Dear Rick,
Hypothetically, you need a professional forensics exercise done. Key
points to keep in mind would be to select a firm, which:
1. Demonstrates expertise in computer forensics, in terms of the
methodology and tools they propose to use.
2. Understands what 'chain of custody' means, and ensures that this is
protected. Remember, you may want to pursue legal action against the
'very bad person', and would want to gather and analyze evidence in a
manner which stands up in a court of law.
3. Has had past experience with the specific laws governing cybercrimes
in the jurisdiction area of the data center.
4. Has dealt with law enforcement officials and knows how to handle such
situations.
The scope of the investigation could widen, as things progress, and you
should be willing to make a call whether it is worth legally pursuing
the investigation, or you would rather have the forensics firm deliver a
report on how the intrusion really happened, the extent of damage, and
the lessons to be applied so that such events do not recur.
Alternatively, if your efforts to locate a reliable firm fail, you could
contact local law enforcement agencies directly and they might have some
"experts" they could direct you to. This may not really be your best
option.
If this "hypothetical" situation seems realistic, you may also want to
explore the option of an insurance cover. Apparently, shareholders are
involved, which means your company is listed in a stock exchange, and
therefore regulations could be really strict, and penalties really heavy.
Cheers,
KK
K. K. Mookhey
Founder
NII Consulting
Web: www.nii.co.in
------------------------------------
Comprehensive Security Assessment Software
http://www.nii.co.in/products.html
------------------------------------
Richard Piedrahita wrote:
Hi Everyone:
I have a hypothetical situation and two questions:
Hypothetical Situation:
I have taken all the precautions and spent many, many dollars to
protect my little business but yesterday, a very bad person breached
my network defenses and stole some very confidential product,
customer, and financial information from my little business. But,
they didn't get it all. I spotted the activity and crashed the entire
data center before they got some of the key pieces of information.
Fortunately I had a hot site ready to go so my little business is
running again and I am taking extra steps to make things even more
difficult for some one to break into my systems but I know "they" are
going to come after the rest of the information again (the stuff is
worth oogles of dollars, O.K. ;-)
Question 1:
Besides calling the local constabulary, are there any established
and/or reputable private businesses out there that can send a sort of
network tactical investigative team to investigate the incident (do
the network investigation legwork (audit all the logs, traffic
analysis, etc.), develop the evidence, deliver the reports, and tell
me who (maybe not by name) did what, when they did it, how they did
it, and from where they did it, etc.
What I need is a cross between the U.S. Marines, Dick Tracy, and Lt.
Cmdr. Data (Star Trek) that can look at all this and tell me something
useful in a reasonable amount of time. I don't think the local
constabulary can handle something like that in a short amount of time
so I will need serious help for this.
Question 2:
Along the same line, does anyone know of any good Public Relations
firms that could help my little company manage to ensuing maelstrom
once the public finds out (especially my shareholders, ouch!) that my
little company lost it's customer's personal information, valuable
trade secrets, etc.?
Oh yeah, don't worry about the attorneys; I already have a dozen of
them paid for in advance for the next decade.
Any information would be most appreciated.
Thanks, Rick.
***** CONFIDENTIALITY NOTICE *****
This message contains confidential information and is intended only for
the individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail. Please notify the sender
immediately by e-mail if you have received this e-mail by mistake and
delete this e-mail from your system.
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------
