Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
2017
Table of Contents
Introduction ..................................................................................................................................... 2
Purpose............................................................................................................................................ 2
Problem ........................................................................................................................................... 2
Solutions based on SP ..................................................................................................................... 3
Requisitioned Equipment ................................................................................................................ 5
Requisitioned Personnel.................................................................................................................. 6
Implementation Timeline ................................................................................................................ 7
May June 2017 Employment Process ....................................................................................... 7
Budget ............................................................................................................................................. 7
Benefits ........................................................................................................................................... 8
Conclusion ...................................................................................................................................... 9
Appendix A ................................................................................................................................... 10
Incident Respond Contact List .................................................................................................. 10
Appendix B: Evaluation System ................................................................................................... 11
Evaluation System .................................................................................................................... 11
Reference ...................................................................................................................................... 12
NIST SP 800-86 2
Introduction
The document will be used for investigation of any crimes or policy violation that happen within
the company. The guides will provide details information on an incident that occurred within the
company that might affect the company. Digital Forensic skills will be applied to any incident
responds event for investigation purposes. This document is not to be used for criminal
investigation outside of the company incident. It will be used to help the company gather
evidence to support them with further investigation. Any evidence collected, examine, analyze
during the incident can be used to report to any legal advisors, law enforcement official, and
Purpose
Give the company a guideline on how to support and speed up the investigation process, by
collecting, analyze and report the evidence to the official, or whoever in charge of the case.
Create procedure on what the company should do when an employee is violating a corporate rule
Problem
The problem that we encounter the most is that most people do not know how to respond to an
emergency. Company that do not have a proper polices and policy specifically Incident Respond
and Investigation within the company would make it hard for them to find evidences. It is a big
problem for employees who do not know how to respond to incident and do not know how to
make sure that they document everything suspicious that will be helpful later in the investigation
process. It is important that the company have all the evidences that they need to back them up
Another problem that the company might encounter is to make sure that the evidence was only
collect to help fix the current problem or backup the investigator, and that this is not a real digital
forensic investigation process. The company do not have the right to present the evidence to
court like they are an investigation. The evidence can only be present to legal official to back up
Solutions based on SP
First thing, the company need to develop an incident response policy. Then a procedure is
needed to respond to any incident that might happen within the time that the system was
compromised or infected.
I. The company need to keep a log book of people entering the facility, and or an activity
that might lead to incident that might put the company in danger.
e. Any other activities that will be useful toward the investigation later.
II. Contact the people that will be responsible of fixing the problem. (See Appendix A for
Contact List)
c. Contact the Lead System Analyst if see any threats have occurred that could cause
bigger problem.
d. Contact the Computer Incident Advisory Capability after figured out the problem
III. Network
b. Monitor and log any activities that was done during the time of investigation.
IV. Digital Forensic Investigation will be applied to respond to incident by assisting with the
investigation.
a. Collecting Evidence
c. Analyze the evidence question probable reason that lead to the incident
d. Reporting
iii. What could be done to improve the current policy and procedure to
iv. Log of all activities and document what was done during the investigation
Requisitioned Equipment
o Real-time remediation
Forensic Hardware
Forensic Software
o Autopsy
o Wireshark
o FTK
Requisitioned Personnel
IT Managers
Operations Manager
Implementation Timeline
October 2017 Training OIG, ISO, CSO, CSA, LSA, CERT, and CIAC on the new policy.
Budget
Hiring Specialist
Benefits
Logbook show employee and employers access make it easier to figured out who did
something.
Keep intruders from coming inside of the company facilities and being able to figured
Fasten the case process by providing law official with evidence that was found by the
companys investigator.
Figure out the problem and fix it before it gets big and increased the risk.
Managing risk of security event and being able to decide whether to make great changes
Train the employees to react when an incident happen will keep the company safe from
Conclusion
The document is beneficial for the corporate and will help keep the company safe from
Information Security event. It is suggested for that policies and procedure relating to the NIST
800-86 is being implemented in the company policies. It will also help the company with
investigating event within the company that can be taken care of in the company. If the company
decide to bring it to court, the evidence that was collected can be used to backup what they claim
and at the same time speed up the court case process. The company is at a higher chance to win
a court case if they have proper evidence to back up their claim and that is why it is important to
log the event and keeping a report of any incident that happen within the company.
NIST SP 800-86 10
Appendix A
Team
Capability
Team (BCDR)
Reference:
Kent, K., Chevalier, S., Grance, T., & Dang, H. (2006, August). Guide to Integrating Forensic
http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-86.pdf
Information Security - Incident Response Procedures. (2005, July 7). Retrieved April 3, 2017,
from https://www.epa.gov/sites/production/files/2016-01/documents/cio_2150-p-08.2.pdf
Log management software for security, compliance, and troubleshooting. (n.d.). Retrieved April