The phrase "Crouching tiger hidden dragon" is a Chinese proverb that has many possible interpretations. My favourite is "everyone conceals their strengths from others to preserve the element of surprise", writes ISACA Security Advisory Group member Kevin Wharram.
That is true for organisations. Take Apple, for example, and the launch of the iPad. What if someone had managed to breach Apple's computer networks and steal the designs of the iPad before it was launched?
Most, if not all security breaches involve digital media of some sort, which would contain digital evidence. The evidence itself would be highly susceptible to manipulation and often very volatile if not controlled in the right way.
Fortunately, some organisations (and I presume Apple would be one of them) have their own computer forensic experts who would be able to preserve, contain and analyse the digital evidence in the event of a security breach.
However, most UK businesses are not adequately prepared for security breaches that require the use of forensics and are therefore ill-equipped to preserve any type of evidence.
Clearly, the potential damage caused by a security breach is huge, not to mention the embarrassment from a publicity viewpoint. So why are organisations failing to invest in a computer forensic capability? Is it because they simply lack the knowledge or even opt to outsource the capability?
What if the breach was part of an anti-terror raid, like the one on a British Airways call-centre where one of the employees was charged with plotting a terror attack? Was the BA employee using company computers to help plot the attack?
How would you know if any of your employees were using your computer networks to steal your company data, commit fraud, or even plot a terror attack? Do you have the forensic capability to reserve, contain and analyse the digital evidence in the event of a security breach?
What can organisations do to make sure they are forensic ready to preserve and contain evidence in the event of a security breach?
• Consult senior management on the need to be forensic ready because the costs of implementing a forensic readiness programme can be significant.
• Hire a forensic expert or outsource the function to a reputable third party.
This was first published in April 2010