Responding to a Security Incident
Many deterrent controls might display warnings such as “Violators will be prosecuted to
the fullest extent of the law.” However, to successfully prosecute an attacker, litigators
typically require the following elements to present an effective argument:
¦ Motive: A motive describes why the attacker committed the act. For example, was he
a disgruntled employee? Also, potential motives can be valuable to define during an
investigation. Specifically, an investigation might begin with those who had a motive
to carry out the attack.
¦ Means: With all the security controls in place to protect data or computer systems, you
need to determine if the accused had the means (for example, the technical skills) to
carry out the attack.
¦
attack asks if the accused was available to commit the attack. For example, if the
accused claims to have been at a ball game at the time of the attack, and if witnesses
can verify this statement, it is less likely that the accused did indeed commit the attack.
Another challenge with prosecuting computer-based crime stems from the fragility of data. For
example, a time stamp can easily be changed on a file without detection. To prevent such
evidence tampering, strict policies and procedures for data handling must be followed. For
example, before any investigative work is done on a computer system, a policy might require
that multiple copies of the hard drive be made. One or more master copies could be locked up,
and copies could also be given to the defense and prosecution for their investigation.
Tidak ada komentar:
Posting Komentar