CSI IT: Forensic security skills for IT professionals

TV shows such as CSI have popularised digital forensics, piquing the interest of a generation of graduates and career-movers

TV shows such as CSI have popularised the world of digital forensics, glamorising the field and piquing the interest of a generation of graduates and career-movers writes Kevin Waugh

Because of this, it would be natural to assume that most businesses could now call on an extensive pool of talented experts in the forensics field capable of investigating technical security issues, such as the source of internal intellectual property (IP) leaks, or the theft of sales books by ex-employees moving to rival companies.

The reality is somewhat different. Qualifications to prepare would-be digital forensics experts over the past decade have focused on skills that are mainly applicable in careers in niche areas such as law enforcement. As a result, most graduates are ill-suited to the current and future demands of businesses.

Forensics' five minutes of fame

Around a decade ago, there was a big movement to add the word “forensics” to a wide range of university course titles to boost their appeal. As this trend faded, what has been left behind is a number of professional undergraduate courses which are ideal for specialists. 

In the world of corporate digital forensics, possessing a broad and robust skill set is increasingly vital but, up until now, it has not been easy for experienced IT workers and computing postgraduates to add these skills to their portfolio.

This presents a concern. Internal security risks – such as the theft of IP-protected documents by employees about to leave for a rival company – are a growing issue, while cyber espionage - exploiting holes in organisations’ security - is said to cost the UK economy billions each year.

The way to fix these vulnerabilities may often be straightforward and inexpensive, but the forensics operations required to identify where the weaknesses lie still call for a detailed knowledge of the legal minefield to carry out an investigation. 

For example, you might be able to prove a member of staff had access to a particular file – but how do you prove they stole it without the investigation impinging on their employment or human rights while capturing and preserving evidence?

We are not talking about parachuting in a crack team of external security gurus for every investigation, but there is a clear requirement for all businesses to be able to access in-house and up-to-date skill sets and understand the legal landscape, especially if they find themselves before an employment tribunal to defend their actions.

Bringing HR and IT teams together

Increasingly the responsibility to carry out these investigations is falling between the gaps that have opened between HR and IT. Proving breaches of contract is a fairly standard corporate activity, yet most HR employees do not know what is possible within the limits of the law. 

They will often assume that they are well within their rights to sift through employees' emails, when in actual fact they should not be doing this at all. New technology is only adding to the complexities – cloud storage systems and bring your own device (BYOD) policies are leaving HR professionals confused as to where the boundaries lie.

People looking to enter the world of digital forensics need technical expertise around how to access and sort through employees’ digital trails, but also a legal context to ensure organisations stay on the right side of the law when addressing internal vulnerabilities.

Businesses of all sizes can no longer consider themselves detached from cyber crime. It is essential that, when the worst happens, they are able to investigate the source of their vulnerabilities, patch holes and reclaim lost property – all of which requires an investment in people.

Staff can often be the cause of a lot of the vulnerabilities identified by digital forensics and security professionals. However, with the right knowledge and skills set they can also be part of the solution.

Kevin Waugh (pictured) is programme director for Postgraduate Technology & Computing at the Open University. The University has recently introduced digital forensics and information security modules into its new postgraduate Computing qualifications.

Read more on Data breach incident management and recovery