{"title":"信息安全框架中企业取证准备的重要性","authors":"G. Pangalos, C. Ilioudis, I. Pagkalos","doi":"10.1109/WETICE.2010.57","DOIUrl":null,"url":null,"abstract":"Corporate forensics is rapidly becoming an essential component of modern business. Having no a priori knowledge on whether a security related event or corporate policy violation will lead to litigation, it is argued in this paper that digital forensics principles need to be applied to all corporate investigatory, monitoring and auditing activities. Corporate forensics are also necessary in modern organizations in order to credibly investigate what and how it happened, what part of the security policy was breached, whether existing corporate security mechanisms are sufficient and responding promptly, help investigate the impact and costs of a security incident, help management take well documented actions, and so forth. Forensic practices are therefore departing fast from the niche of law enforcement and becoming a business function and infrastructural component. This migration poses new challenges to security professionals that must be resolved. Furthermore, protecting information and information assets solely through technical means and security procedures is also no longer sufficient in modern corporate environments, as accountability from management is also needed. Forensic readiness helps enhance the security strategy of an organization, reduce the impact of a security incident and provide management with the means to demonstrate that reasonable care has been taken to protect information resources. Forensic readiness is becoming important for modern corporate environments and a significant component of the Information Security Good Practice. In this paper we also advocate that the scope of forensics needs to be expanded in order to encompass the whole information security domain and we address a number of related issues that need further attention or must be resolved in order to take full advantage of forensic readiness in a corporate environment. The expanded scope of information security due to the inclusion of forensic readiness is expected to disturb established information security good practices. As such we challenge the concept of a generic good practice, its applicability to a specific organizational context and we investigate alternatives for adapting information security good practices to accommodate digital forensics processes.","PeriodicalId":426248,"journal":{"name":"2010 19th IEEE International Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises","volume":"27 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-06-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"38","resultStr":"{\"title\":\"The Importance of Corporate Forensic Readiness in the Information Security Framework\",\"authors\":\"G. Pangalos, C. Ilioudis, I. Pagkalos\",\"doi\":\"10.1109/WETICE.2010.57\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Corporate forensics is rapidly becoming an essential component of modern business. Having no a priori knowledge on whether a security related event or corporate policy violation will lead to litigation, it is argued in this paper that digital forensics principles need to be applied to all corporate investigatory, monitoring and auditing activities. Corporate forensics are also necessary in modern organizations in order to credibly investigate what and how it happened, what part of the security policy was breached, whether existing corporate security mechanisms are sufficient and responding promptly, help investigate the impact and costs of a security incident, help management take well documented actions, and so forth. Forensic practices are therefore departing fast from the niche of law enforcement and becoming a business function and infrastructural component. This migration poses new challenges to security professionals that must be resolved. Furthermore, protecting information and information assets solely through technical means and security procedures is also no longer sufficient in modern corporate environments, as accountability from management is also needed. Forensic readiness helps enhance the security strategy of an organization, reduce the impact of a security incident and provide management with the means to demonstrate that reasonable care has been taken to protect information resources. Forensic readiness is becoming important for modern corporate environments and a significant component of the Information Security Good Practice. In this paper we also advocate that the scope of forensics needs to be expanded in order to encompass the whole information security domain and we address a number of related issues that need further attention or must be resolved in order to take full advantage of forensic readiness in a corporate environment. The expanded scope of information security due to the inclusion of forensic readiness is expected to disturb established information security good practices. As such we challenge the concept of a generic good practice, its applicability to a specific organizational context and we investigate alternatives for adapting information security good practices to accommodate digital forensics processes.\",\"PeriodicalId\":426248,\"journal\":{\"name\":\"2010 19th IEEE International Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises\",\"volume\":\"27 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-06-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"38\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 19th IEEE International Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WETICE.2010.57\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 19th IEEE International Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WETICE.2010.57","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
The Importance of Corporate Forensic Readiness in the Information Security Framework
Corporate forensics is rapidly becoming an essential component of modern business. Having no a priori knowledge on whether a security related event or corporate policy violation will lead to litigation, it is argued in this paper that digital forensics principles need to be applied to all corporate investigatory, monitoring and auditing activities. Corporate forensics are also necessary in modern organizations in order to credibly investigate what and how it happened, what part of the security policy was breached, whether existing corporate security mechanisms are sufficient and responding promptly, help investigate the impact and costs of a security incident, help management take well documented actions, and so forth. Forensic practices are therefore departing fast from the niche of law enforcement and becoming a business function and infrastructural component. This migration poses new challenges to security professionals that must be resolved. Furthermore, protecting information and information assets solely through technical means and security procedures is also no longer sufficient in modern corporate environments, as accountability from management is also needed. Forensic readiness helps enhance the security strategy of an organization, reduce the impact of a security incident and provide management with the means to demonstrate that reasonable care has been taken to protect information resources. Forensic readiness is becoming important for modern corporate environments and a significant component of the Information Security Good Practice. In this paper we also advocate that the scope of forensics needs to be expanded in order to encompass the whole information security domain and we address a number of related issues that need further attention or must be resolved in order to take full advantage of forensic readiness in a corporate environment. The expanded scope of information security due to the inclusion of forensic readiness is expected to disturb established information security good practices. As such we challenge the concept of a generic good practice, its applicability to a specific organizational context and we investigate alternatives for adapting information security good practices to accommodate digital forensics processes.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
