Discussion responses

Prashanthi
ERM-Post1.docx

Investigative forensic is integral part of enterprise risk management. Since 2000, when the technology of personal computers and the Internet has been established, the risk of crimes such as unauthorized access to companies and cyber warfare and cyber terrorism between nations has increased. Therefore, the international treaty "Cybercrime Treaty" came into effect in 2004, and as of March 2019, there are 63 contracting parties. In addition, since 2010, with the spread of smartphones and the development of communication technology, cyber-attacks and unauthorized access are no longer a problem only for large companies and nations (Burton, 2010). In the age of tablets and IoT, not only personal computers and smartphones, many things will be connected to the Internet. According to research firm IDC, global data traffic is projected to increase from 23 zettabytes in 2017 (1 zettabyte = 1 billion terabytes) to 175 zettabytes in 2025. The risk of information leakage increases accordingly, and business data is mainly stored as data in core systems such as SFA, CRM and ERP, and it is taken out by internal humans in addition to external attacks. Therefore, the importance of digital forensics has been increasing in recent years, and it is necessary for general companies to consider digital forensics and forensic surveys in case of emergency.

Investigative forensic forms integral part of the risk management. In fact investigative forensic makes risk management even better. Remember that in risk management, companies are expected to predict the possible risks that are likely to occur. Risk management plan is normally prepared prior to occurrence of risk. As such, it is often very challenging to predict something that has not occurred yet. To complicate the matter, most of the digital risks are very hard to identify. Cyber ​​criminals are cunning. Hide yourself well and wait until the best moment to attack (Casey & Souvignet, 2020). Once a threat attacker has begun to move, it is very important to have a complete picture of the breach and to determine exactly how far the system has been compromised and what data has been stolen. In many cases, the only way to achieve this is to do a detailed digital forensic or computer forensic investigation. As a result, companies need information security consultant who capture and analyze data stored on hard drives, CDs, DVDs, USB media, and more, using incident response procedures. Computer forensic investigations can be conducted during incident response or individually at the request of the customer.

If investigative forensic is conducted during incidence response, it will help the company have a very comprehensive incidence response strategy. Forensic investigation and incident response services provide full-scale investigation from support for initial response in the event of an external attack such as a targeted attack on a corporate network, or a security incident such as falsification of a web application or unauthorized access. Forensic investigation, malware analysis, log analysis, etc.), recovery support and advice on recurrence prevention measures are provided in one stop (Casey & Souvignet, 2020). This is because in most cases, the investigative team include forensic engineers, malware analysis experts, attacker's perspectives, and penetration testers who are familiar with thinking, to clarify the actual situation of incidents. In cases where an incident is suspected, it is difficult to grasp the entire event only by individual analysis of logs and malware, and as a result, subsequent responses and judgments may be mistaken. In order to grasp the event that occurred as accurately as possible, we comprehensively analyze multiple pieces of information such as the entire computer to be investigated, logs, and malware (Brender & Markov, 2013). When cybercrime is detected, if the system is repaired immediately without clarifying the whole picture in the investigation, the part other than the repaired part will be exposed and there is a risk of further exposure to cybercrime.

References:

Burton, I. (2010). Forensic disaster investigations in depth: a new case study model. Environment, 52(5), 36-41.

Casey, E., & Souvignet, T. R. (2020). Digital transformation risk management in forensic science laboratories. Forensic Science International, 316, 110486.

Brender, N., & Markov, I. (2013). Risk perception and risk management in cloud computing: Results from a case study of Swiss companies. International journal of information management, 33(5), 726-733.