Alternatives to Proprietary Digital Forensics for SMEs

Alternatives to copyrighted Digital Forensics for SMEsRealistic alternative to expensiveProprietary Digital Forensicsand Security products for SMEs.Alan David BlaisAbstractOrganisations form recently developed an aw arness about the necessity of having their systems unassailable and protected from external as well as natural threats. This sudden aw beness is believed to be due to recent major events about breaches and earnest issues faced by many an(prenominal) organisations. The consequences of these breaches and gage issues had so many negative impacts that it has created a real sentiency. Although the UK is among the leading countries in this regard Europe, it still has a long personal manner to go, according to training director for the Sans Securing The Human Program, Lance Spitzner. (Cybersecurity cognizance SANS 2015)Many organisations make water already invested genuinely considerable amount of m hotshoty into making their systems battenr while different are still thought whether investing money in security has a return on investment (ROI) or not. On the other hand, for sm in all and medium enterprises (SME), it is an finishedly variant story, with the world financial crisis, it is already particularly embarrassing for SME to survive, and about of them are struggling to keep their companies running and many of them arsenot afford the cost for modify the security of their system as it should be.Most of them, try to use short-term fix like cheap firewall and anti-virus, relinquish patches and updates disdain knowing that having a single/some layer/s of security is not enough. any(prenominal) of the SMEs also uses free available tools and applications but most of these tools are specialised in moreover one aspect of security, thus some(prenominal) different applications are needed to provide better security. It is difficult to decimate several different tools and applications at the same time. This figures aims at finding a closure to solve the above mentioned problem by designing a software/ weapons platform for managing different tools and applications remotely employ the intentional software/platform.1. Background 2 foliates1.1 Introduction tally to a new choose on the master(prenominal) causes of European privacy, breaches come from organisations own errors, insider abuse and other internal mis forethought issues. The director of the study, P. Howard believe that only 41% of the incidents reported are external attacks by hackers and that 57% of the incidents which were ca apply by administrative error, exposed online, insiders or ca apply by missing hardware configuration. (Most European Breaches Caused by Organizational Error, Insider Attacks 2015)Based on the above study findings, we can therefore assume that having proper internal security mechanism at bottom an organisation can significantly reduce the number of incidents. Despite knowing that, some organisations are still not melio rate their security as it should be. The main reason is the cost associated to security some people at management direct still think that investing on security has no direct impact on the main objective of business which is to make profit.It is true that many organisations awareness about security have recently changed due to the consequences of breaches on other organisations but Cyber Security awareness is still in its early childhood in most organisations and not all organisations can afford the cost associated to security, Small and medium enterprises are generally not able to afford it.Moreover, very much of the software available on the market contract on one particular aspect of security kinda than having a single platform that caters for different aspect of security at an affordable price for SMEs. It seems that a growing trend is growing at heart SMEs, which is the use of cave in source software (An evaluation of open source software adoption by UK SMEs in the IT ind ustry.) such as Volatility. But even that, it is not an efficient way to manage several applications all at the same time. A possible solution would be to use an application as a platform for using other open source software with the capability of managing all these remotely.This foresee is about designing that platform to provide incident response, digital forensics, army and net induce security as well as malware analysis capability. The platform leave alone provide all the above mentioned capability remotely and having a server-client architecture.1.2 Relevant past and current workAlien pretermit has a software which provides a platform to manage different aspect of security all on one platform called integrate Security attention (USM). The software is a commercial one and provides the management of tools which themselves are commercial software whereas this cast off aims at using available free software and in-house built features to provide a platform for managing differ ent aspects of security at an affordable price.Below is the management features available in Alien Vault USM and other traditional SIEM.As we can see from both screen capture, many traditional SIEM fill 3rd party product to provide some features. Below are the security features provided by stranger vault.The USM provides a single platform for managing and reminder different aspect of security.2. Project Description 1 Page2.1 Project Over consumeThis discombobulate aims at designing a platform for managing open source and free applications/tools as well as providing in-house built features. The platform will be dealing with different aspect of security such as incident response, digital forensics, host and network security and malware analysis.The digital forensics capability will be the central part of the exteriorise from which incident response and malware analysis will be derived from. The host and network security will be on top of the base structure which comprises the th ree other aspects.The digital forensics and malware analysis can be split further at a high level view as we can see from the diagram to the left side. Live and static forensics for digital forensics on the other hand Static and dynamic analysis for malware analysis.2.2 Importance of this projectSecurity should be the botheration of everybody, SMEs should be given alternative option to expensive security products to enable them to provide more secure services to clients, which in-directly or directly can affects anybody. This project aims at providing a cost effective solution by providing a platform to manage open source tools and application. The main assumption will be, despite knowing that free applications and tools have limitations, it is a better option than having no security at all or limited one due to having a limited budget for security.2.3 Aims and ObjectivesIt is Copernican in a project to properly design the aims and objectives since it allows the setting up of the directionthe direction in which the project must go with. Objectives allow us to measure and assess the outcome of the project. Please refer to Appendix A for the aims and objectives.3. curriculum and methodology 3 Pages3.1 Spiral MethodologyThe hand-build methodology seems to be the best option to oblige the project. The spiral methodology as compared to waterfall methodology has the advantage of demonstrating that development projects work best when they are both incremental and iterative, where the development is able to start small and benefit from enlightened trial and error along the way.The spiral methodology reflects the relationship of tasks with rapid prototyping, increased parallelism, and concurrency in designing and building activities. The spiral method should still be planned methodically, with tasks and deliverables identified for each step in the spiral.Throughout the entire project we are going to use the spiral methodology for the design and development of th e software/platform. The adjoining part of this section will be the planning of tasks and deliverables as well as expected Milestone.why do you think the spiral best suits your project? Not the other methodology give concrete examples.3.2 Project Management3.2.1 Budget Planning3.2.1.1 MilestoneThe table under is just an estimation of how much time each task will take and gives us enough information to plan the project in a more realistic way. Generally tasks will be performed in parallel rather than in a linear way which has its advantages and disadvantage such as time manner of speaking and whereby some tasks must be completed prior to some other tasks.3.2.1.2 Gantt ChartPlease find below a Gantt chart representing the planned tasks over the budget allocated to us.3.3 Project ApproachThe first part of the project will focus on the literature review where we are going to analyse tools, applications and process/features which are relevant to the project.The next part, we will be talking about why the features/applications/tools magnate be important for SMEs and their security from a technical and non-technical perspective.The third step will be to developed the features and integrate the tools/applications within the designed platform.The final step will be the testing and documenting of the results obtained and makes sure that the aims and objectives are satisfied.4. Ethical and court-ordered Consideration 1 pageBefore starting a project, it is crucial to properly understand the internal policies of the organisation you are developing something for and any local laws that might apply to the project.Some features of the project might invade the privacy of the users which in our case will be employees. It is a good practise to have policies about the possibility of companys resources being monitor lizarded and might be investigated without prior notice or user permission but this might not be enough in a trial. mavin alternative would be to make sure th e company where we are going to implement this project displays a well-defined warning banner. Without a banner, the right to investigate or monitor a system used by employees might conflict with users expectation of privacy.The EU and its member nations which include UK reduce a strict fine for information that crosses national boundaries without the persons consent.4.1 Law in UKAccording to the UK Governments website (https//www.gov.uk/selective information- security measure-your-business/monitoring-staff-at-work), it is possible for employer to monitor employees at workplace if the below conditions are metBe do about the reasons for monitoring staff and the benefits that this will bring.Identify any negative effects the monitoring whitethorn have on staff. This is called an impact assessment.Consider whether there are any, less intrusive, alternatives to monitoring.Work out whether the monitoring is justified, taking into account all of the above.Monitoring employees activities on a computer system is cover by the data protection act. Data protection law doesnt prevent monitoring in the workplace. However, it does set tear down rules about the circumstances and the way in which monitoring should be carried out. Based on UK law, it is also for employers to monitor their employees without their consent for specific reasons. (Please refer to Appendix B for the reasons)4.2 EthicsThe question about whether it is honourable to monitor or investigate on employees can be debate on different point of view which can include the privacy of users, the need to protect clients data, to provide reliable and trustful services to client by minimising the risks of external as well as internal threats such as insiders.But at the end of the day, the majority always win over the minority, what would be more ethical? Monitoring hundreds of employees or having more than one million clients credit card exposit unprotected from insiders?5. Impact 0.5 0.75 page5.1 National Im portanceServices provided by SMEs such as data storage, clients data management, POS information management, companies secret industrial process and many others will be more secure since the SMEs will improve on their security using a cost saving solution and providing several layers of security.Risks associated to insiders will be minimised.5.2 Commercial ImpactThe platform could be sold at an affordable price or via a donation mechanism. The money can then be used for developing new features, improves existing features and provide upgrades.5.3 Academic ImpactThis project can provide a platform for further research opportunity such as look into can be do about why despite knowing that security is crucial still SMEs are not improving their security? Cost associated with security products?The assessment of the impacts on security in general if security products were cheaper and comfortably available for on SMEs.Does security improved if managed and monitored using a single platform rather than using several different security products (Efficiency and conflict arise when using several security products).ReferencesCyber security awareness still in its infancy, says Sans Institute. 2015.Cyber security awareness still in its infancy, says Sans Institute. ONLINE for sale athttp//www.computerweekly.com/news/2240234932/Cyber-security-awareness-still-in-its-infancy-says-SANS-Institute. Accessed 18 May 2015.Information Security Awareness Training Cybersecurity Awareness SANS. 2015.Information Security Awareness Training Cybersecurity Awareness SANS. ONLINE Available athttp//www.securingthehuman.org/. Accessed 18 May 2015.Study Finds Most European Breaches Caused by Organizational Error, Insider Attacks The severalize of Security. 2015.Study Finds Most European Breaches Caused by Organizational Error, Insider Attacks The State of Security. ONLINE Available athttp//www.tripwire.com/state-of-security/latest-security-news/study-finds-most-european-breaches-caused- by-organizational-error-insider-attacks/. Accessed 18 May 2015.Brunel University Research collect An evaluation of open source software adoption by UK SMEs in the IT industry. 2015.Brunel University Research Archive An evaluation of open source software adoption by UK SMEs in the IT industry. ONLINE Available athttp//bura.brunel.ac.uk/ clutches/2438/4509. Accessed 18 May 2015.Brian Buffett, UNESCO Institute for Statistics (2014)Factors influencing open source software adoption in public vault of heaven national and international statistical organisations, ONLINE Available at http//www.unece.org/fileadmin/DAM/stats/documents/ece/ces/ge.50/2014/Topic_1_UNESCO.pdf Accessed 18 May 2015.SMEs attend Governments make huge IT savings. PretaGov. 2015.SMEs help Governments make huge IT savings. PretaGov. ONLINE Available athttps//www.pretagov.co.uk/news/sme2019s-help-governments-make-huge-it-savings. Accessed 18 May 2015.How SMEs can drive growth through new technologies. 2015.How SMEs c an drive growth through new technologies. ONLINE Available athttp//yourbetterbusiness.co.uk/how-smes-can-drive-growth-through-new-technologies/. Accessed 18 May 2015.Unified Security Management (USM) Platform. 2015.Unified Security Management (USM) Platform. ONLINE Available at https//www.alienvault.com/products. Accessed 19 May 2015.James R. Chapman 1997, Software Development Methodology, Project Management Training. ONLINE Availablehttp//www.hyperthot.com/pm_sdm.htm Accessed 19 May 2015NELSON, B., PHILLIPS, A. ET STEUART, C , 2010. Guide to Computer Forensics and Investigations. 4th Edition. Course TechnologyData protection and your business GOV.UK. 2015.Data protection and your business GOV.UK. ONLINE Available athttps//www.gov.uk/data-protection-your-business/monitoring-staff-at-work. Accessed 20 May 2015.Monitoring at work Citizens Advice . 2015.Monitoring at work Citizens Advice. ONLINE Available athttps//www.citizensadvice.org.uk/work/rights-at-work/monitoring-at-work/. A ccessed 21 May 2015.Appendix AA1 Aims of the projectPlease find below the aims of the project admit a cost effective IT Security solution.Provide security in its different aspects all under one platform.Provide remote management capability.A2 Objectives of the projectPlease find below the objectives of the projectSecure communication between server and clients.Ability to monitor and detect suspected behaviour/activities.Ability to remotely manage clients from server (Platform).Ability to capture relevant information from clients to server for investigation.Ability to provide Confidentiality and integrity on clients.More detailed and technical objectives are to be derived at a later stage of the project, which will in-turn be translated into features that will be provided by the platform.Appendix BB1 Reasons for monitoring employeesTo establish facts which are relevant to the business, to play off that procedures are being followed, or to check standards, for example, listening in to phone-calls to assess the quality of your workTo prevent or detect crime.To check for unauthorised use of telecommunications systems, such as whether you are using the internet or email for personal use.To make sure electronic systems are operating effectively, for example, to prevent computer viruses entering the system.To check whether a communication you have received, such as an email or phone-call is relevant to the business. In this case, your employer can open up your emails or listen to voice-mails but is not allowed to record your calls.To check calls to confidential help lines. In this case, your employer can listen in, but is not allowed to record these calls in the interests of national security.