Join Us!

Qualification for c...
 
Notifications
Clear all

Qualification for computer forensic readiness  

  RSS
hilmiskandar
(@hilmiskandar)
New Member

Hello and Good evening everyone,

I want to ask something,

To create the forensic readiness is not easy in the organization and they should hire the specialist to solve this issues especially in automotive industry. Can anyone share the experience and thought, what is the qualification for someone to undergo the forensic readiness in automotive industry?

Quote
Posted : 03/12/2018 1:35 pm
mcman
(@mcman)
Active Member

Forensic readiness could mean a lot of things to different businesses. It might just mean a business plan to hire outside help in the event of a breach or intrusion. If you went the internal route, hiring the right people, gear, and tools would be part of that plan. Once that plan has been decided on, the team (specialists) hired to do the work can build out the more tactical approach on how to execute that plan whatever it is. Bottom line, every org is different in their priorities, vulnerabilities, and approach to risk.

Specifically for the automotive industry, are you referring to the forensic readiness and securing of the product (cars), or the business infrastructure around it (networks, computers, etc…)? Because those are two different things and would require very different plans.

Jamie

ReplyQuote
Posted : 03/12/2018 1:56 pm
keydet89
(@keydet89)
Community Legend

Can anyone share the experience and thought, what is the qualification for someone to undergo the forensic readiness in automotive industry?

I'm going to assume that by "forensic readiness", you're referring to the ability to respond to an incident or breach.

If that's the case, then the "qualification" for someone to assist any industry with their "readiness" might start by asking the following questions

- do you have a computer security incident response plan (CSIRP)? if so, does it call for centralized (one central team) or decentralized (each "division" staffs it's own team) incident management? does the plan include designations and taskings in the event of incident, and does it include means of communications (internal, customer facing, etc.)?

- does this plan include a DR section; if so, when was it last tested? how often is it tested?

- do you have an accurate and up-to-date asset inventory, including system owners/controllers? does it also include data managers/owners?

- as part of the asset inventory, are there plans in place for how responders will engage with those systems, should this be required? for example, some systems may be business critical, and "imaging" is out of the question. for other systems (such as AS/400) imaging may simply not be an option.

- do you have a logical network map, showing communications routes and security controls?

- what is being logged on each system, is this appropriate for both the system itself and for "forensic readiness"
- are the logs being forwarded/centrally collected
- are endpoint sensors deployed enterprise wide (refer back to the asset inventory)?

- for all assets, is there a plan for the collection, preservation, retention, and analysis of log data? where is it, and when was it last tested?

Again, this is just a start, but I hope it helps.

ReplyQuote
Posted : 03/12/2018 3:27 pm
hilmiskandar
(@hilmiskandar)
New Member

Specifically for the automotive industry, are you referring to the forensic readiness and securing of the product (cars), or the business infrastructure around it (networks, computers, etc…)? Because those are two different things and would require very different plans.

Jamie

I am referring to the forensic readiness on the business infrastructure which related to the computer, network, software and hardware in automotive industry.

ReplyQuote
Posted : 27/12/2018 2:32 pm
Share: