±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 1 Overall: 34850
New Yesterday: 8 Visitors: 252

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

Qualification for computer forensic readiness

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

Qualification for computer forensic readiness

Post Posted: Mon Dec 03, 2018 7:35 am

Hello and Good evening everyone,

I want to ask something,

To create the forensic readiness is not easy in the organization and they should hire the specialist to solve this issues especially in automotive industry. Can anyone share the experience and thought, what is the qualification for someone to undergo the forensic readiness in automotive industry?  

hilmiskandar
Newbie
 
 
  

Re: Qualification for computer forensic readiness

Post Posted: Mon Dec 03, 2018 7:56 am

Forensic readiness could mean a lot of things to different businesses. It might just mean a business plan to hire outside help in the event of a breach or intrusion. If you went the internal route, hiring the right people, gear, and tools would be part of that plan. Once that plan has been decided on, the team (specialists) hired to do the work can build out the more tactical approach on how to execute that plan whatever it is. Bottom line, every org is different in their priorities, vulnerabilities, and approach to risk.

Specifically for the automotive industry, are you referring to the forensic readiness and securing of the product (cars), or the business infrastructure around it (networks, computers, etc...)? Because those are two different things and would require very different plans.

Jamie  

mcman
Senior Member
 
 
  

Re: Qualification for computer forensic readiness

Post Posted: Mon Dec 03, 2018 9:27 am

- hilmiskandar
Can anyone share the experience and thought, what is the qualification for someone to undergo the forensic readiness in automotive industry?


I'm going to assume that by "forensic readiness", you're referring to the ability to respond to an incident or breach.

If that's the case, then the "qualification" for someone to assist any industry with their "readiness" might start by asking the following questions:

- do you have a computer security incident response plan (CSIRP)? if so, does it call for centralized (one central team) or decentralized (each "division" staffs it's own team) incident management? does the plan include designations and taskings in the event of incident, and does it include means of communications (internal, customer facing, etc.)?

- does this plan include a DR section; if so, when was it last tested? how often is it tested?

- do you have an accurate and up-to-date asset inventory, including system owners/controllers? does it also include data managers/owners?

- as part of the asset inventory, are there plans in place for how responders will engage with those systems, should this be required? for example, some systems may be business critical, and "imaging" is out of the question. for other systems (such as AS/400) imaging may simply not be an option.

- do you have a logical network map, showing communications routes and security controls?

- what is being logged on each system, is this appropriate for both the system itself and for "forensic readiness"
- are the logs being forwarded/centrally collected
- are endpoint sensors deployed enterprise wide (refer back to the asset inventory)?

- for all assets, is there a plan for the collection, preservation, retention, and analysis of log data? where is it, and when was it last tested?

Again, this is just a start, but I hope it helps.  

keydet89
Senior Member
 
 

Page 1 of 1