITSM is the alignment of information systems and enterprise IT services with business and the needs of the customer who is the end-user. ITIL4 regards IT as a critical mode of delivering value to the customer and business, as opposed to just installing, managing, and securing technology (Nachrowi et al., 2020). ITIL is considered to be the preeminent framework for the implementation of ITSM in business companies. It is trademarked and created by AXELOS, receiving massive adoption from millions of certified enterprises globally (Nachrowi et al., 2020). ITIL offers a series of excellent practices which are interconnected, hence subsequently giving guidance for managing, delivering, and developing IT-related services. Thus, the fourth version of ITIL has been structured to ensure excellent customer experience while interacting with the organization.
Methodology and Data Collection
Formulating an effective research methodology requires one to comprehend the research question. The study query aims at comparing the effectiveness of COBIT5 and ITIL4 frameworks in cybersecurity. Primarily, the research applies the secondary data method, comparing different pieces of literature on the topic. According to Ruggiano and Perry (2019), the secondary data approach incorporates the analysis of data that has already been collected through the different primary sources and subsequently made accessible to the various researchers for use. Significantly, several materials are outlining the effectiveness and importance of both the COBIT and ITIL frameworks and how effective an organization can become by embracing either of the set. In addition, the secondary data method will aid in understanding the diverse areas that each of the outlines best fits and their subsequent abilities, hence deciding on the most effective between the two for better cyber-security. Therefore, this study will majorly depend on the secondary data method, presenting the workability and efficiency of the COBIT5 and ITIL4 systems, enhancing recommendations formulation regarding the most effective framework that business entities can adopt.
Additionally, this research will employ the documents and records data collection method as part of the descriptive analysis approach. The collection method is grounded theory which is an alternative to interviews and observation. Interpretatively, the documents and records information collection formula focus on different studies which have been conducted on the topic of research and furthering the study (Gattiker et al., 2016). The reputability and expertise of the authors dictate whether a researcher can use the specific information provided and its relevancy. This research will use the available data that relates to the research question from scholarly sources and researchers that are experts in the area of information technology.
Discussion and Analysis
Effective cybersecurity requires business organizations to take a continuous and layered approach to security. Van Grembergen and De Haes (2018) opine that the adoption and embracement of risk-based thinking is a critical mantra in digital resilience. Understandably, before a corporation decides regarding the necessary framework to adopt between the COBIT5 and ITIL4, it must have a full overview of the risks, investments, and control in security to attain excellent business outcomes. These two systems differ in terms of audience and scope. According to Berger et al. (2020), ITIL is considered as an IT service framework that provides more guidance in the IT arena. Moreover, COBIT is relatively broader than ITIL, whereby it provides a narrative that is more detailed regarding the issue of service management enabler within the enterprise’s information technology system (Berger et al., 2020). Connectedly, these two approaches are excellent and can be used interchangeably to achieve better security, digital resilience, and organizational compliance.
COBIT5 has a robust set of best practices that organizations can use ineffective information technology management. Chaudhari and Mulgund (2018) allude that COBIT’s primary principles provide guidelines that can help a corporation improve its service delivery. Statistically, one of the COBIT5 principles is to meet the needs of the stakeholders (Chaudhari & Mulgund, 2018). An organization needs to set concrete and appropriate IT objectives and KPIs, authenticating a critical path to meet the stakeholder needs. COBIT allows organization management to assign individual duties to employees. As a result, the employees comprehend the specific areas to maintain within the system. Covering the enterprise end-to-end is the second principle of the COBIT5 (Chaudhari & Mulgund, 2018). The system information updates the corporation members regarding the information assets which facilitate their service design needs and business objectives. The third principle in the COBIT5 principle is separating management from governance (Chaudhari & Mulgund, 2018). Therefore, the principles of COBIT’s best practices make it a significant framework that is better for cyber-security as shown in figure 1 below.
ITIL resembles COBIT, in that, it comes with a significant set of principles which inspire different best practices for the business company’s information technology service management. According to Borges (2018), there are seven guiding principles for ITIL, which are eventually ingrained in the ITIL activities and processes, making it more straightforward for corporation structures to benefit from it. The regulations include a focus on value, commence from scratch and progress depending on feedback, promote and collaborate visibility, work and think holistically, keep it practical and straightforward, and lastly automate and optimize (Borges, 2018). Significantly, the ITIL framework upholds that continuous improvement is key to an organization success in the implementation of the IT system. Continual improvement model adoption is a best practice which lets the organization management think and develop an iterative approach to the vision of the organization. Borges (2018) further notes that ITIL4 promotes the adoption of the service value chain approach. Thus, ITIL has seven principles which enhance effective functionality of the organization as shown in figure 2 below.
Findings
Both the COBIT5 and ITIL4 information technology service management standards have traversed critical revamps in the previous years. Distinctively, COBIT5 superseded COBIT4.1, and it was launched in the year 2012 being more flexible since it incorporates collaborative strategies of governance (Chaudhari & Mulgund, 2018). The service provides fluid and frequent updates to aid in addressing changing and new technology. Contrary, ITIL4 system development embraces a more community-based approach, whereby it collaborates with the broader information technology experts and industry globally to update ITIL features for future present and future effectiveness. Connectedly, whereas COBIT5 provides regular and fluid updates to help in addressing the shifting technological trends, ITIL4 works collaboratively with multiple companies which use the same technology and experts worldwide to ensure topnotch security.
ITIL4 is the latest trend and update in the ITIL framework. It updates the framework according to the latest IT developments, and holistic software realms (Nachrowi et al., 2020). Arguably, the ITIL4 focus is towards providing a more practical and flexible foundation to support a business corporation’s endeavors for making critical steps and progress towards the new digital transformation world. The system has four dimensions that should be part of the IT program of service management within a business. The dimensions include people and organizations, information and technology, suppliers and partners, and lastly processes and value streams. Holistically, the ITIL4 principles and dimensions project towards enhancing effective service delivery and communication within an organization.
The organizations adopting COBIT5 and ITIL4 range from educational and government institutions to the large Fortune 500 corporations around the world. Astuti et al. (2017) develop case studies regarding the different companies that have implemented either the COBIT or ITIL systems successfully. This gives the audience an understanding of the frameworks’ coordination, hence making informed decisions concerning the most effective approach. According to Chaudhari and Mulgund (2018), Maitland is one of the companies on a global perspective which has implemented the COBIT5 system. This advisory firm implemented COBIT5 to increase information technology accountability and business oversight. Moreover, the European Network of Electricity Transmission System Operators (ENETSO) is another electricity supply corporation that implements COBIT5 for the governance of IT enterprise. Comparatively, Spotify and Newcastle University are among the many institutions that have implemented the ITIL4 system’s framework. In 2017, Spotify used ITIL4 to necessitate its objective of going public and expanding its reputation (Chaudhari & Mulgund, 2018). In addition, Newcastle University, an Australian institution adopts ITIL4 to improve incidence management and subsequently address other business problems (Chaudhari & Mulgund, 2018). Therefore, various organizations are adopting the framework which serves their interests.
Both COBIT5 and ITIL4 offer ample learning resources which guide the organization implementation, from the white papers to the framework documentation, which are helpful for an organization to conduct online conferences and training. For COBIT5, meetings, online resources, and white papers are coordinated to support business goals. In contrast, ITIL4 offers resources plethora, enabling the team to implement ITIL standards (Berger et al., 2020). Groups like LinkedIn and Educause ITSM Community Group bring the world together for discussions surrounding the ITIL topic.
Lessons, Limitation, and Recommendations
The lesson learned is that different enterprises should choose ITIL4 because it is the best systems framework for their productivity and efficiency. Every organization should strategically analyze and comprehend its abilities before deciding the exact framework to adopt. Moreover, implementing an information technology service strategy like ITIL4 or COBIT5 can effectively lead to organization expansion. Institutions become competent and able to manage service transition and change, improving incident management, and equally developing a more service-oriented culture which better serves the needs of the different customers. A business company can combine these two frameworks where necessary to tailor the implementation to the enterprise needs.
The limitation of this research is that it lacks to incorporate other system frameworks which work towards combating cyber threats. The study only presents a comparison between the COBIT5 and ITIL4, leaving the TOGAF framework outside. Other organizations can find TOGAF more proficient compared to both COBIT5 and ITIL4. Therefore, the study should have presented the other frameworks, to enable different organizations make a holistic decision about the exact program to uphold. Another limitation is that the research compares COBIT5 and ITIL4, whereby the latter is outdated since it is superseded by COBIT 2019. The study is old-fashioned, considering that it compares an old system to a new ITIL4 model. Therefore, the non-inclusion of all the system frameworks and the comparison of COBIT5, which is old-fashioned with ITIL4 are the significant limitations of the study.
The study develops a recommendation that ITIL4 is a better option for cybersecurity because of the excellent pros that are associated with it. The framework allows global integration with corporations that embrace the system with experts. As a result, an institution becomes aware of the trending incidences of cybersecurity and combating emerging threats. ITIL4 equips the service providers with a capability model, aligning them to customer needs and business strategy. The framework will aid businesses to navigate successfully through this new era of technology.
Conclusion
In summation, companies yearning to apply repeatability and structure to their information security and the subsequent compliance efforts critically must embrace the ITIL4 systems framework. Notably, cybersecurity digital resilience and efficacy are extraordinary measures per organization and can subsequently be attained through different framework arrays that are relevant to the business. Digital resiliency and cybersecurity should be enhanced from security, integrity, and even the compliance angle. Above all, further research needs to be conducted on the different approaches that can be applauded to improve cybersecurity and digital resilience, in general.
Berger, D., Shashidhar, N., & Varol, C. (Eds.) (2020). Using ITIL 4 in Security Management. In 2020 8th International Symposium on Digital Forensics and Security (ISDFS), IEEE Xplore. Web.
Chaudhari, G., & Mulgund, P. (2018). Strengthening IT governance with COBIT 5. In Information Technology Risk Management and Compliance in Modern Organizations, IGI Global, 48-69. Web.
Computing devices and the internet are two of the most important inventions of the 21st century. These technological breakthroughs have had a great impact on the personal and professional lives of people all over the world. Mobile devices are some of the equipments that utilize computing technology and the internet to provide communication services.
Many organizations have exploited computing devices to increase their productivity. The last decade has witnessed a prevalence of mobile devices in the corporate environment. Glisson and Storer (2013) state that mobile devices have become ubiquitous in the information rich corporate environment with most corporations increasing their usage of these devices each year.
This observation is corroborated by Friedman and Hoffman (2008) who declare that mobile devices have become important tools for organizational productivity.
While mobile devices have increased the efficiency of employees by enabling them to access organizational information and services at any time and from any location, they have created some security concerns. Mobile devices have a potentially negative impact on the cyber security of an organization and as such, special attention should be given when using mobile devices in the organization.
Security Impact of Mobile Devices
The very popularity and extent of the use of mobile computing devices and the internet creates a special vulnerability to businesses. Computing devices and the internet have been used expansively by businesses since their invention in the mid 20th century. Many businesses exploited the efficient information processing ability of computers to gain a competitive advantage.
Historically, computing devices were restricted to desktop systems that could only be used within the organization’s environment. Wired technology was the primary means through which the system communicated (Bernik & Markelj, 2012).
However, there have been incredible developments in technology recently, in the form of wireless technology and mobile computing, which has changed the manner in which organizations access their information. Mobile communication began as a voice service and over the decades, it expanded to include data transmission and today we have 4G mobile communications (Dong, Joo, Chae, Wan, & Yoo, 2013).
These developments have made it possible for employees to have constant access to data and information. Purchases of mobile devices have already reached the billions and these devices have surpassed the personal computer as the prevalent method for accessing the internet (Patten & Harris, 2013). This prevalence of mobile devices has exposed organizations to a wide number of security risks.
In addition to the popularity and widespread use of computers by organizations, the ease of use and the compact nature of these devices is another thing that increases their vulnerability to attack. Mobile devices introduce security risks from the physical loss of the devices as employees move from the workplace to their home or client location.
This threat of loss is arguably the most important cyber security risk since it can expose the organization to significant losses. Employees store important information in their devices to enable them to work outside the office. Loss and theft of the hand-held device can lead to significant damage to the organization.
Friedman and Hoffman (2008) document that an organizations sensitive or intellectual property can be accessed by cyber-criminals once the devices are stolen. Keunwoo, Woongryul and Dongho (2012) confirm that there have been numerous cases of confidential business information being leaked through mobile devices. In addition to this, the devices can expose the company to external attacks.
Since the devices might be linked to the organizations database, they might provide an intruder with access to the domain and server system of the organization. When using non-mobile desktop systems, the risk of theft is minimal since most organizations implement good physical security to their offices. For sensitive information, organizations utilize state of the art security measures including biometric security systems.
Besides the risk of being stolen, mobile devices also expose the organization by decreasing its ability to protect itself from cyber attacks. The internet is rife with security risks ranging from viruses, worms, and hacking attacks. An organization has to employ security solutions to protect its IT infrastructure from these threats.
When dealing with non-mobile desktop systems and servers, the organization can implement a perimeter defense such as firewalls and intrusion prevention systems (Glisson & Storer, 2013).
These security measures ensure that the organizations computing infrastructure is safe from attacks. However, these strong security solutions cannot protect a device once it is outside the corporate perimeter. The mobile devices therefore suffer from an increased vulnerability to external attacks.
Another way in which the security of an organization is compromised due to mobile devices is by the introduction of the risk of interception of communication. Mobile devices make use of some form of wireless communication. These communication formats include cellular radio, wireless LAN, and Bluetooth communication.
Bernik and Markelj (2012) note that the internet is a crucial element of mobile devices with almost all of these devices providing a wireless connection to the internet. The various wireless communications available have differing levels of security. Friedman and Hoffman (2008) states that in the non-mobile environment, the organization can impose stringent security protocols to the wireless networks.
This security measures render the wireless network secure from external penetration. However, outside the controlled corporate environment, the mobile devices make use of unsecure networks including public Wi-Fi. Malicious elements can easily intercept the communication from these unsecure connections.
In addition to the risk of interception, mobile devices cause a negative security impact by increasing risk of access to sensitive information by unauthorized persons. In many causes, employees use their personal devices for business and personal purposes. This convergence of use presents a problem since the device might be handled by the employees’ friends who are not supposed to handle the organization’s information.
Bernik and Markelj (2012) observe that when wireless mobile communication devices are used, there is a blurring of the line between business and personal communications. This lack of boundaries can lead to sensitive corporate information being accessed by unauthorized parties through the mobile devices.
Addressing the Security Issues
Dealing with the cyber security risks introduced by mobile devices is imperative is organizations are to enjoy the benefits of these devices. A number of solutions have been proposed to mitigate or eliminate the security risks. Glisson and Storer (2013) state that organizations should implement specific security policies for mobile devices. All employees should be required to comply with the safety regulations.
These regulations should include preventive measures and protocols for device use outside the corporate environment. Bernik and Markelj (2012) assert that by implementing security regulations for mobile devices, an organization can ensure that all information technology is used safely.
Another way in which the security risks can be addressed is by having the IT department develop and implement a mobile device management (MDM) system that will ensure that the organization is able to comprehensively manage its employees’ devices.
Keunwoo et al., (2012) state that the mobile device management system should be able to monitor mobile access, identify threats and provide appropriate protection. Being able to identify the mobile devices increases the level of control the organization has over its IT resources.
MDM can also assist in preventing compromised mobile devices from accessing the network (Patten & Harris, 2013). This effectively reduces the risks that compromised devices might introduce into the main system.
Conclusion
Mobile devices introduce numerous cyber security risks to an organization that utilizes them. It began by defining mobile devices and highlighting why their usage has become prevalent in many organizations today. It then set out to show some of the inherent risks introduced to the organizations IT infrastructure by the devices.
From the discussions presented in this paper, it is evident that mobile devices present risks in the form of unauthorized access to sensitive information contained on the device, attacks from malicious elements, and ease of interception of data due to reliance on unsecure networks. Addressing these cyber security risks is critical if organizations are to enjoy the many benefits of having their employees utilize mobile devices.
The paper has shown that mobile devices can be safe if users are educated on the security risks and the devices are used in compliance with stringent safety regulations. However, if these measures are not employed, these devices will continue to be the cause of great security risks to companies.
References
Bernik, I., & Markelj, B. (2012). Unlimited Access to Information Systems with Mobile Devices: Information Security Perspective. International Journal of Education and Information Technologies, 6(1), 407-417.
Dong, W.K., Joo, H., Chae, T., Wan, S., & Yoo, J. (2013). A Practical Attack on Mobile Data Network Using IP Spoofing. Appl. Math. Inf. Sci. 7(6), 2345-2353.
Friedman, J., Hoffman, V.D. (2008). Protecting data on mobile devices: A taxonomy of security threats to mobile computing and review of applicable defenses. Information Knowledge Systems Management, 7(1), 159–180.
Glisson, B.M., & Storer, T. (2013). Investigating Information Security Risks of Mobile Device Use within Organizations. NY: Americas Conference on Information Systems.
Keunwoo, R., Woongryul, J., & Dongho, W. (2012). Security Requirements of a Mobile Device Management System. International Journal of Security and Its Applications, 6 (2), 353-358.
Patten, K., & Harris, M.A. (2013). The Need to Address Mobile Device Security in the Higher Education IT Curriculum. Journal of Information Systems Education, 24(1), 41-52.
Advanced cyber attacks that target both public and private sectors at the international level have provoked an increase in research and funding for the establishment of novel cyber security technologies.
Government and private institutions are investing in technologies that dynamically appraise networks through real-time and remote agent forensic investigations. Besides, organizations are coming up with cyber security technologies like moving target defense, which prevent hackers from spotting attack surface of a network.
The moving target defense allows a network to alter its variables dynamically, therefore, making it hard for hackers to predict or spot attack surface. Other emerging cyber security technologies include tailored trustworthy spaces and searchable encryption.
The responsibility to guard public and private assets on the state and global level should not fall exclusively on the government. Public and private institutions should work with the government to establish network security measures.
The federal government has taken an active role in curbing cyber crimes by investing in research programs aimed at creating awareness of possible threats and how to address them. Currently, the federal government is trying to fine-tune existing cyber security technologies and to develop novel ones to safeguard networks from emerging threats.
The federal government is working to ensure that private and public institutions install novel cyber security technologies in their networks as a way to boost state economy and curb cyber attacks.
Introduction
Recent events like the Georgian incursion and the revelation that hackers have stolen billions of dollars from banks globally have created an indulgence that cyber security does not only involve protecting one’s computer. It has devastating repercussions to state defense and economic interests.
For this reason, cyber security is one of the challenges facing contemporary digital community. Today, majority of cyber work is not automated, and hence, it is done by people (Garfinkel, 2014). Besides, many countries do not have qualified cyber experts. Thus, it is difficult for countries to rely on people bestowed the duty to control cyber attacks.
In addition, “The one consistent theme is that cyber defenses commonly used today are simply not effective against most forms of advanced cyber attacks” (Garfinkel, 2014, p. 568). Currently, state and private institutions are collaborating to plan and create cyber security technologies that aid in the fight against cyber crimes.
The technologies are aimed at detecting and combating any authorized intrusion into both government and private corporations’ networks.
Emerging cyber threats and susceptibilities have “Created challenges amounting to financial damages to governments and businesses” (Speicher, 2014, p. 65). Present digitally linked planet offers immense benefits to countries.
Public and private corporations transmit data across the globe within a short period enhancing their efficiency and productivity. Nevertheless, the digital platform is open to cyber attacks subjecting companies to insecurity. Cases of advanced persistent threats (APTs) among the state and key private organizations are rampant across the globe.
Moreover, hackers are targeting modern technologies like Big Data, Smart Grid, and High-End Computing. Another budding trend in cyber attacks is focusing on data found on social networks. Many people use social networks to share confidential information.
However, they do not know that social networks are prone to cyber attacks. Hackers have capitalized on people’s ignorance to perpetrate cyber crimes (Speicher, 2014). Social networks like LinkedIn have subjected national security agents to problems.
It is these threats that have prompted the government and private agencies to work together to combat cyber attacks. This article will discuss emerging cyber security technologies and government’s role in nurturing the development of these technologies.
Emerging Technologies
Moving Target Defense
One of the modern cyber security technologies is moving target defense (MTD). The technology is regularly designed to alter the attack surface of a network, making it hard for attackers to access a system and reducing the susceptibilities and predictabilities available at any time.
According to Jajodia, Ghosh, Swarup, Wang and Wang (2014), hackers use network’s attack surface to determine its vulnerability. They allege that majority of the systems are static. Consequently, it is easy for hackers to access them.
Moving target defense enables organizations to “Change the network IP addresses, operating systems, open ports and protocols, and many other areas of the environment” (Jajodia et al., 2014, p, 35). Jajodia et al. (2014) recommend that it is imperative to make sure that events are not predictable.
Systems do this by making IP addresses’ movements as unpredictable and random as possible. Increase in randomness confuses a hacker making it hard for him or her to access a network. When an attacker inspects a system, he or she does not get consistent information that can help to launch an attack.
Moreover, MTD reduces chances of penetrating into a network because it regularly changes the network’s environment. Additionally, it fights an attack by lowering the number of components of a system that an attacker is familiar with or can access (Jajodia et al., 2014).
Plans are underway to develop Internet Protocol version 6 (IPv6), which will allow organizations to run unlimited number of IP addresses. Besides, IPv6 will make it easy for networks randomly to change their internet addresses, which is a fundamental feature of moving target defense.
Today, if organizations want to use 100 different IP addresses weekly, they require setting aside at least 400 addresses every month. It translates to 4800 IP addresses annually (Jang-Jaccard & Surya, 2014).
Assuming that 1000 corporations wish to change their IP addresses, it would be difficult for the existing IP versions to hold such a huge number of IP addresses. However, IPv6 can hold such a number of IP addresses and execute their requests without difficulties.
Moving target defense is implemented in two ways, which are high-level and low-level behaviors. Jang-Jaccard and Surya (2014) state “Low-level behavior is where the standard semantics of the programming language are preserved, but its undefined semantics are changed” (p. 975).
The primary benefit of low-level behavior is that undefined semantics are mechanically changed. The demerit is that low-level behavior is only applicable to an indeterminate definition. Low-level MTD helps to avert memory encryption and code injection attacks.
High-level behavior entails preventing high-level attacks. It requires system administrators to have knowledge of the system’s functionality and its attack surface. The disadvantage of high-level behavior is that it is resource intensive. Besides, it requires skilled personnel to change the variables of a program.
Uses of Moving Target Defense
One of the challenges of using MTD is upholding a functional network for clients during transformations and reducing the associated costs. Nevertheless, there are companies that have created cost-effective and efficient moving target defenses. One of the companies is JumpSoft Company.
The company has developed subscription-based MTD software known as “JumpCenter” (Jang-Jaccard & Surya, 2014). The software utilizes “Adaptive and reactive mechanized systems, which lower the range of the attack surface” (Jang-Jaccard & Surya, 2014, p. 976).
The idea behind JumpCenter and MTD is to reduce the cost and vulnerability to attack. The software is planted in the application layer to guarantee that a network remains operational during the software’s transformations.
The Department of Homeland Security is already using moving target defense to protect its systems against cyber attacks. The security agency is in the process of developing a complex Internet Protocol (IP) Hopper.
The IP hopper will “Use the available network data and hopping algorithms to allow for the constant switching of both source and destination IP addresses” (Jang-Jaccard & Surya, 2014, p. 981). Once complete, the IP hopper will improve the possibility of a network to interchange continuously and arbitrarily up to 340 IP addresses.
The move will make it tricky for hackers to identify which IP address to target. Besides, it will be hard for hackers to screen a network.
Role of Federal Government
The federal government has spent in improvement of MTD. The Homeland Security is currently running a project aimed at strengthening MTD functionalities to fight cyber attacks. The Homeland Security’s Cyber Security Division is working with other institutions like National Science Foundation and National Security Agency to develop MTD.
The Homeland Security has already awarded research contracts aimed at developing algorithms that facilitate systematic reasoning in MTD systems (Speicher, 2014). Besides, the Homeland Security seeks to create a control technique that will ease the intricacy of Moving target defense system and automate some of its tasks.
In 2011, the Air Force Office of Scientific Research donated $1million to facilitate in development of moving target defense system. One of the benefits of government’s involvement is that it will contribute to making both public and private networks unpredictable, therefore, protecting them from cyber attacks.
One of the demerits of government involvement is that it has focused on protecting military networks and ignored corporate networks, which contribute to economic development (Lynn, 2014). Nonetheless, there is hope that the fight against cyber attacks will be a concerted effort between the government and private institutions.
The federal government is working in partnership with private sectors to enhance cyber security. Currently, it has funded a research by Networking and Information Technology Research Development (NITRD), which aims to transform cyber safety in the country.
Remote Agents Technology
Remote agents or what are commonly referred to as mobile agents are used to keep an eye dynamically on a network’s safety. Dynamic monitoring is essential since a system that is not equipped with current patches has proved vulnerable and unable to withstand modern cyber attacks.
In addition, it is hard for a system administrator to monitor large networks. Large systems comprise numerous nodes, each with regular system changes and clients (Kundur et al., 2014). Remote agents help to execute localized analysis of network security from a remote server or user without relying on timid firewall procedures.
Currently, most public and private corporations use network screening tools that use Simple Network Management Protocol (SNMP) or the “Occasional discharge of scripts built based on network threats which require tedious and complicated updates in order to remain current and valid” (Kundur et al., 2014, p. 7).
The primary difference between conventional Simple Network Management Protocol (SNMP) screening systems and remote agents is that the latter can relate different activities within the system, trigger a warning in the log file, and elevate responsiveness or intensity of danger of other agents.
For instance, systems with remote agents detect security or password threat if a person attempts to log into multiple accounts using the same login details (Kundur et al., 2014).
Additionally, remote agents help system administrators to raise the alert level whenever a root login incidence happens and exceeds a predefined threshold. A system executes all these functions without the need for an administrator.
Use of Remote Agent Technology
Both script and SNMP screening techniques tender inadequate functionality and need trained personnel to search through systems and write updates. A group of scholars at the University of Minnesota sought to solve the challenge of using SNMP and script based screening techniques by creating mobile agents.
The students developed Ajanta mobile agent program (Kundur et al., 2014). The program can distantly sort data and change system’s tasks. In addition, Ajanta mobile agent utilizes localized database to sense and evaluate policy actions to make sure that guidelines are observed.
Using Ajanta, network administrators can steadily impose changes on a system’s screening and sorting plan and easily insert or eliminate agents from a section of the network depending on actions triggered.
Role of Federal Government
After the Wiki Leaks incidence, the federal government realized the importance of using remote monitoring techniques to manage its networks across the globe. Consequently, the government has already reviewed the United States’ international cyber laws as a step to help it use remote monitoring tools to manage its global cyberspace.
Investment in remote agent technologies will benefit not only the government, but also private investors (Kundur et al., 2014). It will assist private investors to subcontract their operations and control them from a distance, thus enhancing their efficiencies.
One demerit of the federal government’s involvement in the development of remote agents is that it might trigger animosity between countries. The federal government and private organizations will be able to spy on other countries or firms secretly.
There are claims that Kaspersky Lab; a Russian company has already discovered that the United States has been surreptitiously spying on a number of countries for quite some time. The company alleges that the United States installed a malware in many computers across the world.
The malware attacks firmware of a computer hard drive and go round security measures (Kundur et al., 2014). With the malware, the United States gathers security intelligence and other classified information from unknowing companies and countries.
Such a technology may lead to conflicts between states. Moreover, it would be disastrous if attackers get hold of the technology.
Real-Time Forensic Analysis
In modern digital world “Criminal proceedings are made easy through the use of computer forensic tools” (Casey, 2014, p. 15). Also associated with network screening is real-time forensic analysis. It is an investigative method used to create situational awareness and regular surveillance of a network.
Casey (2014) alleges “While remote access monitoring actively monitors the network and takes necessary action to correlate threats and increase defenses, real-time forensic analysis allows for an incident to be reproduced and the effects of the event to be analyzed further” (p. 17).
Real-time forensic analysis uses Network Forensic Analysis Tools (NFAT). Garfinkel (2014) asserts “The NFAT prepare a system for forensic examination and make it possible to screen and identify security breach and configuration errors” (p. 560).
The data gathered during the screening process can be used to analyze other events. Apart from filtering a network, real-time forensics has numerous practical applications.
For instance, health care facilities use real-time forensics to assess data moving from one department to another. Additionally, they use NFAT to recover lost data (Garfinkel, 2014).
According to Garfinkel (2014), it is hard to find proof of a risk that has never been detected before. Therefore, it is important to have a real-time picture of all activities that are going on in a network.
Real-time forensic analysis applies advanced methods of risk screening that include “Pervasive network recording, better visibility into network traffic, and deeper understanding of application state to monitor and report on deviant implementation and system behavior” (Casey, 2014, p. 21).
Through real-time forensic analysis, organizations document all network traffics, which assist them to monitor events taking place in a system. It becomes easy for organizations to detect illegal events and handle them before they affect their operations.
Organizations are buying sophisticated infringement deterrence, next-generation firewalls, Security Information Event Management (SIEM) and other apparatuses to boost their network security.
Uses of Real-Time Forensic Analysis
The United States’ Department of State uses real-time forensic analysis technique in its iPost system. The department uses iPost system to measure threats levels by pooling together information gathered from numerous sources like Active Directory and Short Message Services (SMS).
Moreover, the department collects information using a commercial liability analysis tool (Casey, 2014). The information assists managers and engineers to select sections of the network that have high levels of threat and counter risks against these sections correctly.
Role of Federal Government
For over seven years now, the federal government has worked in partnership with private corporations to create real-time forensic software that can help to detect and mitigate cyber attacks.
One of the benefits of government involvement in the development of real-time forensic analysis tools is that it has helped companies to recognize and respond to possible attacks before they happen.
The federal government, through National Science Foundation, has developed an Email Mining Toolkit that facilitates in analysis of email traffics (Casey, 2014). The toolkit aids organizations to isolate and discard illegal emails. Casey (2014) alleges that forensic analysis is a daily activity in legal proceedings.
Therefore, the federal government has established a department that is responsible for computer forensics. The department has trained the public how to detect and deal with emerging network threats, thus, lowering cases of cyber attacks.
Tailored Trustworthy Spaces
The use of cyberspace and Internet has grown to an extent that it is difficult for people and institutions to operate without these two vital communication assets. For people and corporations to interact, they require Internet and cyberspace.
Lynn (2014) alleges that some corporate and personal interactions do not require security, while for some, safety is a must. The challenge is, institutional and individual interactions are treated equally. It is imperative to create various platforms with different levels of security. The approach is known as tailored trustworthy spaces (TTS).
The primary concern with managing programs in a common pool is that every user has access to all the available programs. Lynn (2014) claims “This ‘one size fits all’ methodology creates a lot of potential for attackers to find exploits in the environment where they can use untrusted applications to access trusted application data” (p. 100).
She asserts that the problem can be solved by creating varied trustworthy spaces, which are aligned to demands of programs or information that clients can access.
Privacy, reliability, and accessibility requirements vary from one program to another, one client to another and even from one situation to another. As a result, the objective of TTS is to establish a protected environment for safe programs while tolerating the use of untrusted programs without any restrictions (Lynn, 2014).
Research is underway to determine how to execute tailored trustworthy spaces. Computer programmers are looking for the possibility of creating a safe implementation window that matches the security needs of individual programs, clients, contexts, and circumstances.
In this approach, each secure program will be executed on a separate and safe window where it does not interact with other programs and system software that may retrieve private data without clients’ consent. If this research goes through, it will prevent hackers from using unsecured programs to access private and protected data.
With this method, it is vital to create not only a safe system and execution of the window, but also a safe termination. If not, the method would be prone to data leakage or hacking (Lynn, 2014).
Use of Tailored Trustworthy Spaces
Organizations are likely to benefit from tailored trustworthy spaces. One way that institutions can exploit it is through utilization of self-protecting data. Self-protecting data arises when data guards itself against unauthorized users. Companies achieve this by assigning security rule to each data.
The security rule is designed such that no application can breach it (Geers, 2014). A program can have both secure and insecure facets. However, it has no track or access of the protected data. For instance, a pharmaceutical company can have a recipe for a novel medicine that is extremely classified.
Conventionally, the company would be compelled to hoard the recipe either in a protected program or a safe space. Using self-protecting data, a pharmaceutical company can encrypt the recipe and fix it in any program that can also have unprotected data like a Microsoft Word file (Geers, 2014).
Anyone who intends to use the file can only access the unsecured information stored in the dossier, but not the recipe. It is hard for unauthorized users to access the recipe because it is encrypted. Only those with the right key can have access to the recipe. The recipe can be copied to people through emails and other programs but remain secure.
Another group that can use TTS is Journalists who operate in hostile conditions. Majority of these journalists have to use Internet cafes to communicate with their head offices. Therefore, their information is susceptible to hacking.
Besides, the journalists are frequently subjected to censorship practices such as the Great Firewall of China, which curtails transmission of particular information outside China (Geers, 2014). Majority of these censorship practices stop the transmission of completely encrypted files.
Using tailored trustworthy spaces, journalists can transmit encrypted data by attaching it to unsecured data. It is possible for the encrypted data to go around censorship and reach the planned destination.
Besides, the method can allow journalists to send sensitive information without fear of intimidation as the encrypted data would not be noticed.
Role of the Federal Government
Geers (2014) claims “The federal government has prioritized the research of tailored trustworthy spaces” (p. 299). He alleges that in 2011, the federal government, through the Office of Science and Technology Policy launched a research program aimed at improving the security of digital communications networks.
The federal government is focusing on Transistor-Transistor Logic (TTL) (Lynn, 2014).
It intends to use the “TTL technology in smart grid, which is a fundamental constituent of the national electrical power infrastructure….the federal government has organized for a number of workshops aimed at determining how TTL could protect smart grid from cyber attacks” (Lynn, 2014, p. 98).
The workshops established that TTL can help to develop reliable, safe and vibrant solutions to communications.
Transistor-transistor logic can allow neutral communications providers to run most of the smart grid functions, therefore, eliminating the need for individual power companies to undertake their safety measures (Kundur et al., 2014). Additionally, it can help a country to develop a secure and stable smart grid.
The United States government has already integrated TTL technology in its smart grid. The technology has helped the country to manage its power system and secure it from cyber attacks.
The major drawback of the technology is that it can be disastrous if hackers happen to penetrate it. They would have control of national electric grid system and cause a lot of damage to the country.
Searchable Encryption
The number of people that use cloud computing is growing by the day. The growth has weakened the security of data hoarded in cloud servers and exposed it to hackers.
A major issue is that people can no longer rely on these servers in their present condition. Abdalla et al. (2014) allege “Hackers who can acquire root rights and managers of cloud hosting institutions have unlimited admittance to data on cloud servers” (p. 352).
Therefore, the data is subject to various insecurity concerns since its bearer has no control over how it is utilized or accessed. One method of solving the problem of probing an encrypted cloud server is to get rid of all of the unprotected data through encryption. It gives data owners’ complete control of the encryption technique.
Full encryption constrains database explore abilities. The constraint can be addressed using a conventional approach such as transferring the whole database to a local server, decrypting it and executing the search. The approach is entirely unworkable and resource intensive.
Alternatively, data bearers can allow a server to decrypt information, run the search and transmit the outcomes to clients (Abdalla et al., 2014). The principal challenge of this approach is that the server can ultimately know the data a client is looking for, and thus, render encryption less efficient.
Technologists have come up with a technique that allows clients to access information from a server without having to necessarily decrypt a data. The technique is referred to as searchable encryption, and it addresses security challenges in cloud computing.
One accepted way of using searchable encryption is through search key. Abdalla et al. (2014) state “A search key is a data structure that stores document collections while supporting efficient keyword searches” (p. 350). With this approach, a client feeds in a keyword and the key generates an indicator to the file that has the searched phrase.
They allege that the key can only be safe if the search function bears a “trapdoor” for the search phrase (Abdalla et al., 2014). Otherwise, the search function cannot reveal any information about the protected data.
One method of creating a searchable encryption system is to have the user encrypt both the information and key and send the two to the server. To look for data, the user creates and sends a trapdoor for the data, which the server applies to look for pointers to the necessary file.
Search key improves security for data stored in cloud servers. Nonetheless, the method has a number of limitations. One of the limitations is that it can reveal some information about the user’s search. Particularly, search key method can show the access pattern that tells what files hold the search question.
One can mitigate this limitation by using oblivious random access memories (RAMs), which reduce chances of data leakage.
Use of Searchable Encryption
Bosch, Hartel, Jonker and Peter (2014) claim “Anticipations are high that the worldwide cloud computing market will grow at a 36% compound annual growth rate through 2016, reaching a total market size of $19.5 billion” ( p. 3). Thus, searchable encryption has a tremendous potential.
Because security is a major problem in cloud computing, it means that people will have to look for security measures to safeguard their data. Besides, organizations go for systems that give them full control of their data without compromising its security.
Searchable encryption allows organizations to access their data without worrying about its functionality and safety. Today, few cloud computing providers use searchable encryption on their servers (Bosch et al., 2014). Consequently, many businesses dread saving their data in the cloud.
Cloud services help organizations to cut down on operations cost by enhancing operations and reducing the time that products and services take to reach the market. Once searchable encryption is introduced to the business world, majority of the enterprises will no longer worry about the safety of their data. Besides, they will integrate cloud computing in their information technology (IT) infrastructure.
Some companies have already incorporated searchable encryption in cloud computing. Hitachi, a global engineering and IT firm, has already “Incorporated a form of searchable encryption in a standard algorithm for DNA genome analysis” (Bosch et al., 2014, p. 27).
The particular tool the company is using is referred to as Basic Local Alignment Search Tool (BLAST). The tool was exclusively developed to run genome study in the cloud. Bosch et al. (2014) allege that safety was mainly essential with this assignment since the search questions repeatedly contained a lot of identical variables.
Failure to encrypt the searches would have subjected the project to security risks since it would have been easy to penetrate the server due to the few variables being searched.
Role of Federal Government
The federal government is actively participating in the effort to protect cloud servers. Lately, the National Institute of Standards and Technology (NIST) issued a statement that outlined the challenges encountered in trying to secure cloud servers. The statement cited encrypted search as a primary problem.
According to NIST, it is hard to control search keys even in established systems and data centers because of the quantity of data. Additionally, the amount of cryptographic keys and need for sharing data with multiple users make securing cloud servers an uphill task (Bosch et al., 2014).
In cloud computing, logical and physical management of resources is shared among the cloud actors. Bosch et al. (2014) allege “The actors comprise the users, hosting companies, and brokers who bring together varied cloud providers” (p. 47). The federal government is helping to develop measures to address these challenges.
A fascinating feature of searchable encryption is its impacts on a state. In an unprecedented manner, the application of searchable encryption may hamper the efforts of the government. Cloud hosting makes it easy for the government to access information about different companies and individuals.
The government liaises with cloud hosting companies to get the information. For instance, in case of cyber attacks, the government works with cloud hosting companies to pursue the perpetrators (Bosch et al., 2014). Adoption of searchable encryption can limit information sharing between cloud hosting businesses and the government.
Cloud hosting companies can no longer have access to users’ data since they assume full control of their information. Hence, it is difficult for the government to obtain information that can help them prevent cyber crimes or arrest perpetrators.
Conclusion
Increase in cases of cyber attacks has forced public and private institutions to invest in novel cyber security technologies. Organizations have invested in moving target defense, real-time forensic analysis, searchable encryption, and remote agents technologies to protect their networks from cyber attacks.
Moving target defense allows companies dynamically to change their key variables such as IP addresses. Hence, hackers can hardly predict the pattern of network applications or spot attack surface. Searchable encryption allows companies to encrypt and transmit classified data in such a way that unauthorized users cannot access it.
The technology goes a long way to protect cloud computing from cyber attacks. Additionally, with real-time forensic analysis, institutions can monitor events in their networks and respond to any suspicious or illegal activities.
The federal government has actively supported and nurtured emerging cyber security technologies. The government has heavily invested in research and projects aimed at improving the existing technologies and developing new ones.
For instance, the federal government through the Office of Science and Technology Policy launched a research program to develop tailored trustworthy spaces for digital communication networks.
The federal government has mainly concentrated on transistor-transistor logic (TTL). In addition, the federal government is encouraging public and private institutions to integrate emerging cyber security technologies in their networks.
The government holds that tailored trustworthy spaces, Moving target defense, and searchable encryption are the only techniques that can withstand modern cyber threats. The three technologies, if further improved can combat existing and future threats.
Even though the federal government has made the fight against cyber attacks a concerted effort between public and private institutions, it is important to recognize that if not well managed, this venture may cause conflicts among the countries.
For instance, the federal government has already established a remote agent program that is capable of harvesting military intelligence and other classified information from unknowing institutions. If well managed, such a program may help to fight cyber attacks by collecting and relaying information regarding attackers.
However, if misused, it might lead to conflicts between countries or firms. Hence, it is recommended that all emerging cyber security technologies are utilized prudently. There should be an independent body that supervises implementation of the emerging technologies.
References
Abdalla, M., Bellare, M., Catalano, D., Kiltz, E., Kohno, T., Lange, T., Malone-Lee, J., Neven, G., Paillier, P., & Shi, H. (2014). Searchable encryption revisited: Consistency properties, relation to anonymous IBE, and extensions. Journal of Cryptography, 21(3), 350-391.
Bosch, C., Hartel, P., Jonker, W., & Peter, A. (2014). Survey of provable secure Searchable Encryption. ACM Computing Surveys, 47(2), 1-51.
Casey, E. (2014). Handbook of digital forensics and investigation. Burlington: Academic Press.
Garfinkel, S. (2014). Digital forensic research: The next ten years. Digital Investigation, 7(3), 564-573.
Geers, K. (2014). The challenge of cyber attack deterrence. Computer Law & Security Review, 26(3), 298-303.
Jajodia, S., Ghosh, A., Swarup, V., Wang, C., & Wang, S. (2014). Moving target defense: Creating asymmetric uncertainty for cyber threats. New York: McGraw-Hill.
Jang-Jaccard, J., & Surya, N. (2014). A survey of emerging threats in cybersecurity. Journal of Computer and System Science, 80(5), 973-993.
Kundur, D., Feng, X., Mashayekh, S., Liu, S., Zourntos, T., & Butler-Purry, K. (2014). Towards modeling the impact of cyber attacks on smart grid. International Journal of Security and Networks, 6(1), 2-13.
Lynn, W. (2014). Defending a new domain: The Pentagon’s cyberstrategy. Foreign Affairs, 89(5), 97-108.
Speicher, C. (2014). Security fabric-tailored trustworthy spaces: Flexibility based on policy management. Santa Clara: Santa Clara University.
Sources of data for digital forensics include storage media, file systems, and network equipment, among others. The data sources differ according to cases. Investigators can focus on account audits, live data systems, and intrusion detection systems to understand usage and trace intruders, until identification occurs.
Internet service provider (ISP) records, virtual machines, and network drives are also sources of data for digital forensics. This paper discusses the primary sources of digital forensic data for handling network intrusions and malware installations, as well as instances of insider file deletion.
It discusses the merits and demerits of each source, and then decides the best way for investigators to conduct investigations and deliver court-admissible evidence.
Introduction
Digital forensics deals with the identification, extraction, analysis, and presentation of digital evidence present in digital devices. Appropriate tools and techniques must be used to succeed in digital forensics operations. Forensic investigations begin with data collection.
They then examine the collected data, analyze it, and report it to the relevant offices. In the first step, the investigator deals with the media that hosts the data. In the second step, examination happens to the data itself, which yields information that becomes usable for the analysis part.
Finally, the investigators come up with a report that serves as evidence. The above template on digital forensics is used in this paper to evaluate four primary sources of data that would be useful for digital forensics in network intrusion, malware installation, and insider file deletion.
The paper discusses the basic elements of each type of compromise, before considering its four primary sources of data that an investigator would find appropriate for presenting evidence.
Network Intrusion
Network intrusion happens when unauthorized persons can communicate over a network and receive feedback in the form of data that is usable. The unwanted communication can lead to loss of sensitive information from organizations or individuals. Intruders can steal, delete, or alter formation to affect its integrity.
They can issue instructions for hardware or software to operate abnormally. At the same time, network intruders may only view information and then use it as part of their strategy to attack an individual or an organization in other ways, such as blackmail.
Sources of data for network intrusion, according to priority
The primary sources of data for network intrusion forensics investigation are the intrusion detection system, account auditing, live system data, and ISP records.
Intrusion detection systems
In the first case, network administrators reconfigure intrusion detection systems specifically to monitor network vulnerabilities. The area of focus depends on prior exposures of the network to intruders.
With the dedicated monitoring, it is possible to collect adequate information about an intrusion without crippling other functionalities of the network. Thus, the attacker will be unaware of the tracking system and will intrude into the primary system to carry out a given digital crime.
The intrusion detection system can be automatic. Here, it will respond to any abnormality in network traffic by alerting administrators and increasing surveillance of a potential attack. Such a system relies on signature matching.
It actively searches the network connection and activities of users or devices on the network to identify abnormalities and provide an alert whenever an incident matches the rules of an attack.
Skilled attackers can fool the system with fake signatures to cause a false alarm and distract the network surveillance officers. The only way to cope with intruders using the method is by ensuring that it has the latest software and hardware updates.
Account audits
Account auditing comes in handy when administrators want to detect an intrusion after it has happened. The post-detection capabilities make the method preferable for presentation of network intrusion evidence.
It works through the delivery of information that allows investigators to preserve evidence, reconstruct the crime, and trail an intruder. At the same time, account auditing ensures that there is a match between intruders’ profiles and then register unauthorized usage attempts on the network.
All networks should have asset control mechanisms that combine technical and administrative controls. They ensure that access is monitored through identification and authentication of users.
Given that the security of the network depends on different nodes, focus on auditing should also be on all the nodes to maintain integrity. Network resources must require users to use strong authentication to deter opportunistic intruders and to make evidence of an actual intrusion to stand out.
Live system data
Live system data provides logs that investigators use to create a map of an intruder’s activities on their network. They may then use the time-stamped map to corroborate other evidence about an intrusion.
For example, a sniffer log can offer records of backdoor intrusions and attempts to force passwords to access administrator privileges in a number of computers connected to the network.
With live system data, the aim of the investigator is to capture information concerning volatile data that may disappear when a device powers off or it is disconnected from the network. Investigators use specialized tools that automate the process to achieve their objective.
However, when logging of access and monitoring of users on computers does not accompany accurate identification of sources of the logs, then evidence captured as live system’s data may end up being invalid in court because it cannot attribute a given action to a person purported to have intruded on the network with accuracy.
Records from ISP
When investigators exhaust the data sources within the organization, such as the three identified above, they can move on to seek assistance from service providers. Many ISPs monitor network usage to enforce fair usage policies and to increase compliance with security protocols.
Therefore, ISPs can avail names, emails, mailing addresses, and specific usage records, such as the identification of devices that connect to their networks. An important challenge that investigators may face when seeking to collect data from ISPs is the need for a subpoena.
At the same time, the information captured by ISPs may be in a format that is only used by the organization. This would introduce new interpretation barriers when the information is presented as evidence in court. Moreover, some details may be lost during interpretation.
Malware Installation
Malware can emerge from a number of sources and cause damage to computer systems. Detection relies on the identification of the point of installation to the computer system before the malware makes changes (Aquilina & Malin, 2010).
With different types of malware, investigators need to be aware of the installation options that hackers and other intruders can use to fix malware and prevent detection by the computer system or its user. The use of anti-virus programs can help to detect potential intrusion and remove malware from an infected system.
The anti-malware program will vary according to the capabilities of taking out rootkits, spyware, worms, and viruses, which are all categories of malware. For malware installation, evidence can come from live system data, intrusion detection systems, virtual machines, and infected, corrupt files (Aquilina & Malin, 2010).
Sources of data for malware installation according to priority
Live system data
The live system data is helpful when an investigator wants to tell when malware was installed on a computer.
The investigator will look at all the traffic that is coming into and leaving the computer and then deduce whether it is normal or abnormal, according to previous user statistics under the same circumstances (Brand, Valli, & Woodward, 2010). Investigators may use the various vulnerability access tools to detect abnormal network traffic.
Standard tools include Nmap, which is a network mapping tool that helps one discover connections that a computer is making to a network (Aquilina & Malin, 2010).
For detailed reviews, commercial software comes handy because it is specially made to provide reports on the status of network routing tables, system drivers, and running processes on a computer.
One challenge facing live system data usage is the fact that malware evolves in its design and installation methods. Therefore, investigators must be keen on following clues presented by the data, even if they do not make sense at the initial look.
Intrusion detection system
A second source of data is an intrusion detection system installed on computers. A good example is an anti-malware program or a firewall that monitors computer activities of users and programs. It keeps logs and shares them with databases filled with information about possible intrusion pathways.
When an action or request violates the system’s policy, the user or the system administrator flags it for further review. At the same time, the administrator could make explicit instructions for the intrusion detection system to follow when dealing with actual malware installation incidences.
The data captured by the system, which can include the identity of malware and origin, is then presented as evidence. It can help to exonerate computer users from accusations of malice (Maras, 2014).
Virtual machines
Virtual machines serve as forensic data sources when there is a need to show that a computer has been compromised, or to trap a malware and study its behavior.
Virtual machines operate like ordinary computers, but they have limitations on file access and can be installed or uninstalled with ease, without affecting current computer usage capabilities.
When investigators are interested in behavioral malware analysis, they opt for virtual machine setups that may utilize different platforms and offer customized environments without requiring the investigator to acquire actual computers (Nelson, Phillips, & Steuart, 2010).
During the observation process, investigators can use ordinary forms of collecting evidence on computers such as logging and taking screenshots that will aid in further interpretation of outcomes and help to explain malware actions when presenting evidence.
Although virtual machines are handy at collecting data, they may show signs to malware programs such that the malware stops behaving as it would in an actual computer environment. This limitation prevents investigators from finding out the real extent of exploits that malware installations pose.
Compromised or infected files
Another source of data for reporting malware installation is the compromised files that exist on the computer. Infected files do not behave like normal files, and they may consist of data that is corrupted. Investigators will use the patterns of data corruption to identify a given malware type.
However, the method is not very reliable because most data collected this way is volatile and can change when transferred to other systems.
Presenting evidence in such cases may require investigators to provide the entire computer system to maintain the integrity of proof, rather than copying data and move it to other systems using portable drives (Nelson, Phillips, & Steuart, 2010).
Insider File Deletion
Some network or database intrusions are due to insiders and detection is usually hard because insiders are already aware of the various security measures implemented by an organization to fight unauthorized access (Schwartz, 2011).
Sources of data for insider file deletion according to priority
Live system data
The first and most appropriate way to get evidence for insider file deletion is by using live system data. There is evidence left behind when there is an intrusion into a computer system, in what experts equate to broken windows in physical break-ins.
The broken window principle applies to file systems, where investigators evaluate file-access patterns on the victim’s computers. It is a fact that computer users will use a given set of files frequently and leave others untouched. Therefore, detectors can just analyze usage patterns and check for anomalies.
For example, when insiders are deleting files, they are likely to remove a whole set of files to ensure that their target data is destroyed. Meanwhile, user authorized deletion will mostly only cover a particular range of files or a single file at a time.
Investigators use probability and statistics to reconstruct timelines of computer usage to understand people’s actual behavior. Thus, an examiner will look at the directories and the subdirectories and note their time-date stamps of access to form a continuous outlook of a user authorized and unauthorized access.
The evidence presented by the timeline analysis can then serve to identify unwanted deletion, because it only relies on logs, such MAC timestamps that record recent file modification and not particular device identities (Grier, 2011).
Hard drives
Another source of information is hard drives, where investigators are interested in non-volatile system data. The first step is to come up with an exact copy of a hard drive picked from a computer or networks that had the insider file deletion.
Without making a copy of the hard disk, the investigator may end up interfering with the only source of evidence and make it invalid. At the same time, the collection of information from hard drives will only be possible when the information in question is non-volatile.
Third-party applications are capable of reconstructing master file tables on the hard disk to make it possible to recover deleted files. The option is only available when the old file is not overwritten entirely by a new file.
However, it is easy to infringe the technology; a smart computer user may use sophisticated software to delete files and its evidence by overwriting data immediately after the initial deletion.
Network drives
In addition to the computer hard drives, investigators may use network drives as additional sources of evidence. Network drives allow users to access the same files simultaneously and share the same files. Some network drives may contain copies of files that are located on all the computers connected to a network.
In such situations, the investigator will verify the integrity of a folder on a user’s computer by checking whether it corresponds to the folder stored on the network drive. In other cases, network drives have unique information logs that are stored as non-volatile data for every computer connected to the network.
This can be another source of digital evidence. Most importantly, investigators can use file recovery tools to reconstruct the pathways and find deleted files. However, the same shortcomings highlighted when discussing hard drives will be present when analyzing network drives.
In many cases, the hardware is the same; it is only the deployment architecture that differs between the two. Additionally, the same principles applied to the network or computer hard drives would apply to any storage media installed in systems or used as a periphery device.
First, the media has to be cloned to avoid tampering with evidence, which would make it unusable (Al-Hajri & Williams, 2007).
Audit records
Audit records offer a fourth source of data for insider file deletion. The records are created by operating systems installed in computers. An administrator with enough privileges sets up the audit component in the operating system and then safeguards it against manipulation by non-authorized users.
Together with audits, it is possible to monitor user physical activities on computers, such as keystroke and video surveillance. The collected information will show the identity of the user and the particular activity that was going on at the time of data deletion.
Unfortunately, the use of auditing and physical monitoring is only effective when the subjects are subordinate staffs. Managers in organizations may have privileges that allow them to shut down the audit and surveillance systems when they want to delete files.
However, even in such cases, the loss of evidence in this way will offer investigators new evidence to show that administrators were involved in data deletion. One of the shortcomings in physical monitoring is that it may be a violation of personal privacy, thereby causing the evidence collected to be useless in court (Capshaw, 2011).
Conclusion
The integrity of the data collected by investigators relies on the procedure used to extract data from the sources identified in this paper. Investigators should evaluate the likely value of data and then use the evaluation to determine the right procedure for collection.
Another important consideration is the volatility of the data, which relates to whether data would be lost when a live system powers down. In such cases, the priority would be to acquire the volatile data before it disappears and then move on to handle non-volatile data.
In many instances, digital forensics requires multiple evidence sources to incriminate a person. The use of multiple data sources and procedures helps the investigator to reach the goal of getting tangible evidence.
However, different sources, such as accounting audit, live system data, intrusion detection systems, and computer storage media pose varied hardships for the investigator when collecting data. Dealing with an ISP may involve a legal process that takes time and effort, yet getting logs from a computer or network router would be easier.
While collecting data from various sources, investigators must be aware of the ability of intruders or insider wrong doers to cover their tracks.
For example, intruders using malware installations may program the malware to interfere with logging parameters on an infected computer, thereby compromising data that investigators would collect from the infected computer. Therefore, it is important for forensic investigators to verify the integrity of the data they collect.
References
Al-Hajri, H., & Williams, P. (2007). The effectiveness of investigative tools for secure digital (SD) memory card forensics. 5th Australian Digital Forensics Conference. Perth: Edith Cowan University – Research Online.
Aquilina, J. M., & Malin, C. H. (2010). Malware forensic field guide for windows systems, digital forensics field guides. New York, NY: Syngress.
Brand, M., Valli, C., & Woodward, A. (2010). Malware forensics: Discovery of the intent of deception. Proceedings of 8th Australian digital forensics conference, (pp. 1-5). Perth.