Computer Forensic Timeline Visualization Tool

Introduction

The article is about research on a computer forensic tool that was carried out by Jens Olsson and Martin Boldt at Blekinge Institute of Technology. The two scientists came up with a prototype of an existing computer forensic utility that combines the output of other forensic utilities and displays it against a given timeline. In computer forensics, timeline analysis is time-consuming because each process investigated differs from the other. Data that is not relevant in one process may be crucial in another process in forensic investigations. This is the reason for manual investigations of timeline in forensic analysis. This process is time-consuming. There is a need for the development of a forensic tool that analyzes and filters the necessary information then displays the outcome in a timeline that is easily understood.

The necessity to save time in computer forensic investigations is the basis of the tool that Olssen and Boldt came up with. It is called CyberForensics TimeLab (CFTL). The tool forms a kind of directory for all evidence gathered about time. The outcome is then plotted on a graph of the timeline. In doing so, forensic investigators analyze the timeline easily and quickly as compared to the existing forensic tools. An existing tool that is similar to the CFTL is the Forensic toolkit (FTK) that was created by Access Data. It analyzes different data just like the CFTL but does not display all the timestamp data in a way that makes work easier for the investigator.

Olssen and Boldt tested the CFTL by giving it to several users then comparing its functionality to FKL. The results were positive and overwhelming. 12 tests subjects used the tool CFTL and FKL to solve a hypothetical forensic case. The case was solved in 14 minutes using CFTL and in 45 minutes using FKL.

Case Project

Questions that the woman should be asked are time and access-related. First of all the investigator should determine the location that the files found on her computer were meant to be and who has access to it. This can help in narrowing down other possible suspects in the case. The first question the woman should be asked is about other individuals with access to her computer. She should clearly define people with regular access to her computer and specifically those who have accessed it within the last month. This information helps in relating the list of individuals with access to the main source of files to the ones with access to her computer.

The investigator should then determine how the woman can benefit from accessing the files found on her computer. Are they of any importance to her? If she is fired, who benefits the most? Is it an individual within the company or the company itself? The answers to these questions help the investigator to determine if the woman has been framed or not. The investigator should then determine the womans history with computers and the level of her computer knowledge. Does she have any certification in computers? How knowledgeable is she in computer use? Finally, the investigator should determine the number of times she logs into her computer in a day and specific times she has logged into it for the past week. The investigator should then check the computer logs and information about the files. The date and time that the files were created and last modified. The user logged in at the time the files were created is also important for the investigation.

Rational Vs Holistic

People who tend for the rational approach are managers whose guidance stems from the statements of finance. They believe that positive outcomes ought to be achieved by well-calculated means with great precision. All their actions and decisions are based on facts that can be quantified and observed. These managers are viewed by their subjects as plain and uninspiring. According to the subordinates of managers observing rational approach to decision making, they are autocratic.

On the other hand, individuals who tend for the holistic approach are leaders driven by several factors that include relationships. These leaders make their subordinates optimistic hence a general improvement in the performance of the organization. They consider the underlying factors while making their decisions. These leaders take into consideration not only the relationships within the workplace but also social resources that are complex. The employees in this case perceive their managers to be visionary.

Studies have shown that holistic managers are more effective in decision-making as compared to rational managers. Results of these studies show that the performance of their organization is improved as workers are more optimistic than those under rational management.

Cyber Security: Security Audit

Audit Scope

In the course of carrying out this security audit, I concentrated on a specific area where I primarily wanted to focus my attention. This was important because I believed that these areas are the backbone of this organizations security. My audit work was to focus on the administrative, technical and physical security measures put in place by the organization.

Initially, I realized that the organization had many assets such as; computers, laptops, cameras, and printers that are used to protect the business information. My first assignment was centered on proving how these assets are capable of ensuring maximum security to the information stored on them.

Administrative and technical safeguards

On the issue of computers and laptops, I learned from the administration that each laptop was specifically assigned to a single person who was entrusted with a password known to him and the organizations administration alone. To enhance the security of the passwords, each employee was required to select a password that entailed a combination of letters and numerical figures.

The length of the password was not to be less than eight digits, which implied that it was exemplary hard for an imposter to hack the password. In the same measures, the password could only be changed from a centralized position meaning that not even the employee himself was able to violate the security program.

Physical security measures

Similarly, I realized that the administration had come up with a security policy that required physical monitoring of security personnel in addition to installing exceptionally strong metallic doors and state-of-art, topmost security locks. There were equally signs inscribed on most doors of the organizations premises prohibiting entry of non-staffs beyond designated points, which I also learned was another security measure to prevent unwanted people from having access to the customers information.

Besides security personnel, an officer was stationed at the entrance. His role was to allow entry to approved persons only after leaving behind their identification card in exchange for another card bearing the name visitor. Apart from the visitors badges, there were also other access cards that the holder could only strictly open the intended door. This beefed up the security mostly on the server room that was completely restricted to the employee on duty alone.

The other area I emphasized my audit on was the knowledge and competence of the workforce. I discovered that most of the workers dealing with customers information were well equipped with the necessary knowledge and experience pertaining protection of information. Most of them were capable of protecting the information stored from viruses and online threats, through the installation of up-to-date software and other programs such as firewalls and antivirus.

Similarly, these workforces were able to filter spasms from their email and were conversant with opening unexpected attachments that could cause harm to the stored data.

Personal opinion and recommendations

Among the areas, I found wanting from my audit was; accessibility of computers and laptops. Going by the rate at which technology is advancing, I felt that the organization needed to do more than just trust the security of its information on passwords alone. The presence of experienced hackers has almost rendered the use of passwords useless (Hance&Cimino, 498). By this, Hance&Cimino (498) meant that more security measures such as biometric technologies are now readily available in the market and can be more trusted than the use of passwords.

According to Hance&Cimino, by use of biometric technology, it will be extremely hard for anyone to manipulate the security of the laptop because this technology entails the use of customized or individual characters such as one pulse or fingerprint which is passed over the screen of the computer and in the process identify the rightful owner. Another area that the company needed to improve its security was the use of closed-circuit television popularly known as CCTV. By using CCTV, the organization will be able not only to keep track of any intruder during working hours but also at any other time.

Conclusion

By instituting IT, security measures such as; biometric and CCTV among other security measures, the organization will feel secure of its stored information and any other assets within its premises. Thus, the organization will worry less about any other threat that might affect their IT systems.

Work cited

HanceShortliffe, E, & Cimino James, J.Biomedical informatics: computer applications in health care and biomedicine, New York, NY: Springer publishers, 2006. Print.

Computer Forensics and Audio Data Retrieval

Abstract

The dynamic nature of crime in modern society has transformed the way in which criminal activities are executed and has led to increment in cyber and computer related criminal activities. Due to the soaring increases in cyber crimes, various states have put more emphasis on computer forensics as a means of protecting and curbing such crimes.

While computer forensics have played a major role in reducing cases of cyber terrorism and corporate crimes in most countries, the process have faced major challenges which emanate from data accuracy and associated costs of storage, searching and indexing as well as the efficiency of data retrieved using various techniques.

The study addresses one of challenges faced by computer forensic experts, retrieval of audio information. While corporate entities and other organizations struggle to identify the relevant data that needs to be preserved and the associated costs, the technology used by forensic experts to retrieve such information are often inaccurate and inefficient which minimizes the strength of such evidence in court.

Introduction

Advanced technology in the modern society has contributed to the increase in computer and computer supported criminal activities due to the soaring increases in the number of internet users across the world and computerization of business processes which has created opportunities for computer criminals and terrorists to execute crimes.

Numerous studies have revealed that crimes such as cyber attacks, hacking, and other computer based criminal activities have been costing business organizations and governments a considerable amount of money each year which has prompted the development of Computer forensics to preserve, identify, extract, and document computer evidence. Computer forensics can be defined as the process through which information is extracted from a computer crime scene while guaranteeing its accuracy and reliability through retrieval and storage as data or magnetically encoded information.

Literature Review

Audio files present a major challenge for computer forensics during the criminal justice process. Data presented in form of email, instant messaging, faxes, text messages, data derived from business computer applications as well as voice messages sent through network avenues and digital devices are commonly used in business organizations due to their ability to cut down costs (Vacca, 2005). However, on occurrence of computer related crimes, such voice based files may be difficult and expensive for computer forensic experts to retrieve.

Although numerous systems have been put in place to facilitate storage and indexing of data within organizations, these systems are very expensive which prompts companies to outsource the role to other companies (Caloyannides, 2009).

Furthermore, despite the fact that the tools for searching and storing data are often effective and accurate, with audio data, such levels of accuracy and efficiency have not yet been achieved. Indeed, the three current means of searching audio data; phonetic search, transcribing by hand, and automatic transcription (Ewechia, 2011) have been found lacking to some extent.

Phonetic search technology extracts audio information through wave patterns and often results in false hits due to the wide variations in peoples mode of speech, accent, pronunciation and dialectics. In addition, this method does not have the ability to transcribe audio messages into texts and hence solely relies on the hearing ability of experts and other concerned stakeholders (Ewechia, 2011).

Manual transcription of audio data which facilitates in conversion of audio messages to text is effective but its time consuming since it depends upon the listener to transcribe the words as they are hear which makes the process more labor extensive hence expensive. Machine transcription, which is an automated means converting audio data to text, is a faster means of retrieving audio data but it suffers from accuracy issues emanating from factors such as differing pronunciation and clarity of recordings (Ewechia, 2011).

New federal rules of civil procedures have been put in place to ensure that companies identify key communications and data sources which should then be saved for future references. As requirement for retention of data increases, identifying the type of data to be preserved has become a major challenge for organizations which impacts on future data availability.

In addition, computer forensic experts are expected to prove beyond reasonable doubt that that the information they have extracted through these methods is exactly as it was on the computer or other digital device in order to guarantee accuracy and reliability (Lucas & Moeller, 2004). Failure to guarantee such aspects in audio data reduce the strength of evidence hence decreasing the likelihood of success in a court of law.

Conclusion

Computer forensics has become an increasingly important component in the fight against crimes. This is primarily due to its ability to retrieve, and present the data required for criminal investigations in a clear and precise form. The data retrieved through computer forensic technology has played a major role in availing evidence which has provided lead to many cases and has also prevented cases of false incrimination.

Despite the challenges that the process faces, the technology continues to evolve and advance as time progresses. We can only anticipate a future where more advanced methods of data retrieval will be developed in order to guarantee accuracy and validity of such data.

Reference List

Caloyannides, A. M. (2004). Privacy Protection and Computer Forensics. Massachusetts: Artech House.

Ewechia, (2011). Audio Files Present Challenges for Computer Forensics and E-Discovery. Web.

Moeller, B., & Lucas, J. (2004). The Effective Incident Response Team. New York: Addison-Wesley.

Vacca, R. J., (2005). Computer Forensics: Computer Crime Scene Investigation Vo. 1. New York: Cengage Learning.

Computer Network Security Legal Framework

Introduction to Computer Network Legal Framework

As the current society advances through massive usage of computer networks, various legal issues and regulations have been developed to ensure sustained protection of sensitive information and intellectual property among organizations. According to Lloyd (2008: 118), cyberspace remains an eminent issue in the current society dominated by massive increase in IT, where statutory amendments and rational precedents need to be reconciled with the existing laws.

Particularly, computer network security issues are becoming focal considerations with regard to the computer abuse in cyberspaces, where accurate legal and ethical formalities needs to be incorporated to protect the information and data relayed in networked environments. This paper will discuss the legal framework governing computer networks in UK, with regard to the legal obligations facing Hayes International operations.

Data protection refers to the measures and strategies incorporated in the information system to safeguard data within a networked environment. Data protection is a very complex strategy incorporating all processes and structures installed within networks to prevent any data damage or leakage within the network. With the introduction of cloud computing, the need of data protection has been rising significantly within computer networks to facilitate the protection of Intellectual Property among the users.

Brief History of Computer Network Legal Framework

Considering the reportedly increasing cyber crimes and fraud, the need of information security has been necessitated. Security education has been one of the major areas of specialization among scholars in order to enhance development of adequate information systems security. In the year 1985, fraudulence over the computer through internet was detected. As a revealed by Barry (2009: 541), Computer Fraud and Abuse Act was developed ; in which individuals who were found conning others or intimidating other online were to be prosecuted. The government intervened and instructed on development of systems to investigate on the crimes committed over the internet through the use of computer forensics science.

Notably, the law required the establishment of accurate evidence of any information which could be considered as involving fraudulence to be used in the court for prosecutions of the accused. As reported by Michele and Stokes (2010: 571), any individual found guilty of the offense was to be fined according to magnitude of the fraud case, or be imprisoned for two years. According to Data Protection Act of 1998, unauthorized access to private competitor information in a networked environment is illegal and the firm regulating the online network should be liable for the offense.

On this basis, Hayes International Company should reinforce its network security in order to facilitate privacy for the sensitive information relayed across its networks by its clients. This is an obligatory legal duty for Hayes Company to ensure safeguard its clients data.

The Legal Framework of Computer Networks in UK with Regard to Hayes International Company

As revealed in the 2002 Social Networks Act, various security analyzers suggested the incorporation of extra elements in the information security systems including authenticity and possession. In this case, confidentiality has been upheld in the currently used security system since the encryption of personal credit cards and other confidential information have been limited to appear in very few places. This has greatly reduced fraud since various personal codes have not been publicly displayed. For instance, (2000: 22) reports on how online transactions using credit cards would only involve the displaying of the card data to limited number of places.

This would reduce the chances of the number being tracked reducing the chances of confidentiality breaching. In this regard therefore, confidentiality in information security systems has been uplifted which have increased privacy among individuals while making online transactions. On this basis, Hayes International Company should consider updating its network system, by having specific data for its clients be displayed at limited places with an aim of reducing the chances of any data leakages.

Since Hayes International Company owns a number of leading online retailers from the global society, its concerns on the data security for its clients should be a priority. According to UK Copyright Law, comprehensive protection of Intellectual Property requires businesses to honor and respect patent and copyright policies provided by data producers or developers. Since it has become easy and faster to copy digital information, the law prohibits not only the interference of any information on a networked environment, but also the tendency of making it available to the public without the consent of the owner.

On this basis, the Hayes International Company should ensure that the information relayed across its networks for its clients is not interfered with or tampered at the slightest point. Further, the information control center of the company should ensure no leakages of the information relayed, as it may interfere with the performance of its clients. By so doing, Lloyd (2008: 123) reveals how coherence and consistency in the network system would be achieved, which will enhance the ultimate achievement of the goals and objectives set by all parties within the system.

In the year 2005, information security integrity was established. This meant that, any data encrypted online should not be modified or changed without being detected. With regard to Michele and Stokes (2009: 577), this strategy has been enhanced through the involvement of ACID classic models which provide unique codes to the original data provided in which its modification amounts to its rejection in the process of decrypting the data. One of the most important aspects of this strategy is that, organizations which have adopted the strategy would be having more security of their information since it would not be easy for interrupters to make any alterations and modifications.

In order to ensure guaranteed security for its clients data, Hayes International Company ought to conform to high-tech information system capable of ensuring un-interruptible information system in cases of data leakages. As noted by Farr and Oakley (2010: 89), this is a legal obligation entrusted to all data companies, since they are eligibly liable for any inconveniences arising out of data leakages within their network system. As a central point of data processing for its clients, Hayes International Company should establish computer software capable of monitoring all the transactions carried out by its clients in order to produce evidence for its clients in cases of any suspected crime of fraud.

Authenticity is another element that has been of late introduced in the information security as a result of development of e-commerce and international transactions. In this case, the parties involved in any transaction ought to provide genuine information which must be validated after the parties involved come into consensus. As held by Barry (2009: 544), this particular reinforcement of the information security systems in the year 2005 was found to impact positively on the development of international business transactions since there were low chances of fraud and other internet evils.

In order to facilitate efficiency among retailers and their clients, Hayes International Company need to establish a system capable of validating any transaction, only when the parties involved come into consensus. This strategy conforms to the 1998 Cyber Crime Act in the sense that, all online transactions ought to be facilitated sequentially with an aim of reducing cases of fraud among online businesses. In order to facilitate the policies presented in this Act, Hayes International Company should establish validation strategy in its systems in order to reduce cyber crimes among international businesses.

According to Brazell (2008: 56), the reinforcement of information security has been accompanied with non-repudiation, where each party involved in any transaction ought to fulfill the obligations of the contract. This acts as a guarantee for the clients to indulge into the transaction. This has enhanced lower chances of any act of fraud since each party can not breach the contact without a mutual consensus with the other.

In this respect therefore, information security has been reinforced to a great extent. Having full understanding of the virtual nature of many online businesses, Hayes International Company should ensure the establishment of non-repudiation strategy in order to curb any chances of fraud cases among the clients involved in the online transactions. Since the company is in control of the network system for all transactions, it would be quite reliable to have its businesses come into contract fulfillment before facilitating the transactions made between the parties.

Further, the introduction of cryptographic technology in information security has been one of the most reliable strategies. As noted by Lloyd (2008: 127), cryptographic strategies are meant to secure data and information displayed online by converting the data into unreadable form by other people apart from the user alone. Though various information infrastructures apart from the computer are being developed, the computer remains the main infrastructure among the others as it ultimately controls a number of processes.

Since this technology has been proved to be quite reliable, Hayes International Company should ultimately consider it as an ultimate reinforcement for the security of its clients data. Particularly, the law provides for network businesses to employ the best strategies possible to enhance the highest level of security among its online clients who might be relying on such networks.

According to Computer Fraud and Abuse Act of 2001, it is illegal to access and retrieve information of another individual or organization without prior permission from the owner. Since Hayes International Company deals with facilitating communications between businesses and their clients, it is unlawful for its employees to access any information relayed within its systems belonging to such businesses. As reported by Macdonald and Rowland (2000: 17), in cases of abuse of the Act, the individual or organization alleged will be liable to pay $ 10,000 to the plaintiff. In this case, the Act acts as a safeguarding strategy to confidential information and data among organizations to enhance efficiency and coherence in the achievement of the organizations goals and objectives.

As reflected in Cornell and OConnor (2006: 97), this Fraud Act of 2001 inhibits intentional alteration of computer programs within a networked environment which may cause damages resulting into threatening or loss of peoples lives. More so, if the alteration of the programs results in losses of data stored within a networked environment, the individual or organization responsible is held guilty and liable for compensating the victim of the information loss amount not less that $ 5,000.

In the former case where the alteration of the programs involved results into loss of lives, the individual or organization responsible is held guilty of an offense, and liable to pay a fine not less than $ 9,000. On this basis, Hayes International should ideally control the programs facilitating the process of relaying information of its online clients in order to avoid any dangers resulting into either data of lives loss. By having the law restricts program alterations; it makes it possible to reduce the risks associated with information systems security within a networked environment.

Further, according to the Computer Fraud and Abuse Act the action of knowingly defrauding or trafficking of sensitive information like passwords in a networked environment without permission is considered as illegal. As held by Bainbridge (2007: 39), if an individual or organization gets involved in an act of trafficking encrypted data belonging to other individuals or organizations trough using software to transform the encrypted information into readable form without prior permission from the authorities is considered as guilt.

In this case, Hayes International Company should ultimately safeguard the information relayed within its networks without getting involved in act of trafficking any of such sensitive information. More specifically, the organization should have its staff be aware of the legal obligations associated with such actions and consider respecting and safeguarding intellectual property belonging to other organizations or individuals.

In response to the invading viruses, the software security law restricts the introduction of any malware to another computer in a networked environment intentionally. Since most of the known malware softwares like viruses have been known to interfere with the stored information in a computer, it is considered as an offense to infect other computers within the networked environment. In order to reduce the rates of viruses infection within the system, Linux and UNIX security wares have been necessitated since the invasion of viruses in the computer files goes to the UNIX and Linux systems and interfere with the entire computer system (Farr and Oakley 2010: 87).

In this respect therefore, the development of encrypted viruses by the Hayes International should be facilitated in order to enhance reliable security against malware infections within the networked environment.

Conclusion

As it has been revealed, the current advancement of information system requires a regulation and control measures in order to enhance efficiency and consistency through the use of computers. Particularly, the legal system has been found quite significant to reinforce the information systems regulation in order to protect intellectual property among organizations, which may be considered as the central nerve for their profitability or performance.

On this basis, Hayes international has an obligatory role of safeguarding its network system with an aim of upholding Intellectual Property for its clients. Quite importantly, its conformity to the legal requirements in computer networks forms a basis for its prosperity. As it has been revealed, the 1998 Cyber Crime Act and 2001 Computer Fraud and Abuse Act have been quite important in governing computer processes in networked systems in UK.

Since the law stipulates on misuse of information systems to interfere with other people or organizations sensitive information, coherence and consistency in the information system has largely been achieved. More so, any computer program which may pose danger to other peoples lives within a networked environment has largely been addressed in the Computer Law. As a result, the information systems law is not only concerned with data security, but also on human welfare.

Reference List

Bainbridge, D. (2007) Introduction to Information Technology Law, 6th Edition. London: Longman Publishers, 24-51.

Barry, S. (2009) Contemporary Legal Issues Facing Information Technology. Computer, Internet and Electronic Commerce Terms, (February Issue): 543-571.

Brazell, L. (2008) Information Technology Law and Regulation. Oxford: Oxford University Press, 37-81.

Cornell, D. and OConnor, M. (2006) EU Communications Law. Manchester: Sweet & Maxwell Publisher, 95-132.

Farr, S and Oakley, V. (2010) Internet Law and Regulation. London: McMillan Publishers, 57-93.

Lloyd, I. (2008) Information Technology Law. Oxford: Oxford University Press, 103- 141.

Macdonald, E and Rowland, D. (2000) Information Technology Law, 3rd Edition. England: Routledge Publishers, 5-38.

Michele, R. and Stokes, S. (2009) Information Technology Law. Computer and Telecommunications Law Review, (Issue): 357  404.

Cyber Security Issue: RansomWare

Introduction

As cyber security threats continue to increase and evolve in complexity in the 21st century, all organizations globally are finding antivirus installation necessary. Among the most cyber threats affecting computer systems of most organizations today is ransomware. Ransomware is a computer virus that modern cybercriminals use to limit users from full or partial access to their computers. Until the victim pays a specific amount of money to the attackers within a particular time, cybercriminals can use the virus mentioned above to access the users sensitive personal or organizational information. They can temporarily block computer screens or specific files and send threats to information owners to get conditional payments. Ransomware is a 20th-century invention that continues to pose a threat to many computer users globally today. This essay will explore the historical overview of ransomware cyber threats functioning, evolution, and prevention.

Historical Overview

Ransomware was invented and implemented by Young and Yung at Columbia University and presented in 1996 at the IEEE security and privacy conference. The first version of the virus was AIDS Trojan, which happened in 1989 (Richardson & North, 2017). Since then, the ransomware scam has grown globally, and victims have lost millions of money. A Trojan is disguised as a legitimate file that the user can download or open when it arrives as a notification. Cyber-attacks have risen and evolved over the past few years. Payment is usually the attackers goal, and the victim is forced to pay to get back their files. The attacker has a convenient paying system that is hard to trace.

How Ransomware Works

Although ransomware attackers mainly target individual users, they might start targeting organizations soon, considering the speed with which cybercrime is evolving and increasing recently. Noteworthy, ransomware can enter a computer through messages and emails claiming to contain files with essential details sent from fake sources. These files can entice the user to download and click on specific links or botnets, after which the computer becomes infected with the ransomware. This malware can occur in two forms, either encrypting or locker ransomware (Srinivasan, 2017). The former contains complex algorithms that block users system files and demand a ransom for decryption keys. Examples of encrypted Ransomware include Locky, Cryptowall, and crypto locker. The latter ransomware limits the users complete access to their operating system by locking their apps or files. Although cybercriminals do not close the computer files or apps through encryption, they still demand a ransom payment. Common examples of locker ransomware viruses include win locker or police-themed ransomware.

Characteristics of Ransomware

Ransomware has several unique features that differentiate it from other malware. For instance, the victim cannot decrypt encrypted ransomware because the attacker owns and controls the access keys. Further, the Ransomware virus can affect all computer files, including pictures, documents, audio, and videos. Ransomware can shuffle the victims computer files, making it difficult to differentiate between safe and infected ones. This virus ensures the victim knows there is an encryption attack on their information and that they have to pay the required amount to access their files (Richardson & North, 2017). In addition, the users of the attacked computers face the risk of losing their data or paying more ransom if they make payments within the given timelines. Since the attacked computers are incorporated into the botnets, the attackers have more infrastructure to conduct more cyber-attacks in the future. Ransomware can spread to other computers using the same network, thereby damaging more operating systems. Ransomware can give cybercriminals access to sensitive information saved in the victims computer. Sometimes, the virus can send ransom messages to the victim in their national language, where the attack is geographical.

Method of Transfer and Execution of Ransomware

Successful entry and execution of a ransom virus in a target computer consists of a process of five phases. The infection and exploitation phase occurs after the successful installation of the ransomware in the target computer. Then, attackers execute the ransomware virus in the target computer through an exploit kit and Phishing techniques. The next phase involves delivering executable forms of malware into the victims operating system to enable a cyber-attack. In phase 3, the virus removes any backup folders or files in the computer system to prevent the victim from restoring the target information after the execution of an attack. After deleting the backup files, the target data in the computer system is encrypted using Ransom keys to limit the victims access (Mohurle, & Patil, 2017). After completing the above four phases, the notifications demanding ransom payments with a specific timeline display on the victims computer screen. If the victim exceeds the given timeframe, the ransom increases, or the attackers destroy the data.

Evolution of the Ransomware Threat

Recently, the threat of ransomware has been gradually changing targets and modes of execution. The transfer of ransomware with time thus has evolved, and it aims in desktop computers and less on mobile phones. Crypto-ransomware transfers data, thus restricting the user from accessing their data. File encryption ransomware involves symmetric encryption and asymmetric for decryption (Maurya et al.2018). The transfer is not only based on applications and emails but also activated in offline systems. Over the past few years, organizations that are not IT-based, such as hospitals. Such organizations are becoming attractive to cybercriminals because they have less knowledge about cybersecurity. In addition, the methods of transferring ransomware are evolving. Today, clicking on online adverts exposes ones device to the threat of ransomware.

Preventive Measures

Ransomware threats are on the rise and affect people and organizations adversely. Detection alone is not an adequate measure in recognizing and cubing these effects, and thus, people should ensure responsible and secure use of computers and smartphones. Since ransomware works to achieve the aim of stealing data from computers, it is challenging to detect. Therefore, one should avoid clicking on links from unknown websites and disclosing personal information to stay safe. Those who plan the ransomware attacks try to access ones personal information by calling or sending messages to the target users. When one notices such statements or receives such calls, they should avoid sharing any information from an unknown source (Richardson & North, 2017). Constantly update the programs and operating systems up to date to prevent cybercriminals from taking advantage of the vulnerability of the systems. It is safer to refrain from only downloading programs, files or adhering to messages from suspicious sources. When using public Wi-Fi, the computer is more vulnerable to cyber-attacks. Therefore, one should secure their computers with VPN services or avoid using public networks.

Conclusion

Finally, ransomware is increasingly becoming a typical cyber threat to individual and organizational computer systems. Since the first version of the malware mentioned above, organizations and personal computer users have lost valuable information and millions of money to cybercriminals since the invention and introduction. Ransoware makes personal or organizational information inaccessible to the owners by either blocking or locking the files or applications through encryption keys. After successful encryption, the attackers use the malware to extort money from the victim to exchange the encryption keys. In the past, personal computers were the main targets of ransomware attacks, but today operating systems of organizations and smartphones are vulnerable to this cyber threat. Therefore, people and organizations ought to take some preventive measures to stay cyber-safe, including refraining from downloading or clicking links from suspicious sources.

References

Maurya, A. K., Kumar, N., Agrawal, A., & Khan, R. A. (2018). Ransomware: evolution, target and safety measures. International Journal of Computer Sciences and Engineering, 6(1), 80-85.

Mohurle, S., & Patil, M. (2017). A brief study of wannacry threat: Ransomware attack 2017. International Journal of Advanced Research in Computer Science, 8(5), 1938-1940.

Richardson, R., & North, M. M. (2017). Ransomware: Evolution, mitigation and prevention. International Management Review, 13(1), 10.

Srinivasan, C. R. (2017). Hobby hackers to billion-dollar industry: the evolution of ransomware. Computer Fraud & Security, 2017(11), 7-9.

Data Management and Cybersecurity

Learning about privacy breach issues and the means of managing them in different settings to protect the affected party has been an exceptionally important part of understanding the intricate details of privacy management laws. Having recognized the complexity and the essential aspects of managing data security breaches in the organizational setting, I will be able to ensure that the data management framework within my workplace setting functions impeccably. Moreover, additional tools for mitigating the effects of a possible information security breach will be introduced and implemented effectively.

Two legal principles studied during this course have been of particular importance to me. Namely, the principal standard of the HIPAA, as well as the concept of cybersecurity, have proven to factor into some of the key aspects of my professional and personal life. For instance, taking retrospect on some of the events that have taken place in my life, I will have to admit that knowing the principles of managing information security would have been of great help. For instance, having a clear understanding of HIPAA would have allowed me to recognize the challenges of maintaining safety when seeking healthcare services (Cohen & Mello, 2018). As a result, I would have been more considerate when choosing what information to disclose to the healthcare practitioner.

Similarly, learning about the principles of data breach notification would have prompted me to be more careful with trusting my personal data to companies that seemed rather inconspicuous at first but turned out to be a source of multiple complications with addressing the issue of information leakage. Overall, the course has provided crucial information that should be applied both to professional and personal settings to safeguard vulnerable information from third parties.

Customer data management is a challenging and complicated task, especially in the contemporary digital context, where exposure to emergent threats and cyberattacks is huge. Therefore, creating a system of customer notification in case of a cyberattack, with detailed instructions for the further course of actions to secure ones personal data, must be introduced in any organization.

Moreover, security issues may occur even in the situations that could seem as fairly standard and mostly safe procedures. Namely, the use of credit cards could turn out to be compromised due to exposure to third parties, which is why learning about the PCI DSS (Payment Card Industry Data Security Standard) was vital in understanding how the rights of consumers could be further protected. Remarkably, a range of people tend to neglect some of the vital security measures, such as setting two-factor authentication, which is critical according to the PCI DSS standards (Wilson et al., 2018). Therefore, promoting active education for general audiences regarding the safe use of digital services and the related tools is essential to enhancing information security, particularly, in the business context.

However, education about data security management is often fraught with numerous complications even in the workplace setting. Being under the pressure of multiple factors, employees tend to select the solutions that provide results as fast as possible, which is why some of the security measures may be neglected, leading to customers personal data exposure. To protect the target population from a potential cyberattack, a company must reinforce the importance of complying with the set standards, as well as educate employees on the topic of information safety management. Thus, major issues such as data breaches will be avoided successfully.

References

Cohen, I. G., & Mello, M. M. (2018). . JAMA, 320(3), 231-232.

Wilson, D., Roman, E., & Beierly, I. (2018). PCI DSS and card brands: Standards, compliance and enforcement. Cyber Security: A Peer-Reviewed Journal, 2(1), 73-82.

Hacking: Positive and Negative Perception

Introduction

Research questions

Is hacking an internationally accepted concept? Can hacking be positive for security systems of different corporations and how? How the global community can encourage hackers to cooperate in improvement of security systems? What are the main goals of hackers when they break security systems of international corporations? What are potential threats of hacking if it is performed by competitors/enemies/terrorists?

Working thesis

The possible advantage of cooperating with hackers for security systems mangers of international organizations and governmental organizations is the probability to recruit them and use their knowledge to empower different organizations to improve their security systems to prevent vulnerability of these systems and possible leakage of information with regard to the threat of terrorist attack.

Problem Statement

The problem concerning hacking exists since the late twentieth century but now it is based on the lack of knowledge and skills in professional system engineers who work for international corporations and governmental organizations.

As such, investigation should include assessment of the technological basis of the organizations and their knowledge management and recruitment strategies opposed to advanced level of hackers who crack security systems all over the world. Besides, possible cooperation of hackers with terrorists and other organizations and people that impose potential threat on security systems of the countries should be excluded by recruiting hackers by government agencies and international corporations.

Rationale for Study

The reason for conducting the research is the emerging number of technological innovations that increase the possibility for security system invasions and the hypothetical ideas of recruiting hackers so that they work for privately own and governmental organizations. In this respect, hackers can be hired on legal basis to cooperate with security system managers to improve the measures adapted to these systems.

Methodology

Method of inquiry

The method for the research includes analysis of secondary sources as the research questions are not aimed at evaluating the possibility for cooperation and percentage of hackers that may agree to work for government. Besides, assessment of research questions is planned to be performed with the help of previous researches conducted on the concept of hacking and their motivations and ethical issues.

Previous research

The previous researches concerned the development of hacking in different periods, namely, 1980s and 1990s when this was perceived in different ways by the community, non-governmental and governmental organizations. In other word, different authors attempted to label hackers as crackers or advocate for the positive influence of hacking as it contributes positively to analysis of gaps in security systems of different organizations.

Literature Review

The resources reviewed for this research proposal include articles from scholarly journals and conference proceedings. For instance, Roberts and Webber (2002) elaborate on the ethical issues and importance of practical experimentation in analyzing vulnerability systems.

So, this study advocates the hackers activity while the report by Stockwell (2008) is aimed at dwelling on the role of hackers in society with regard to the propaganda of democratic ideas and beliefs and the nature of hacking and their ethos for knowledge and desire to examine their skills.

Expected Outcomes and Limitations

It is expected to review the sources available on the issue of hacking in terms of positive and negative perception of this social phenomenon. The limitation includes inability to demonstrate cooperation of hackers with government in practice due to theoretical nature of the research.

Reference List

Roberts, P., & Webber, J. (2002). Virtuous hackers: Developing ethical sensitivity in a community of practice. Australasian Journal of Information Systems, 9(2), 172-177.

Stockwell, S. (2008). Were all hackers now: Doing global democracy. Proceedings of the CreateWorld08 Conference, 7-10 December, 21-20. Web.

Cybersecurity Directives and Laws

What was PDD-63 signed by President Clinton and how did it set the pace for cybersecurity directives and future laws?

Presidential Decision Directive 63 (PDD-63), also titled Combating Terrorism, was the document that identified the unconventional methods of attack that might be used against the nation, assessed the danger of cyberattacks, and the need for preparation. This directive paved the way for future measures against cybercrimes and laid the groundwork for more cooperation between the public and private organizations, in pursuit of national security (McGowan, 2013).2. Describe how the Patriot Act dealt with cybersecurity.

The Patriot Act maintained that law enforcement in collaboration with national security should be able to use every technological development of the 21st century to prevent threats (Eastton & Taylor, 2011). The Patriot Act addressed the threat of cyber terrorism by enabling surveillance of online communications and Web use, as well as ordering the creation of Electronic Crimes Taskforce, which would focus on investigating cybercrimes (Aspects of Cyberterrosim Covered by the Patriot Act, 2006).

Describe the National Strategy for the Physical Protection of Critical Infrastructures and Key Assets and how it attempts to protect cyber assets.

The purpose of this document was to create and develop the guiding principles for improving the protection of the nations critical infrastructures and key assets by reducing their vulnerability to physical attacks from terrorists. The document presented cyber systems as part of these critical infrastructures (Department of Homeland Security, 2003). As part of the initiative, it meant that integrated risk modeling would be conducted to study vulnerabilities as well as the consequences of an attack on these systems. Finally, the information systems and networks were to be assessed and identified in order to better understand the full scope of the dangers.

What is PPD-21 and how does it fit into the protection of cyber assets in the United States?

PPD-21 is a Presidential Decision Directive issued in 2013 by President Barack Obama, titled Critical Infrastructure Security and Resilience. It is a cybersecurity executive order that redefined the organizations and companies where a cybersecurity incident could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security, and include them as a part of the US, in order to mitigate the threat of cyber attacks and improve responses (Exec. Order No. 13636, 2013).

List and briefly describe the 16 critical industry infrastructures.

The critical infrastructure sectors according to PPD-21 are (Critical Infrastructure Sectors, 2013):

  • Chemical Security (mostly privately-owned companies, includes basic and specialty chemicals, agricultural chemical, pharmaceutical, and consumer products industry segments).
  • Commercial Facilities Sector (includes industries involved in shopping, entertainment, business, and accommodation).
  • Communications Sector (is especially important, as it is an enabling factor for all other infrastructure sectors).
  • Critical Manufacturing Sector (this sector is responsible for metals manufacturing, machinery that is used in other sectors, electrical equipment manufacture, and transportation production).
  • Dams Sector (damn maintenance and proper function).
  • Defense Industrial Base Sector (research and development, as well as production and maintenance of military equipment).
  • Emergency Services Sector (includes all services that save lives, property, and environment, and help communities and individuals to recover from disasters and emergencies).
  • Energy Sector (provides the energy supply for the economy to function properly)
  • Financial Services Sector (includes organizations like banks, credit unions, investors, etc).
  • Food and Agriculture Sector
  • Government Facilities Sector (includes a wide variety of federal, state, local, and tribal owned organizations, which provide services critical to effective functioning of the state).
  • Healthcare and Public Health Sector (plays a vital role in maintenance of public health, and in dealing with the outcomes of terrorist acts, disease outbreaks, and other disasters).
  • Information Technology Sector (similarly to communications is vital for intercollaboration of different sectors and their functioning, but is also a source of potential dangers which need to be assessed).
  • Nuclear Reactors, Materials, and Waste Sector (includes industries which use nuclear power).
  • Transportation Systems Sector (transportation of goods and people inside and outside the state).
  • Water and Wastewater Systems Sector (a vital sector, which need protection to ensure public health, and most human activities).

How do the specific sectors work with each other to provide cyber security?

Information Technology Sector, Government Facilities Sector, and Communications Sector work tightly together to provide cybersecurity by eliminating all identify and eliminate cyber vulnerabilities and, together with the other sectors, maintain effective and up-to-date facilities for threat prevention, as well as share information critical to the sectors safety (Whitman & Mattord, 2011).

References

Aspects of Cyberterrosim Covered by the Patriot Act. (2006). Web.

(2013). Web.

Department of Homeland Security, (2003). Web.

Eastton, C., & Taylor, J. (2011). Computer Crime, Investigation, and the Law Boston, MA: Course Technology, Cengage Learning.

Exec. Order No. 13636, 3 C.F.R. (2013).

McGowan, M. L. (2013). 15 Years After Presidential Decision Directive (PDD) 63. Web.

Whitman, M. E., & Mattord, H. (2011). Reading & Cases in Information Security: Law & Ethics, Boston, MA: Course Technology, Cengage Learning.

Quality Control of Digital Forensics

Introduction

The quality control over computer forensic products is necessary because of the growth of the Internet services. While providing a variety of time-saving possibilities, the Internet also creates many opportunities for malicious activities and security breaches. Forensic practice shows that computer-related cases can be complicated for various reasons. The complexity of such cases leads to the necessity of proper quality control. Thus, the investigator and the lab are challenged not only with solving a case but also providing the appropriate evidence and maintaining the required level of quality. Therefore, the level of quality must be regulated by specific documentation and entrusted to specific individuals.

Computer services and the Internet present possibilities for a variety of criminal activities. Nevertheless, crimes can also be prevented and investigated with the usage of computer products. For instance, the analysis of mobile applications can play a critical role in the investigation and prevention of cyber crimes, as stated by Mahajan, Dahiya, and Sanghvi (2013). This point is further expanded by Grispos, Glisson, and Storer (2013) also touching upon cloud services. Both of these studies focus on whether or not data remaining in smartphones or cloud services can be used as evidence in solving cases. To summarize, the modern forensic practice relies not only on the traditional methods of gathering evidence and data but also on computer products, which proves to be a useful measure.

However effective the digital forensics can be, there is rarely a reason to use all of its resources. (Garfinkel, 2013). Not every forensic practice in the field of computer-related crimes is effective. Gathered data on the measures used by criminals to ensure their safety while committing a cyber crime indicates this ineffectiveness. The work by Stephenson and Gilbert (2013) presents the reader with methods used by professional hackers to commit cyber crimes. The increasing complexity of cyber crimes is also elucidated in the book. Thus, forensic units are facing a problem of preventing and solving cyber crimes while also coping with the increasing quality of cyber criminals skills.

Another important topic in the field of digital forensic is the discussion of the error. It is frequently discussed amongst many researchers (Christensen, Crowder, Ousley, & Houck 2014). The increasing standards of quality control are a direct result of this discussion. The effectiveness of digital forensics is provided by the quality of the investigations which can be entrusted to a specific document  Quality Assurance Manual, and an individual that is observing the abidance of the forensics units  Quality Manager (Barbara, 2013). With these assets operating properly, the percentage of errors in the forensic practice can be minimized.

Conclusion

Hence, one can see that quality control of digital forensics can and must be provided by the above-mentioned document and specifically nominated person. Although cyber crimes are difficult to investigate and solve, and the methods used in the process can be redundant, the effective procedure of investigating a cyber crime has become easier over the decades. This is a result of spreading computer products and the amount of evidence they are capable of storing. Todays quality control of digital forensics is a necessary measure that contributes a lot to the procedure of investigating cyber crimes.

References

Barbara, J. J. (2013). Quality assurance practices for computer forensics: Part 2. Forensic Magazine. Web.

Christensen, A. M., Crowder, C. M., Ousley, S. D., & Houck, M. M. (2014). Error and its meaning in forensic science. Journal of Forensic Science, 59(1), 123-126.

Garfinkel, S. L. (2013). Digital forensics. American Scientist, 101(5), 370-377.

Grispos, G., Glisson, W. B., & Storer, T. (2013). Using smartphones as a proxy for forensic evidence contained in cloud storage. 46th Hawaii International Conference on System Sciences, 1-10.

Mahajan, A., Dahiya, M. S., & Sanghvi H. P. (2013). Forensic analysis of instant messenger applications on Android devices. International Journal of Computer Applications, 68(8), 38-44.

Stephenson, P., & Gilbert, K. (2013). Investigating computer-related crime. New York, NY: CRC Press.

Cybersecurity Threats in Physician Practice

Introduction

My chosen source is a credible source of information because it is not outdated and has no indicated currency. The clearly stated minimization of ransomware threats makes its relevance easy to understand. The accuracy of the source is evident by the reference list that provides most non-actual links. It has high authority ratings because it contains accurate information and authors credential. The purpose of the source is to inform readers of the strategies to help healthcare professionals identify, avoid and respond to ransomware dangers (Budke & Enko, 2020). Its objectivity is fact-based, and the authors affiliation does not bias the information.

In the 21st century, technology has become an integral part of operations and is changing rapidly. Additionally, hackers have gained the ability to penetrate and compromise the most secure systems, and technological threats are rapidly evolving. Ransomware is malware that encrypts a system and prevents users from accessing it until they pay a predetermined ransom, after which hackers decrypt the data (Budke & Enko, 2020). Although the healthcare system has improved over time and becomes one of the most secure, many facilities use the same technology for their equipment and implement it themselves, making them more vulnerable to attack.

Ransomware can potentially target healthcare organizations for various reasons for healthcare providers to maintain their operations. Cybercriminals have become well aware of the industrys reliance on IT and the disruption caused by the inability to access critical information, making healthcare providers increasingly vulnerable (Budke & Enko, 2020). After all, they know that the hospitals systems must continue to work for patients safety, so medical institutions are always ready to pay the ransom. In addition, the hospital information system contains essential data that should not be lost.

Healthcare organizations should update their systems and software to protect against ransomware threats. They should also take adequate precautions, such as installing anti-malware software and regularly scanning their systems for vulnerabilities. Hospitals are responsible for ensuring the security of their systems, so they should scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users (Budke & Enko, 2020). All employees of healthcare centers should therefore receive ransomware training.

Reference

Budke, C.A. & Enko, P.J. (2020) Physician practice cybersecurity threats: Ransomware, Missouri medicine. Journal of the Missouri State Medical Association, 117(2), 102104. Web.