SlideShare a Scribd company logo

Policies to mitigate cyber risk

G
G Prachi

The document discusses various policies and approaches to mitigate cyber risks. It covers promoting research and development in cybersecurity, the need for threat intelligence and next generation firewalls. It also discusses authentication techniques, issues around BYOD, cloud and mobile security, and the need for cyber forensics. The document advocates implementing a cybersecurity framework that includes defining the framework core, profiles and implementation tiers to manage cybersecurity risks.

Related slideshows

Cyber security for an organization
Cyber security for an organizationCyber security for an organization
Cyber security for an organization
 
Cyber physical system for healthcare
Cyber physical system for healthcareCyber physical system for healthcare
Cyber physical system for healthcare
 
Internet of Things Forensics
Internet of Things ForensicsInternet of Things Forensics
Internet of Things Forensics
 
1 of 43
POLICIES TO MITIGATE CYBER RISK It is only with well defined policies that the threats generated in the cyberspace can be reduced. 1/25/2017PRACHI 32603216 1
 Ever-increasing dependence on the Internet, has made it challenging to secure the information from miscreants.  Need to come up with robust solutions to mitigate cyber risks. 1. Promotion of R&D in Cybersecurity 1/25/2017PRACHI 32603216 2
 It concerns with preparing solutions to deal with cyber criminals.  With increasing crimes lots of research and technological developments are required in the future. 2. Cybersecurity Research 1/25/2017PRACHI 32603216 3
 Witnessed an enormous growth in cyber technologies.  Has seen many successful research outcomes that were translated into businesses, via local cybersecurity companies. 3. Cybersecurity Research-Indian Perspective 1/25/2017PRACHI 32603216 4
 A proactive response mechanism in place to deal with cyber threats.  Research and Development underway at various research organizations in India to fight threats in cyberspace. 4. Threat Intelligence 1/25/2017PRACHI 32603216 5
 Multi-identity based expertise  Offers security intelligence to enterprises and enable them to apply best suited security controls at the network perimeter. 5. Next Generation Firewall 1/25/2017PRACHI 32603216 6
 It defines the rules for information sharing and processing over cyberspace.  In India, protocol and algorithm level research includes − 1. Secure Routing Protocols 2. Efficient Authentication Protocols 3. Enhanced Routing Protocol for Wireless Networks 4. Secure Transmission Control Protocol 5. Attack Simulation Algorithm, etc. 6. Secured Protocol and Algorithms 1/25/2017PRACHI 32603216 7
 Authentication techniques such as 1. Key Management 2. Two Factor Authentication 3. Automated key Management  They provide the ability to encrypt and decrypt without a centralized key management system and file protection. 7. Authentication Techniques 1/25/2017PRACHI 32603216 8
Some of the areas where a lot of research is being done are  Mobile security testing  Cloud Security  BYOD - BringYourOwnDevice risk mitigation. 8. BYOD, Cloud and Mobile Security 1/25/2017PRACHI 32603216 9
 Application of analysis techniques to collect and recover data from a system or a digital storage media.  Some of the specific areas where research is being done in India are − 1. Disk Forensics 2. Network Forensics 3. Mobile Device Forensics 4. Memory Forensics 5. Multimedia Forensics 6. Internet Forensics 9. Cyber Forensics 1/25/2017PRACHI 32603216 10
Any risk that an opponent may-  damage, write some malicious function  deconstruct the design, installation, procedure  the entire function can be degraded. 10. Reducing Supply Chain Risks 1/25/2017PRACHI 32603216 11
 Used to find out the interdependencies among the customers and suppliers.  Depends on the product and the sector.  SupplyChainRiskManagement approach require strong public-private partnership. strong authorities to handle supply chain issues. no one-size-fits-all resolution for managing supply chain risks. 11. Supply Chain Issues 1/25/2017PRACHI 32603216 12
 All employees must value cybersecurity policies and exhibit a strong commitment towards implementing them.  Human resource directors play a key role in keeping organizations safe in cyberspace by applying the following points. 12. Mitigate Risks through Human Resource Development 1/25/2017PRACHI 32603216 13
 As most of the employees do not take the risk factor seriously, hackers find it easy to target organizations.  In this regard, HR plays a key role in educating employees about the impact their attitudes and behavior have on the organization’s security. Taking Ownership of the Security Risk Posed by Employees 1/25/2017PRACHI 32603216 14
 Policies of a company must be in sync with the way employees think and behave.  For example, saving passwords on systems is a threat, however continuous monitoring by HR team can prevent it. Ensuring that Security Measures are Practical and Ethical 1/25/2017PRACHI 32603216 15
 cyber-criminals take the help of insiders in a company to hack their network.  identify employees who may present a particular risk and have stringent HR policies for them. Identifying Employees who may Present a Particular Risk 1/25/2017PRACHI 32603216 16
 It would be easy to create awareness from the grass-root level .  Every cyber café, home/personal computers, and office computers should be protected.  Users should be instructed not to breach unauthorized networks.  Subjects on cybersecurity awareness should be introduced in schools and colleges.  Broadcasting television/radio/internet advertisements. Creating Cybersecurity Awareness 1/25/2017PRACHI 32603216 17
 Cybersecurity Information Sharing Act of 2014 CISA  United States proposed a law to improve cybersecurity in the country through enhanced sharing of information about cybersecurity threats with citizens.  Such laws are required in every country. Information Sharing 1/25/2017PRACHI 32603216 18
Implementing a Cybersecurity Framework 1/25/2017PRACHI 32603216 19
The Framework comprises of three main components  The Core  Framework Profiles  Implementation Tiers Components of Cybersecurity Framework 1/25/2017PRACHI 32603216 20
It is a set of cybersecutiry activities that ensures the following −  Developing and implementing procedures to protect the most critical intellectual property and assets.  Having resources in place to identify any cybersecurity breach.  Recovering from a breach, if and when one occurs. 1. The Framework Core 1/25/2017PRACHI 32603216 21
 It is a tool that provides organizations a platform for storing information concerning their cybersecurity program.  A profile allows organizations to clearly express the goals of their cybersecurity program. 2. The Framework Profile 1/25/2017PRACHI 32603216 22
 It define the level of sophistication and consistency an organization employs in applying its cybersecurity practices.  It has the following four levels. 3. The Implementation Tiers 1/25/2017PRACHI 32603216 23
 Organization’s cyber-risk management profiles are not defined.  A partial consciousness of the organization’s cybersecurity risk  But organization-wide methodology to managing cybersecurity risk has not been recognized. Tier 1 Partial 1/25/2017PRACHI 32603216 24
 In this level, organizations establish a cyber-risk management policy that is directly approved by the senior management.  The senior management makes efforts to establish risk management objectives related to cybersecurity and implements them. Tier 2 Risk Informed 1/25/2017PRACHI 32603216 25
 Organization runs with formal cybersecurity measures, which are regularly updated based on requirement.  Organization recognizes its dependencies and partners and receives information from them.  Helps in taking risk-based management decisions. Tier 3 Repeatable 1/25/2017PRACHI 32603216 26
 Adapts cybersecurity practices "in real-time“  Depends on previous and current cybersecurity activities  By real-time collaboration with partners, and continuous monitoring of activities on their systems, a quick response to sophisticated threats is ensured. Tier 4 Adaptive 1/25/2017PRACHI 32603216 27
 The senior management including the directors should first get acquainted with the Framework.  Detailed discussion with the management about the organization’s Implementation Tiers.  Educating the managers and staff on the Framework will ensure that everyone understands its importance Where do You Start with Implementing the Framework? 1/25/2017PRACHI 32603216 28
Case Study 1 Cyber Security Development Lifecycle 1/25/2017PRACHI 32603216 29
 A utility company’s website is attacked by a botnet  The botnet was diabolically engineered to sniff out the Achilles heel in SQL.  It injected itself directly into a company database.  The fear was that in the process, it could get past the utility’s larger security perimeter and have its way with the company’s software portfolio of applications, database tools and other code.  The utility needed a new culture for how it engineered, developed and tested its software.  A culture grounded in widely accepted standards.  Once the standard was set and basic training was completed, next up was spreading the new cyber security culture inside the utility. 1/25/2017PRACHI 32603216 30
 Its IT department catered to the coding needs of various departments: inventory, human resources etc.  So slowly, the utility now started with cyber security.  Step one in the process was identifying a set of cyber threats that showed where a piece of software might be weak. What was at risk?  Then, using its new test tools and protocols, the entire development team became responsible for keeping the code within the standard.  The utility had even gone so far as to install a last step — a human review to triple check that all new code cleared the cyber security bar before it went live 1/25/2017PRACHI 32603216 31
What does the design phase of the CSDL require developers to create? 1/25/2017PRACHI 32603216 32
Create something called a cyber threat model.  a sense of the cyber attacks an application might face.  kind of exploits might a cyber attacker use?  How would hackers gain access to an application running on a computer network?  What older, existing pieces of code associated with the new application might be vulnerable?  This overall feel allows coders to anticipate risks. 1/25/2017PRACHI 32603216 33
Once the standard is set, what are the two basic lines of work that emerge? 1/25/2017PRACHI 32603216 34
 Remediation on the existing code where needed  And, maximizing the cyber security of all new code created from that point on.  A company-wide remediation by analyzing each threat and then refactoring code where necessary.  This strategic work was buttressed by scanning tools that helped identify high, medium and low risks 1/25/2017PRACHI 32603216 35
Why is cyber security not an absolute? 1/25/2017PRACHI 32603216 36
 Cyber security not an absolute, because it is the natural extension of an overall approach to keeping its informational ecosystem immune to cyber attack.  Today, companies view cyber security as an evolving issue that forces them to stay ahead of new threats.  That means considering cyber security from day one and abandoning a culture of pushing out code as fast as possible. 1/25/2017PRACHI 32603216 37
Case Study 2 The Roommate Who Couldn't Be Trusted A majority of the time people do know there is something happening to them, even if they do not know exactly what it is that is happening. 1/25/2017PRACHI 32603216 38
 This sequence of events follows closely to a story of man, Tim, who thought his roommate, Jason, was spying on him through Tim's pc.  Both men worked for a wealthy international company in Dallas and had recently been involved in some office drama.  Tim's supervisor had proposed him to marry and Tim made it apparent to his supervisor that he wasn't interested. Soon after the encounter Tim was fired.  Not completely understanding how they had any grounds to treat him in this way, he began to wonder how they found anything on him.  Without skipping a beat, his attention turned to his roommate, Jason. Tim believed Jason to not only be spying on him through his computer but also to be sending incriminating evidence to their employer, contributing to his release.  After making his case, it was determined there was enough evidence to warrant Tim's suspicions and the investigation into whether or not Jason had been spying on him and stealing his documents. 1/25/2017PRACHI 32603216 39
 Once the computers had been delivered to the computer forensic expert's office, a blind copy was made with Media Pro Tools.  The first evidence to look for were instances of the roommate's name or variations of his name in any of the files using FWB Toolkit .  In addition to the search of Jason's name, all the files were sorted by their creation and modication date using File Buddy.  Data Recovery was also used to see if any files or various logs had been deleted from the hard drive.  First, when the room-mate's name was search for on the hard drive, the address book was shown as a place where his name had been  In addition, deleted printer and fax logs were found with dates matching the dates that Tim said he was not in the apartment . 1/25/2017PRACHI 32603216 40 Solution
Case Study 3 Too Close For Comfort One of the most frightening feelings a person can experience is the perception that they are being watched and cannot do anything about it. 1/25/2017PRACHI 32603216 41
 This scenario was all to real for Mary, a high school teacher , who knew she was being watched through her computer, but she didn't know how or why.  Recently, in one of her classes, a student had begun repeating words and sentences that the teacher had said in her home.  She knew the boywas not in the house when she had spoken these words, and she even went outside to see if, from the outside of the house, he could hear her conversations.  She could not know how the boy had eavesdropped on her conversations and was beginning to feel more uncomfortable than before.  Before seeking professional help from a private investigator, Mary had enough know-how to determine that, somehow, her computer was the culprit.  She began educating herself in computer hacking procedures. Furthermore, Mary had also begun using computer protection software including Norton Anti- Virus and network monitoring software, Netstat.  With Netstat revealing nothing more than average network stats, Norton proved to be slightly more effective.  Norton had uncovered a back-door Trojan, the Sasser Worm, but it was not how the boy had listened in on Mary .  Finally, having exhausted all of her personal experience, Mary turned to computer forensics in hopes of having her fears calmed and the alleged eavesdropping stopped. 1/25/2017PRACHI 32603216 42
When the computer arrived at the computer forensics office, the first step was to look for this remote access. This task was done using three anti-malware programs in conjunction with a rootkit detection program.  In addition to these programs, EnCase was used to determine the last time the admin password was changed on the computer.  The next step was to look for a mystery account or activity within a phantom account.  Final step was to look at the Internet connection. Mary had been using a cable modem, which in regards to security, is equivalent to unprotected WiFi.  A list of all the known remote access software was compiled and searched for on the computer, there were five instances of one of the programs hidden in the system restore files.  This was how he acquired access to the computer: through the modem with a remote access software program . 1/25/2017PRACHI 32603216 43 Solution

More Related Content

Policies to mitigate cyber risk

  • 1. POLICIES TO MITIGATE CYBER RISK It is only with well defined policies that the threats generated in the cyberspace can be reduced. 1/25/2017PRACHI 32603216 1
  • 2.  Ever-increasing dependence on the Internet, has made it challenging to secure the information from miscreants.  Need to come up with robust solutions to mitigate cyber risks. 1. Promotion of R&D in Cybersecurity 1/25/2017PRACHI 32603216 2
  • 3.  It concerns with preparing solutions to deal with cyber criminals.  With increasing crimes lots of research and technological developments are required in the future. 2. Cybersecurity Research 1/25/2017PRACHI 32603216 3
  • 4.  Witnessed an enormous growth in cyber technologies.  Has seen many successful research outcomes that were translated into businesses, via local cybersecurity companies. 3. Cybersecurity Research-Indian Perspective 1/25/2017PRACHI 32603216 4
  • 5.  A proactive response mechanism in place to deal with cyber threats.  Research and Development underway at various research organizations in India to fight threats in cyberspace. 4. Threat Intelligence 1/25/2017PRACHI 32603216 5
  • 6.  Multi-identity based expertise  Offers security intelligence to enterprises and enable them to apply best suited security controls at the network perimeter. 5. Next Generation Firewall 1/25/2017PRACHI 32603216 6
  • 7.  It defines the rules for information sharing and processing over cyberspace.  In India, protocol and algorithm level research includes − 1. Secure Routing Protocols 2. Efficient Authentication Protocols 3. Enhanced Routing Protocol for Wireless Networks 4. Secure Transmission Control Protocol 5. Attack Simulation Algorithm, etc. 6. Secured Protocol and Algorithms 1/25/2017PRACHI 32603216 7
  • 8.  Authentication techniques such as 1. Key Management 2. Two Factor Authentication 3. Automated key Management  They provide the ability to encrypt and decrypt without a centralized key management system and file protection. 7. Authentication Techniques 1/25/2017PRACHI 32603216 8
  • 9. Some of the areas where a lot of research is being done are  Mobile security testing  Cloud Security  BYOD - BringYourOwnDevice risk mitigation. 8. BYOD, Cloud and Mobile Security 1/25/2017PRACHI 32603216 9
  • 10.  Application of analysis techniques to collect and recover data from a system or a digital storage media.  Some of the specific areas where research is being done in India are − 1. Disk Forensics 2. Network Forensics 3. Mobile Device Forensics 4. Memory Forensics 5. Multimedia Forensics 6. Internet Forensics 9. Cyber Forensics 1/25/2017PRACHI 32603216 10
  • 11. Any risk that an opponent may-  damage, write some malicious function  deconstruct the design, installation, procedure  the entire function can be degraded. 10. Reducing Supply Chain Risks 1/25/2017PRACHI 32603216 11
  • 12.  Used to find out the interdependencies among the customers and suppliers.  Depends on the product and the sector.  SupplyChainRiskManagement approach require strong public-private partnership. strong authorities to handle supply chain issues. no one-size-fits-all resolution for managing supply chain risks. 11. Supply Chain Issues 1/25/2017PRACHI 32603216 12
  • 13.  All employees must value cybersecurity policies and exhibit a strong commitment towards implementing them.  Human resource directors play a key role in keeping organizations safe in cyberspace by applying the following points. 12. Mitigate Risks through Human Resource Development 1/25/2017PRACHI 32603216 13
  • 14.  As most of the employees do not take the risk factor seriously, hackers find it easy to target organizations.  In this regard, HR plays a key role in educating employees about the impact their attitudes and behavior have on the organization’s security. Taking Ownership of the Security Risk Posed by Employees 1/25/2017PRACHI 32603216 14
  • 15.  Policies of a company must be in sync with the way employees think and behave.  For example, saving passwords on systems is a threat, however continuous monitoring by HR team can prevent it. Ensuring that Security Measures are Practical and Ethical 1/25/2017PRACHI 32603216 15
  • 16.  cyber-criminals take the help of insiders in a company to hack their network.  identify employees who may present a particular risk and have stringent HR policies for them. Identifying Employees who may Present a Particular Risk 1/25/2017PRACHI 32603216 16
  • 17.  It would be easy to create awareness from the grass-root level .  Every cyber café, home/personal computers, and office computers should be protected.  Users should be instructed not to breach unauthorized networks.  Subjects on cybersecurity awareness should be introduced in schools and colleges.  Broadcasting television/radio/internet advertisements. Creating Cybersecurity Awareness 1/25/2017PRACHI 32603216 17
  • 18.  Cybersecurity Information Sharing Act of 2014 CISA  United States proposed a law to improve cybersecurity in the country through enhanced sharing of information about cybersecurity threats with citizens.  Such laws are required in every country. Information Sharing 1/25/2017PRACHI 32603216 18
  • 20. The Framework comprises of three main components  The Core  Framework Profiles  Implementation Tiers Components of Cybersecurity Framework 1/25/2017PRACHI 32603216 20
  • 21. It is a set of cybersecutiry activities that ensures the following −  Developing and implementing procedures to protect the most critical intellectual property and assets.  Having resources in place to identify any cybersecurity breach.  Recovering from a breach, if and when one occurs. 1. The Framework Core 1/25/2017PRACHI 32603216 21
  • 22.  It is a tool that provides organizations a platform for storing information concerning their cybersecurity program.  A profile allows organizations to clearly express the goals of their cybersecurity program. 2. The Framework Profile 1/25/2017PRACHI 32603216 22
  • 23.  It define the level of sophistication and consistency an organization employs in applying its cybersecurity practices.  It has the following four levels. 3. The Implementation Tiers 1/25/2017PRACHI 32603216 23
  • 24.  Organization’s cyber-risk management profiles are not defined.  A partial consciousness of the organization’s cybersecurity risk  But organization-wide methodology to managing cybersecurity risk has not been recognized. Tier 1 Partial 1/25/2017PRACHI 32603216 24
  • 25.  In this level, organizations establish a cyber-risk management policy that is directly approved by the senior management.  The senior management makes efforts to establish risk management objectives related to cybersecurity and implements them. Tier 2 Risk Informed 1/25/2017PRACHI 32603216 25
  • 26.  Organization runs with formal cybersecurity measures, which are regularly updated based on requirement.  Organization recognizes its dependencies and partners and receives information from them.  Helps in taking risk-based management decisions. Tier 3 Repeatable 1/25/2017PRACHI 32603216 26
  • 27.  Adapts cybersecurity practices "in real-time“  Depends on previous and current cybersecurity activities  By real-time collaboration with partners, and continuous monitoring of activities on their systems, a quick response to sophisticated threats is ensured. Tier 4 Adaptive 1/25/2017PRACHI 32603216 27
  • 28.  The senior management including the directors should first get acquainted with the Framework.  Detailed discussion with the management about the organization’s Implementation Tiers.  Educating the managers and staff on the Framework will ensure that everyone understands its importance Where do You Start with Implementing the Framework? 1/25/2017PRACHI 32603216 28
  • 29. Case Study 1 Cyber Security Development Lifecycle 1/25/2017PRACHI 32603216 29
  • 30.  A utility company’s website is attacked by a botnet  The botnet was diabolically engineered to sniff out the Achilles heel in SQL.  It injected itself directly into a company database.  The fear was that in the process, it could get past the utility’s larger security perimeter and have its way with the company’s software portfolio of applications, database tools and other code.  The utility needed a new culture for how it engineered, developed and tested its software.  A culture grounded in widely accepted standards.  Once the standard was set and basic training was completed, next up was spreading the new cyber security culture inside the utility. 1/25/2017PRACHI 32603216 30
  • 31.  Its IT department catered to the coding needs of various departments: inventory, human resources etc.  So slowly, the utility now started with cyber security.  Step one in the process was identifying a set of cyber threats that showed where a piece of software might be weak. What was at risk?  Then, using its new test tools and protocols, the entire development team became responsible for keeping the code within the standard.  The utility had even gone so far as to install a last step — a human review to triple check that all new code cleared the cyber security bar before it went live 1/25/2017PRACHI 32603216 31
  • 32. What does the design phase of the CSDL require developers to create? 1/25/2017PRACHI 32603216 32
  • 33. Create something called a cyber threat model.  a sense of the cyber attacks an application might face.  kind of exploits might a cyber attacker use?  How would hackers gain access to an application running on a computer network?  What older, existing pieces of code associated with the new application might be vulnerable?  This overall feel allows coders to anticipate risks. 1/25/2017PRACHI 32603216 33
  • 34. Once the standard is set, what are the two basic lines of work that emerge? 1/25/2017PRACHI 32603216 34
  • 35.  Remediation on the existing code where needed  And, maximizing the cyber security of all new code created from that point on.  A company-wide remediation by analyzing each threat and then refactoring code where necessary.  This strategic work was buttressed by scanning tools that helped identify high, medium and low risks 1/25/2017PRACHI 32603216 35
  • 36. Why is cyber security not an absolute? 1/25/2017PRACHI 32603216 36
  • 37.  Cyber security not an absolute, because it is the natural extension of an overall approach to keeping its informational ecosystem immune to cyber attack.  Today, companies view cyber security as an evolving issue that forces them to stay ahead of new threats.  That means considering cyber security from day one and abandoning a culture of pushing out code as fast as possible. 1/25/2017PRACHI 32603216 37
  • 38. Case Study 2 The Roommate Who Couldn't Be Trusted A majority of the time people do know there is something happening to them, even if they do not know exactly what it is that is happening. 1/25/2017PRACHI 32603216 38
  • 39.  This sequence of events follows closely to a story of man, Tim, who thought his roommate, Jason, was spying on him through Tim's pc.  Both men worked for a wealthy international company in Dallas and had recently been involved in some office drama.  Tim's supervisor had proposed him to marry and Tim made it apparent to his supervisor that he wasn't interested. Soon after the encounter Tim was fired.  Not completely understanding how they had any grounds to treat him in this way, he began to wonder how they found anything on him.  Without skipping a beat, his attention turned to his roommate, Jason. Tim believed Jason to not only be spying on him through his computer but also to be sending incriminating evidence to their employer, contributing to his release.  After making his case, it was determined there was enough evidence to warrant Tim's suspicions and the investigation into whether or not Jason had been spying on him and stealing his documents. 1/25/2017PRACHI 32603216 39
  • 40.  Once the computers had been delivered to the computer forensic expert's office, a blind copy was made with Media Pro Tools.  The first evidence to look for were instances of the roommate's name or variations of his name in any of the files using FWB Toolkit .  In addition to the search of Jason's name, all the files were sorted by their creation and modication date using File Buddy.  Data Recovery was also used to see if any files or various logs had been deleted from the hard drive.  First, when the room-mate's name was search for on the hard drive, the address book was shown as a place where his name had been  In addition, deleted printer and fax logs were found with dates matching the dates that Tim said he was not in the apartment . 1/25/2017PRACHI 32603216 40 Solution
  • 41. Case Study 3 Too Close For Comfort One of the most frightening feelings a person can experience is the perception that they are being watched and cannot do anything about it. 1/25/2017PRACHI 32603216 41
  • 42.  This scenario was all to real for Mary, a high school teacher , who knew she was being watched through her computer, but she didn't know how or why.  Recently, in one of her classes, a student had begun repeating words and sentences that the teacher had said in her home.  She knew the boywas not in the house when she had spoken these words, and she even went outside to see if, from the outside of the house, he could hear her conversations.  She could not know how the boy had eavesdropped on her conversations and was beginning to feel more uncomfortable than before.  Before seeking professional help from a private investigator, Mary had enough know-how to determine that, somehow, her computer was the culprit.  She began educating herself in computer hacking procedures. Furthermore, Mary had also begun using computer protection software including Norton Anti- Virus and network monitoring software, Netstat.  With Netstat revealing nothing more than average network stats, Norton proved to be slightly more effective.  Norton had uncovered a back-door Trojan, the Sasser Worm, but it was not how the boy had listened in on Mary .  Finally, having exhausted all of her personal experience, Mary turned to computer forensics in hopes of having her fears calmed and the alleged eavesdropping stopped. 1/25/2017PRACHI 32603216 42
  • 43. When the computer arrived at the computer forensics office, the first step was to look for this remote access. This task was done using three anti-malware programs in conjunction with a rootkit detection program.  In addition to these programs, EnCase was used to determine the last time the admin password was changed on the computer.  The next step was to look for a mystery account or activity within a phantom account.  Final step was to look at the Internet connection. Mary had been using a cable modem, which in regards to security, is equivalent to unprotected WiFi.  A list of all the known remote access software was compiled and searched for on the computer, there were five instances of one of the programs hidden in the system restore files.  This was how he acquired access to the computer: through the modem with a remote access software program . 1/25/2017PRACHI 32603216 43 Solution