Company

LOGO

Computer Security and Forensics

Computer Security and Forensics

By Kim Cassinelli, Eriko Yamaguce and Stefan Schuebel

AgendaAgenda

1. Overview of Desert Tan1. Overview of Desert Tan

2. Computer Security 2. Computer Security

3. Computer Forensics 3. Computer Forensics

4. Conclusions 4. Conclusions

Concept MapConcept Map

What is

Computer

Security? . Function

Examples

from Real

WorldRecomenation

Cost Analysis

Conclustion

What is

Computer

Forensics?Function

Enron

Case Study

Desert TanDesert Tan• Desert Tan is a small company which provides

customers with tanning options. • They offer state-of-the-art equipment in both light beds

and spray on tans. • Currently they have 10 different franchise locations

within the Northwest. • Their unique online presence allows customers to create

an online account similar to online banking.

Desert Tans‘ QuestionsDesert Tans‘ Questions

• How can we provide customers safe and secure online transactions?

• How can computer forensics help monitor inappropriate employee and franchise activity?

• What are the costs associated with implementing a monitoring system?

Definition Computer SecurityDefinition Computer Security• Computer security is a branch of technology known as

information security as applied to computer.  • The objective of computer security varies and can

include protection of information from theft or corruption, or the preservation of availability, as defined in the security policy. 

• Computer security imposes requirements on computers that are different from most system requirements because they often take the form of constraints on what computers are not supposed to do.

Source: www.wikipedia.com

What Covers Computer Security?

What Covers Computer Security?

Source: data bases on CSI Survey 2007

Survey Reading ListSurvey Reading List

What type of computer attacks do you know?

What type of computer attacks do you know?

Source: CSI Survey 2007

Estimate the total loss in Dollar due to computer attacks in 2007 for the US:

Estimate the total loss in Dollar due to computer attacks in 2007 for the US:

• $ 66,930,950

Source: CSI Survey 2007

Estimate the percentage loss due to insiders:

Estimate the percentage loss due to insiders:

Source: CSI Survey 2007

Estimate the percentage of users having an anti virus software, firewall, anti spyware software, forensic tools:

Estimate the percentage of users having an anti virus software, firewall, anti spyware software, forensic tools:

Source: CSI Survey 2007

98%97%

80%

40%

6 layers of security6 layers of security

Source: www.hp.com

Telephone Interview to Trend MicroTelephone Interview to Trend Micro

Question: What are the common 3 questions about computer security from small companies?

• No. 3 How often should they upload their computer security software?

• No. 2 What should they do?• No. 1 How much should they prepare for

computer security?

Definition Computer ForensicsDefinition Computer Forensics• Computer forensics is a branch of forensic

science pertaining to legal evidence found in computers and digital storage mediums.

• Computer forensics adheres to standards of evidence admissible in a court of law. Computer forensics experts investigate data storage devices, (such as hard drives, USB Drives, CD-ROMs, floppy disks, tape drives, etc.), identifying, preserving, and then analyzing sources of documentary or other digital evidence.

• Computer Forensics Video

Source: www.wikipedia.com

Enron CaseEnron Case

• Arthur Andersen & Company said the accounting firm had destroyed a ''significant but undetermined'' number of documents relating to Enron and its finances.

• Questions for the Class:– What should Enron have done as an organization

when these allegations were made?– What would you have done if you were the CEO,

CTO, or lawyer of Enron?

Question 1Question 1

• How can we provide customers safe and secure online transactions?– Only certain employees have access to

customer information– PayPal

PayPal includes all these features:

• Secure system• Fraud protection• Reporting tools• Shipping and sales tax tools

Question 2Question 2

• How can computer forensics help monitor inappropriate employee and franchise activity?

• All internet security• Your company needs to decide the level of

protection they are looking for.

Question 3 - Cost AnalysisQuestion 3 - Cost Analysis

Source: CSI Survey 2007

Recommendet next stepsRecommendet next steps

• Do more research on what you are currently using

• Use PayPal• Discuss with your IT specialist which

security programs are best for your company and what are appropriate next steps

QUESTIONS??QUESTIONS??