Corporate Cybercrime Policies, Procedures and Investigations

Corporate Cybercrime Policies, Procedures and Investigations

Overview of Cybercrime

Computer related incidents or crimes are increasing in number and severity in recent times. Cybercrime has been defined as a crime in which a computer is the object of the crime (hacking, phishing, spamming) or is used as a tool to commit an offense (child pornography, hate crimes). Cybercriminals usually use computer technology to access personal information, business trade secrets or use the internet for exploitative or malicious purposes. Criminals can also use computers for communication and document or data storage.

When a computer incident occurs, the attacked organization responds with a set of predetermined actions. Adopting the needed corporate policies and applying digital forensics techniques into your organization’s security-operations is very necessary. Policies and scientific forensics techniques are important because they ensure efficient recovery and investigation of crimes related to work environment, systems and networks in organizations. Organizations can reduce risk of litigations by developing and implementing security and computer use policy that employee will find it easy to read and follow.  The next section of this paper discusses the importance of information security and computer use policies in organizations.

 Information Security, Computer Use Policies, and Benefits

As indicated earlier, one way an organization can reduce the risk of litigations is to develop and implement security and computer use policy that employee will find it easy to read and follow. These policies can make internal investigation go on smoothly. The most important polices are those defining rules for using a company’s computer, internet, and network resources. The most appropriate policies are those which seek to define rules for computer and network usage (also known as acceptable use policy) and warning banners.

Published security policy provides a line of authority for conducting internal investigations. Such policies state who has the legal rights to initiate an investigation, who can take possession of evidence, and who have access to evidence. Well defined policies give computer investigators and forensics examines the authority to investigate. Policies also demonstrate that an organization intend to be fair minded and objective about how to treat employees. The policy indicates that a company follow due process for all investigations. Without defined policies, a company risks exposing itself to court litigations from current or former employees must stay current with applicable laws which vary depending on the location of the organization.

Acceptable Use Policy

Acceptable Use Policy (AUP) is a policy written to ensure that employee use organizations computer and internet resources for job related activities in appropriate way. Organizations must include this policy in annual security awareness and training programs. Organizations must have employees sign an acceptable use agreement after acceptable use policy training. One way an organization can avoid litigation is to display a warning banner on a computer screen. The warning banner appears when a computer starts or connects to internet, intranet, VPN, and any form of network or computer system. A warning banner assert the right to conduct investigation and notifies the user by displaying a strong and well-crafted message. By displaying a warning banner, a company would not require a search warrant if the company’s policy is breached or violated.

Digital Forensics Policies, Guidelines, and Procedures

To demonstrate management’s commitment to crime investigations, it is essential for companies to develop and implement digital forensics policies. Policies should be aligned with the enterprise risk appetite, which is determined in the risk governance activities, and are a key component of the enterprise system of internal control. Policies should allow authorized personnel to monitor systems and networks and perform investigations for legitimate reasons in appropriate circumstances. The policies should clearly define the roles and responsibilities of all people who perform or assist with the enterprise forensic activities. Policies, guidelines and procedures should clearly identify the tools that may be used in a forensic review and provide reasonable guidance on the use of those tools under various circumstances.

Evidence Gathering Protocols

Most people spend a lot of time using them every day. As a result, some evidence of most crimes can be found online. Evidence gathering, and evidence preservation is the fundamental processes every investigator needs to follow to ensure evidence is admitted at the law court. One of the means of ensuring evidence admissibility in court is proper adherence of chain of custody. In a legal context, the chain of custody definition involves the order that a piece of evidence must be handled while investigating a case. To uphold evidence rules, standards and requirements of the law it is important for the forensic examiner to properly document and preserve evidence (also known as chain of custody).

When an incident occurs in an organization and the incident handling team suspects a crime has been committed, computer forensics team step in to conduct their investigations. Digital forensics has been defined as the “process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally acceptable in any legal proceedings.

The next paper presents detailed discussions of digital forensics, techniques for conducting computer crime investigations, and how to adhere to chain of custody protocols.

(By Sam O. Aduafo, Member of Institute of ICT Professionals, Ghana, CyberGhana and advancedevidence.com|| info@advancedevidence.com;

Stephen Hasford: Member of Institute of ICT Professionals, Ghana,Technical Director, Ghana National Youth in Cybersecurity Technology (NYCT) Program|| 0268672979