Cyber Security Management / forensic investigation
Computer Sciences and Information Technology
Cyber Security Management / forensic investigation
Table of Contents
Businesses and organizations have increasingly adopted operational security management planning for forensic investigations to enhance a secure and safe environment for the operations of the businesses. Under the Operational security management, the managers and any other relevant party in business are encouraged and sensitize to view operations and activities in their organizations from an adversary perspective in an attempt to ensure that sensitive information and data do not land on wrong hands. In the cases that sensitive and confidential information lands on the wrong hands then the parties illegally holding such information will use it at the expense of the business in question. In the case, the third parties have confidential and sensitive information regarding a business then the information will be used against the business to destabilize its socially, financially, the customers of the business will be insecure and the business will be left vulnerable and at the mercies of the party holding the sensitive information. Equally important, the organization takes measures to protect themself and ensure that it operates in a safe and secure environment. The operational security management incorporates the forensic investigation that ensures that data, information, and evidence on crime is effectively gathered and analyzed to enhance the making of conclusions and decision making on policies, best practices, and approaches to be adopted to ensure that the organization operates in a safe and secure environment. The approach ensures that the management team is on high alert on the breach of data or any attempt of intrusion thus the risks are averted and eliminated before they adversely affect the organizational operations. The operational security management planning that is based on forensic investigations in businesses and organizations is a wide field that concentrated on operational controls, steps processes of operational security and components operational security that have been documented, researched by different scholars and researchers thus positively informing the field.
Various researchers and scholars have devoted their work on researching and documenting the operational security management as well as the incorporation of forensic investigations in the security operations in the interest of security business operations, sensitive and confidential information as well as enhancing a safe environment for the business. According to Kanstren and Evesti (2015), there is a great need to understand the issue of operational security management in terms of the procedures, policies, documentation, developments, and identifications of the relevant resources and assets to be adopted in the security operations. Additionally, there is the need to identify the objective, missions, and goals of engaging in the operational security management for the businesses. The operational security management entails the adoption of information technology (IT), organizational structure, and technology to protect and secure the organizational assets, IT operations and assets against internal and external threats from different sources. The operational security approach ensures that there is the continuous maintenance of security in terms of enhancing integrity, confidentiality and safety of the existing IT systems in the interest of effectiveness and efficiency in the business operations.
Role of operational security management
The role of the operational security management takes the goals, missions, and objectives that the forensics investigation coupled with operational security management aims to achieve for the different businesses and their operations. The operational security management, in this case, is an ongoing process of gathering data, information and evidence to identify security risks and threats thus enhancing the creation of plans and policies to be adopted in averting the arising security issues (Matyas, David and Mark, 20015, 17). The operational security management ensures that the operations within the business are aligned to the regulator or rather the Security Industry Authority (SIA). The regulators such as the SIA have a duty to ensure that securing of business operations and activities have no loophole that leaves them vulnerable or subject to the attack of losing confidential data. The business ensures that the personnel and the assets adopted to enhance e the security operations are licensed under the ISA. The alignment to the ISA ensures that the assets and personnel in place have the ability and knowledge to enhance the security operations respectively in the businesses. Consequently, the operational security ensures that the security personnel are effectively trained and have the relevant qualification to take different roles attached to them. Operational security management notes the gaps in the security operations as well as the changes in the security issues thus organizing training for the issues identified (Brillaulta et al., 2017, 113).This approach enables businesses to conduct effective forensic investigations on threats and risks thus taking the necessary steps to mitigate them. Equally important, the operational security management ensures that security management standards are maintained such that forensic investigations on business operations are conducted to enhance the adoption of the best practices through the maintenance of the set standards. The standards under the operational security management are observed in terms of security framework developed, risk assessment, the understanding of security in the context of the business, implementation, and monitoring of security programs and the security solution (personnel, procedural, information, technical and physical) adopted. The maintenance of the set standards in the forensic investigation and other security operations ensures that the organizations’ operations are updated.
Process/steps of operational management security
Different scholars have studied and researched the subject of implementation of operational management security and forensic investigation to identify and eliminate security threats and risks associated with the business (Cook et al,. 2017, 477). The distinct and basic the process of identification of critical information, analysis of threats, analysis of vulnerabilities, assessment of risks and application of appropriate countermeasures. First, the identification of critical information that needs to be protected is a vital aspect in the course of enhancing security operations. The critical information entails the factual data and information on the organization’s capabilities, intentions, and activities that have a significant contribution to the success and wellbeing of the organization. The critical information has a great impact on the life cycle of activities, programs, and operations in an organization and thus the data should be safeguarded.
The analysis of threats step entails the capability to gather, process, assess and use the forensic information to identify threats and risks that could face the business. The threat analysis process seeks to identify the risk, the adversaries to an organization and their ability to target the business (Cook et al,. 2017, 461).. The threat analysis identifies the actual threats that an adversary is capable of organizing against the business and the extent of damage in the event of an attack. The analysis of different threats and adversaries provides a business with the relevant information in the interest of improving its security.
Wahlgren et al., (2016, 49), notes that the analysis of vulnerabilities is a vital aspect of operational security management. The analysis of vulnerability by the business will concentrate on the adversarial view of activities that require protection within the organization. The analyst identifies susceptibilities, weaknesses, and loopholes that can be exploited by the adversaries to attack business information. Under the analysis of vulnerabilities, different aspects are considered and evaluated such as activities that can be observed by an adversary, information that can be gathered and the specific organizational weaknesses that are likely to be exploited. The different activities and information under the analysis of vulnerabilities the business security team will identify the critical information the adversary can derive and their impacts.
According to Fuchs and Pernul (2012, 401), risk assessment occupies the central point in operational security management and it involves the comparing of vulnerabilities and threats to identify the potential risk posed by adversely intelligence collection activities targeting the business operations. The risks are considered to be high when the level of a vulnerability is high, the adversary threat is evident and the exploitation from the adversely is expected. When the vulnerability is low the adversary collection is considered to be low or moderate and the conclusion is low and no measures are taken or required. The assessment of risk determines the level of risk and the costs to be used in eliminating such risks through effective countermeasures.
The last step in the operational security management is the application of effective countermeasures to eliminate and neutralize risks and threats. The loss of critical information adversely affects organizations to the poi t of failure and thus there is a need to adopt effective countermeasures (Cannon et al., 2010, 303). Every risk and threat has its specific countermeasures that effectively eliminate threats and risks. Equally important, the loss of critical information on business effectiveness needs to be balanced against the cost of implementing corrective measures. Cost-effectiveness of the strategies or countermeasures adopted needs to be considered to ensure that business does not spend so many resources of the security at the expense of their main activities.
Contemporary issues, challenges, and trends in operational security management and forensic investigation
Scholars and researchers have researched and documented changes, issues, and trends in operational security management in terms of threats and risks. The advancement and proliferation of technology have led to an increase in the number of cybercriminals across the globe. The increase in cybercriminals and the advancement of technology have resulted in revolutions and changes in threats thus prompting the security teams to adopt advanced countermeasures.
There has been a ransomware evolution that is a great concern in the cybersecurity the ransomware attacks have increasingly grown with time. The ransomware attacks involved the introduction of a rogue software code that adversely affects the computer system and network holding it hostage until a ransom is paid (Elhoseny et al.,, 2017). The ransomware infiltrates the PC as a Trojan horse or computer worm that is introduced to the system through the weak points or the security vulnerabilities. Therefore, there has been an increase in the trend of the ransomware attacks that acts as a barrier to effective operations.
The increases in the internet-connected devices have increased the IoT threat. The internet-connected devices that have substantially increased include tablets, televisions, mobile phones, and computers both at home and work (Baig et al., 2012, 12). The devices are connected thus making it easy for the attackers to use the internet to conduct attacks through unauthorized access to information. The increases in the internet-connected devices have increased the attacks as the interconnectedness makes the consumers susceptible to attacks.
The blockchain revolution will further contribute insecurities to businesses and organizations. The blockchain technology entails the decentralization and securing of information and this fact possess a great security threat (Lillis et al., 2016). The fact that businesses and organizations are targeting the use and adoption of blockchains in the management and integration of data. The increased adoption of blockchain increasing adopted due to its effectiveness in the management identity management and decentralized access control makes it a risk exercise since in the case of an attack the entire organization is affected to the point of failing or closing down.
Operational security management countermeasures
Researchers and scholars have evaluated the best practices, approaches, and methods to be used under operational security management to counter threats. It is important to note that the cybersecurity field id dynamic and there is a need to continually create and develop effective and advanced countermeasures. One of the advanced security threat countermeasures is the whitelisting of software (Korman et al., 2010, 69). Whitelisting entails the practice of specifying an index of approved executable files and software applications that are authorized to be active and present on the computer system. The practice of whitelisting ensures that only members are allowed and permitted to access a computer system or network. Therefore, whitelisting ensures that cybercriminals are effectively countered and forensic investigation is effectively done since the investigators will only concentrate on different targets within the organization while conducting their investigations.
The securing of standard configurations is incorporated in the operational security management to ensure that data and organizational resources are effectively safeguarded. The secure configurations entail the security measures that are observed and implemented when building and installing network and computer devices in the view of reducing unnecessary cyber vulnerabilities (Otuoze et al., 2018, 467). The observation of the standard security configuration enhances the closing of gaps and vulnerabilities thus enhancing the security of business data, information, and assets.
The patch installation is an effective operational security management countermeasure that ensures that cybersecurity options are effectively updated. Under the patching installation, the IT professionals engage in the changing of the supporting data or the computer programs to ensure that the system is updated, fixed and improved to deal with ant security threats (Otuoze et al., 2018, 467). The security vulnerabilities and bugs are fixed to improve the performance, usability, and functionality of the computer system concerning securing information, data, and assets.
Additionally, controls and administration of privileges concerning access and operation of the computer system and network to ensure that information and assets of the business are only accessed by the right parties (Krishnan, 2017, 39). The administration privileges are regulated in the course of handling communications such as emails, browsing the web and access to the vital resources or assets. The approach of regulation of privileges is effective in the operational security management and the implementation of forensic investigation.
There has been continuous research on the aspects of cybersecurity operation in the field of operational security management and forensic investigations to ensure that organizational information and assets are safe and secure. The researchers have concentrated on different aspects to effectively enhance the cybersecurity of organizations and business. In this regard, scholars and researchers have made a substantial attempt to understand the issue of operations security management with the incorporation of forensic investigations. The topics that have been effectively and widely covered include the role of operational security management, Process/steps of operational management security, Contemporary issues, challenges and trends in the operational security management and forensic investigation and Operational security management countermeasures.
Matyas, D. and Pelling, M., 2015. Positioning resilience for 2015: the role of resistance, incremental adjustment and transformation in disaster risk management policy. Disasters, 39(s1), pp.s1-s18.
Kanstrén, T. and Evesti, A., 2015, September. Security Metrics, Secure Elements, and Operational Measurement Trust in Cloud Environments. In International Workshop on Security and Trust Management (pp. 37-51). Springer, Cham.
Krishnan, P. and Najeem, J., 2017. A multi plane network monitoring and defense framework for sdn operational security. In International Conference on Operating System Security (ICOSS 2017).
Otuoze, A.O., Mustafa, M.W. and Larik, R.M., 2018. Smart grids security challenges: Classification by sources of threats. Journal of Electrical Systems and Information Technology, 5(3), pp.468-483.
Korman, M., Välja, M., Björkman, G., Ekstedt, M., Vernotte, A. and Lagerström, R., 2017, April. Analyzing the effectiveness of attack countermeasures in a scada system. In Proceedings of the 2nd Workshop on Cyber-Physical Security and Resilience in Smart Grids (pp. 73-78). ACM.
Lillis, D., Becker, B., O’Sullivan, T. and Scanlon, M., 2016. Current challenges and future research areas for digital forensic investigation. arXiv preprint arXiv:1604.03850.
Baig, Z.A., Szewczyk, P., Valli, C., Rabadia, P., Hannay, P., Chernyshev, M., Johnstone, M., Kerai, P., Ibrahim, A., Sansurooah, K. and Syed, N., 2017. Future challenges for smart cities: Cyber-security and digital forensics. Digital Investigation, 22, pp.3-13.
Elhoseny, M., Hosny, A., Hassanien, A.E., Muhammad, K. and Sangaiah, A.K., 2017. Secure automated forensic investigation for sustainable critical infrastructures compliant with green computing requirements. IEEE Transactions on Sustainable Computing.
Cannon, D.M., Kaczmarski, M.A., Klingenberg, B.J. and Van Hise, D.G., International Business Machines Corp, 2010. Automatically enforcing change control in operations performed by operational management products. U.S. Patent 7,853,675.
(Otuoze et al., 2018, 467).
Fang, F., Parameswaran, M., Zhao, X. and Whinston, A.B., 2014. An economic mechanism to manage operational security risks for inter-organizational information systems. Information Systems Frontiers, 16(3), pp.399-416.
Cook, A., Janicke, H., Smith, R. and Maglaras, L., 2017. The industrial control system cyber defence triage process. Computers & Security, 70, pp.467-481.
Fuchs, L. and Pernul, G., 2012. Minimizing insider misuse through secure Identity Management. Security and Communication Networks, 5(8), pp.847-862.
Wahlgren, G., Fedotova, A., Musaeva, A. and Kowalski, S., 2016. IT Security Incidents Escalation in the Swedish Financial Sector: A Maturity Model Study. In HAISA (pp. 45-55).
Brillaulta, V., Cornwallb, L., Diasc, N., Dussad, T., Ferrye, S., Gabriel, S., Groepf, D., Kelseyb, D., Kourilg, D., Krasovech, B. and Neilsonb, I., 2017. Coordinating Operational Security in evolving distributed IT-Infrastructures.