12/14/13 Prof. KS@2013 cit FDP coimbatore Dec 21,2013 1 Prof. K. Subramanian SM(IEEE), SMACM, FIETE, LSMCSI,MAIMA,MAIS,MCFE,LM(CGAER) Academic Advocate ISACA(USA) in India Professor & Former Director, Advanced Center for Informatics & Innovative Learning (ACIIL), IGNOU HON.IT Adviser to CAG of India & Ex-DDG(NIC), Min of Communications & Information Technol9ogy Former President, Cyber Society of India Founder President, eInformation Systems Security Audit Association (eISSA), India Cyber Forensics An intro & Requirement Engineering
32
Embed
Cyber forensics intro & requirement engineering cit dec 21,2013
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
12/14/13 Prof. KS@2013 cit FDP coimbatore Dec 21,2013 1
Prof. K. SubramanianSM(IEEE), SMACM, FIETE, LSMCSI,MAIMA,MAIS,MCFE,LM(CGAER)
Academic Advocate ISACA(USA) in IndiaProfessor & Former Director, Advanced Center for Informatics & Innovative Learning
(ACIIL), IGNOUHON.IT Adviser to CAG of India
& Ex-DDG(NIC), Min of Communications & Information Technol9ogyFormer President, Cyber Society of India
Founder President, eInformation Systems Security Audit Association (eISSA), India
Cyber Forensics An intro & Requirement Engineering
12/14/13 Prof. KS@2013 cit FDP coimbatore Dec 21,2013 2
FRAUD& THEFT
SCAVENGINGVIRUS
ATTACK
ACCIDENTALDAMAGE
NATURAL DISASTER
UNAUTHORISED ACCESS
INTERCEPTION
TROJAN HORSES
INCOMPLETE PROGRAMCHANGES
HARDWARE /SOFTWARE
FAILURE
SOCIAL ENGINEERING
ATTACK
DATA DIDDLING
IS
PASSWORDS
ENCRYPTIONANTI-VIRUS
BACKUPS
HARDWARE MAINTENANCESECURITY
GUARDS
INPUT VALIDATIONS
AUDIT TRAILS
PROGRAM CHANGE DOCUMENTATION
AUTHORISATION
BUSINESS CONTINUITY PLAN
LOSING TO COMPETITION
LOSS OF CUSTOMERS
LOSS OF CREDIBILITY
EMBARRASSMENT
FINANCIALLOSS
12/14/13 2
12/14/13 Prof. KS@2013 cit FDP coimbatore Dec 21,2013 3
Enterprise Management
12/14/13 3
12/14/13 Prof. KS@2013 cit FDP coimbatore Dec 21,2013 4
Cyber/Information ForensicsNew Challenges
Evidence Collection Collation Organization Analysis Presentation Preservation Acceptable to Judiciary
Environment Encrypted/Non Encrypted
Identity Management Access Mechanism
Local Remote
Single network Multiple network
Access control Password controlled Token Controlled Bio-metric Controlled
4
12/14/13 Prof. KS@2013 cit FDP coimbatore Dec 21,2013 5
A highly trained manpower Appropriate tools Strong Cyber Law Certified Fraud Examiners
Methods: E-mail tracking Hard Disk forensics Decrypting of data Finding hidden/ embedded
links Tracing compromised source
servers
512/14/13
12/14/13 Prof. KS@2013 cit FDP coimbatore Dec 21,2013 6
What could all this lead to?Loss of Confidential/ Secret InformationLoss of Confidential/ Secret Information
Loss of intellectual property Loss of intellectual property
Loss of customer confidenceLoss of customer confidence
Loss of RevenueLoss of Revenue
Implications on social set upImplications on social set up
CYBER TERRORISMCYBER TERRORISM
12/14/13 6
12/14/13 Prof. KS@2013 cit FDP coimbatore Dec 21,2013 7
Auditors fail to discover Fraud because they are not looking for it!
Victims seldom squeal! It is not good form to be the whistle blower, the bad guy, one who reveals all.
Human nature: Hide failures not admit them Conceal problems not discuss them Defend wrong decisions not admit them Cover up mistakes not own up
12/14/13 7
12/14/13 Prof. KS@2013 cit FDP coimbatore Dec 21,2013 8
What is Forensic Audit?Forensic – “Belonging to, used in or suitable to courts of judicature or to public discussion and debate.
Audit - the process which identifies the extent of conformance (or otherwise) of actual events with intended events and pre-determined norms for different activity segments in accordance with established criteria.
12/14/13 8
12/14/13 Prof. KS@2013 cit FDP coimbatore Dec 21,2013 9
Partition data- Data multiplication or oversampling- For example, 50/50 distribution
12/14/13 Prof. KS@2013 cit FDP coimbatore Dec 21,2013 2712/14/13 27
Implementing the Crime Detection
System:Action Component
12/14/13 Prof. KS@2013 cit FDP coimbatore Dec 21,2013 2812/14/13 28
• Deployment– Plan deployment
- Manage geographically distributed databases using distributed data mining- Take time into account
– Plan monitoring and maintenance- Determined by rate of change in external environment and organisational requirements- Rebuild models when cost savings are below a certain percentage of maximum cost savings possible
12/14/13 Prof. KS@2013 cit FDP coimbatore Dec 21,2013 2912/14/13
29
• New Crime Detection Method• Crime Detection System• Cost Model• Visualisations• Statistics• Score-based Feature• Extensive Literature Review• In-depth Analysis of Algorithms
12/14/13 Prof. KS@2013 cit FDP coimbatore Dec 21,2013 3012/14/13 30
• Imperfect data– Statistical evaluation and confidence intervals– Preparation component of crime detection system– Derived attributes– Cross validation
• Highly skewed data – Partitioned data with most appropriate distribution– Cost model
• Black-box predictions – Classification and clustering visualisation– Sorted scores and predefined thresholds, rules
12/14/13 Prof. KS@2013 cit FDP coimbatore Dec 21,2013 3112/14/13 31
• Lack of domain knowledge– Action component of crime detection system– Extensive literature review
• Great variety of fraud scenarios over time– SOM– Crime detection method– Choice of algorithms
• Assessing data mining potential– Quality and quantity of data– Cost model– z-scores
12/14/13 Prof. KS@2013 cit FDP coimbatore Dec 21,2013 32