Beyond the utilization of threat assessment or management teams, enterprises are going to the next level in creating a "Corporate Intelligence Unit" (CIU). The CIU is providing the "Strategic Insight" framework and assisting the organization in "Achieving a Defensible Standard of Care."The framework elements that encompass policy, legal, privacy, governance, litigation, security, incidents and safety surround the CIU with effective processes and procedures that provides a push / pull of information flow. Application of the correct tools, software systems and controls adds to the overall milestone of what many corporate risk managers already understand.The best way in most cases to defend against an insider attack and prevent an insider incident is to continuously help identify the source of the incident, the person(s) responsible and to correlate information on other peers that may have been impacted by the same incident or modus operandi of the subject. "Connecting The Dots" with others in the same company or with industry sector partners increases the overall resilience factor and hardens the vulnerabilities that are all too often being exploited for months if not years.In retrospect, you can be more effective investigating and collecting evidence in your company to gain a "DecisionAdvantage". To pursue civil or criminal recovery of losses from these insider incidents, you may not go to law enforcement, but it's likely they will come to you once they get a whistle blower report, catch the attacker and/or they have the evidence that you were a victim.
20 February 2011
The key Operational Risk Management news from this years RSA Conference is now coming in, yet there are inside sources who still need to be interviewed. What did they think was the most brilliant presentation or idea(s) presented?
This particular release caught some eyes as it addresses much of the thinking on the latest evolution of the Security Operations Center (SOC):
The evolution of the SOC in your enterprise may start in some unconventional places. Who is it in your organization that is responsible for the loss of corporate assets? Who in your company is the one who determines what items are counted as losses to the bottom line? Who does the enterprise look to when the crisis hits and people are looking for answers in minutes, not hours, or days? Who picks up the phone to answer the call from the FBI Field Office?
These may not be the people you think of in the CIO's office or IT department. These people however need to be part of the combined Security Operations Center solution in the company. The Advanced Persistent Threat (APT) now represents the intersection of prudent strategy from the business leadership, the accounting or finance leadership and the risk management leadership. If the CIO is looked upon as the key executive running a "Utility" inside the enterprise, think again.
This blog has discussed the "Corporate Intelligence Unit" this past April 2010 :
How your organization pulls together the right people to staff and operate your "CIU" is going to depend on your culture, funding and current state of the threat. The shareholders and stakeholders will be asking you about those losses in the Annual Report attributed to fees being paid to thousands if not millions of customers and members for such services as credit report monitoring and ID Theft service alerts.
Here is another thought. A thorough review of the current funding, staffing and strategy of a SOC or CIU in the enterprise may even become another criteria for whether you should engage as a customer or investor.
13 February 2011
The last two plus weeks the planet Earth has witnessed the use of Digital Social Media to help facilitate the overthrow of the 30 year reign of Hosni Mobarak in Egypt. Is this the last example of how the use of the Internet combined with the masses of humanity can overthrow government leadership? The Operational Risk to nations states and the implications of the impact on business, commerce and political outcomes is increasingly being subjected to the new digital influence of social networking apps.
(CBS) The revolution in Egypt was historic not only for toppling President Hosni Mubarak after 30 years, but for revealing the awesome power social media had amassed - enough to be the instrument that inspired hundreds of thousands of people already staunchly opposed to the regime to rise up and act as one.
Now the questions are already being asked - can social media's power be used that way again and if so, where and when?
The protesters In Egypt were mobilized largely via the use of Facebook and Twitter, over 18 long days.
Special Section: Historic Change in Egypt
The revolt there is already being dubbed the Social Media Revolution.
It started Jan. 25, with a call-to-action -- from a Facebook page dedicated to Khalid Said, an Egyptian businessman who was beaten to death by police last summer after threatening to expose police corruption.
Millions of Egyptian youth are big users of Facebook, and saw the page.
Over time, a few prominent faces emerged from the masses. One, Google executive Wael Ghonim, identified by Mubarak's government as the creator of that first Facebook page, was detained.
But the movement had already gained momentum.
Facebook and Twitter, said one protester, "It's a very good way for communication. It has no power or control from anyone."
Now that the US State Department has established a Twitter feed in Arabic, the odds are that the strategy to more effectively communicate US policy to the muslim world will grow. The risks associated with the speed of communications via the Internet and the "Ground Truth" situational awareness have forever changed the meaning of an "Intelligence-led" enterprise. The continuous news cycles fueled by the masses will provide the Fortune 500 executives and the nations states world leaders with the sentiment of their brand, their policy or their reputation at the touch of a personal "Blackberry" or "iPhone."
What has not changed however, is the requirement for increased confidentiality, integrity and assurance of information whether that be streaming from the US State Department feed or the public relations department of a company such as Cisco. Will human behavior begin to migrate from reading the latest official press releases or the Facebook and Twitter feeds to better understand the current state of affairs on the company. The answer is both. It will just be a matter of what lens you want to look through to determine the truth about a subject or situation with the organization that you are investigating.
The information integrity conversation is ongoing from the board room to battle field. How do you continuously insure that the Intel or the digital data you are receiving is the truth and not changed along the path to the leaders decision support consoles? Monitoring the information streams within an organization is not only a strategic necessity, it is a survival requirement.
The Digital Domains will continue to be threats to Nations States and Corporate Board Rooms for years and decades to come.
07 February 2011
At the speed of the modern global enterprise, cyber incidents are a growing component of operational risk, according to 1SecureAudit Managing Director and Chief Risk Officer Peter L. Higgins. Digital forensics intelligence provides analysts, investigators and management the ability to make more informed decisions regarding a prudent course of action. Utilizing digital evidence can mean the timely detection of unethical behavior by an employee or the intelligence nexus with kidnapping, child pornography, industrial espionage or terrorism. The legal process in a specific state or country and the preservation of evidence, chain of custody and even early case assessment are now a converging area of concern with local and state law enforcement, prosecutors and defense law firms.
"The 1SecureAudit Digital Forensics Practice capitalizes on the Digital Forensic POD powered by Evidence Talks Ltd. Our systems enable our team of subject matter experts to work on clients cases across the country or across the world," said Higgins. "Our certified professionals using the Digital Forensics POD gives a client quick access to resources that can help with an investigation without the high cost of flying people across the country or the globe."
"A good lesson learned from my first-hand experience in Afghanistan is that we depend on support back home from subject matter experts to help our soldiers remotely without the need to be in the actual combat zone," said Cristian Balan (CISSP, CHFI) of NY Computer Networks.
"We recognized that many police agencies, as well as law firms, needed an affordable solution to help clear up their digital forensics back log," said Craig Cantwell, SVDFL Forensics Laboratory Director. "By teaming up with 1SecureAudit and Cristian Balan and using our remote digital forensics POD systems, we are able to offer more clients a better economy of scale and service at a price that they can justify."
Counselors initial conferences and additional motions for discovery during litigation results in the need for additional digital forensics capacity. The Digital Forensics POD assists with case backlog especially as court dates approach rapidly or many cases at the same time. "We are excited to be working with Peter Higgins and the team at 1SecureAudit, as well as Cristian Balan of NY Computer Networks who brings his full Digital Forensic and Incident Response capabilities to the team," said Cantwell.
1SecureAudit has assembled a team of professionals that are ready to work on clients cases for a secure and timely response. With the advent of Remote Digital Forensics powered by Evidence Talks, the level of service and responsiveness that first responders can provide has increased tenfold. The firm's MetaLogic early case assessment services will ensure both civil and criminal cases are ready for an initial meeting with the legal teams. FlexResponse professional services ensures that client have the additional expertise available on demand as a case unfolds. The law enforcement organization, state or county prosecutors and private law practice now has access to experts across the country or the world at a moment's notice.
For more information visit RemoteForensics.us (http://www.RemoteForensics.us) or e-mail Dispatch@RemoteForensics.us.