Abstract

Egalitarianism and justice are amongst the core attributes of a democratic regime and should be also secured in an e-democratic setting. As such, the rise of computer related offenses pose a threat to the fundamental aspects of e-democracy and e-governance. Digital forensics are a key component for protecting and enabling the underlying (e-)democratic values and therefore forensic readiness should be considered in an e-democratic setting. This position paper commences from the observation that the density of compliance and potential litigation activities is monotonically increasing in modern organizations, as rules, legislative regulations and policies are being constantly added to the corporate environment. Forensic practices seem to be departing from the niche of law enforcement and are becoming a business function and infrastructural component, posing new challenges to the security professionals. Having no a priori knowledge on whether a security related event or corporate policy violation will lead to litigation, we advocate that computer forensics need to be applied to all investigatory, monitoring and auditing activities. This would result into an inflation of the responsibilities of the Information Security Officer. After exploring some commonalities and differences between IS audit and computer forensics, we present a list of strategic challenges the organization and, in effect, the IS security and audit practitioner will face.

Keywords

Computer forensics e-discovery IS audit compliance 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Antiphishing Working Group. Phishing Activity Trends Report Q2, 2008 (2008), http://www.antiphishing.org/reports/apwg_report_Q2_2008.pdf
  2. 2.
    Parliamentary Office of Science and Technology. Computer Crime. POSTNOTE, 271 (2006)Google Scholar
  3. 3.
    Harris, S.: To Catch A Thief: Bringing Forensics In-House And The Necessary Tools To Succeed. Amazines (2008)Google Scholar
  4. 4.
    Grobler, T., Louwrens, B.: Digital Forensic Readiness as a Component of Information Security Best Practice. In: Venter, H., Eloff, M., Labuschanc, L., Eloff, J., von Solms, R. (eds.) New Approaches for Security, Privacy and Trust in Complex Environments. IFIP, vol. 232, pp. 13–24. Springer, Boston (2007)CrossRefGoogle Scholar
  5. 5.
    Information Systems Audit and Control Association: CISA Review Manual 2008 (2007)Google Scholar
  6. 6.
    Kruse II, W., Heiser, J.: Computer Forensics: Incident Response Essentials. Addison Wesley, Reading (2004)Google Scholar
  7. 7.
    Rowlingson, R.: A Ten Step Process for Forensic Readiness. Int. Journal of Digital Evidence 2(3) (2004)Google Scholar
  8. 8.
    Sinangin, D.: Computer Forensics Investigations in a Corporate Environment. Computer Fraud & Security 8, 11–14 (2002)CrossRefGoogle Scholar
  9. 9.
    EDRM, The E-Discovery Reference Model, http://edrm.net
  10. 10.
    Chen, L., Wang, G.: An Efficient Piecewise Hashing Method for Computer Forensics. In: 2008 Workshop on Knowledge Discovery and Data Mining, pp. 635–638 (2008)Google Scholar
  11. 11.
    Kotze, D., Olivier, M.: Patlet for Digital Forensics First Responders. In: 18th International Workshop on Database and Expert Systems Applications, pp. 770–774 (2007)Google Scholar
  12. 12.
    US Court, Amendments to the Federal Rules of Civil Procedure (2006), http://www.uscourts.gov/rules/EDiscovery_w_Notes.pdf
  13. 13.
    Marcella, A.: Electronically Stored Information and Cyberforensics. Information Systems Control Journal 5, 44–48 (2008)Google Scholar
  14. 14.
    Information Systems Audit and Control Association, Guidline G28: Computer Forensics (2000)Google Scholar
  15. 15.
    Endicott-Popovsky, B., Frinke, D.: Adding the 4th R: A Systems Approach to Solving the Hackers Arms Race. In: Proc. of the 2006 Symposium 39th Hawaii International Conference on System Sciences (2006)Google Scholar
  16. 16.
    Computer Security Institute CSI Survey 2007 (2007), http://i.cmpnet.com/v2.gocsi.com/pdf/CSISurvey2007.pdf

Copyright information

© ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering 2010

Authors and Affiliations

  • Georgios Pangalos
    • 1
  • Vasilios Katos
    • 2
  1. 1.Aristotle University of ThessalonikiGreece
  2. 2.Democritus University of ThraceGreece

Personalised recommendations