99%(73)72 out of 73 people found this document helpful
This preview shows page 6 - 9 out of 16 pages.
the full details of the event. Part of this will include establishing the identity of the user responsible, as well as the devices involved. While the location and time stamps available provide a foundation for establishing this proof a secondary set of evidence which corroborates or refutes the original data can assist in determining the identities of users, or malicious actors.It is recommended the company establish a logging system to allow individuals who are working remotely to document the time and place of their work. Differences between the logged locations and times and the network traffic can indicate an issue with identity theft or spoofing, as well as possible employee fraud. There are additional methods which may allow the company to substantiate captured data. This can include social media usage, which when combined with
Incident Report 6 certain open source tools such as geosocialfootprint.com can allow investigators to establish either a location with a time stamp, or failing any activity at that time, information which can be used to create a pattern of behavior for the employee.The company’s intrusion detection systems (IDS) can also be used to detect spoofing attempts. There are two ways to utilize IDS can accomplish this, Misuse and Anomaly. Misuses adefinition of security events, or signature. As an IDS monitors the network when it identifies a signature it can raise an alert, or in some cases block the action all together. Anomalies do not require definitions of security events. Instead a pattern of normal behavior is provided and any actions outside of this behavior are flagged for review. There are legal issues which must be addressed before monitoring or behavioral analysis can occur. Particularly this arises from constitutional concerns regarding the fourth amendment and a reasonable expectation of privacy. However, a thorough review of relevant state law shouldprecede the implementation of any policy that may appear to impact employees' privacy interests. It is also important to note that while any internal investigation will maintain varying investigative objectives it is imperative to conduct each examination, or investigation of any cyber incident as if it were proceeding to a criminal trial. This includes establishing when an employee’s expectation to privacy is voided or waived. Though the majority of these investigations will not necessitate legal action should information develop that requires it, being in compliance will insure any information discovered will not be excluded as evidence.III.Current Approved Device ListThe following devices are supported:
Incident Report 7 iPhone (6, 7, 8, 9, 10) iPad (3G, 4G)Android (All Andoid OS Devices using OS Version 8) Windows (Win 10 devices)Connectivity issues are supported by IT; employees should contact the device manufacturer or their carrier for operating system or hardware-related issues.