Electronic Risk Management
According to the Information Security Forum’s 2007 research paper on Protecting Business Information, they refer to Information Leakage as:
“Information leakage is a loosely defined term used to describe an incident where the confidentiality of information has been compromised, typically as the result of unintentional insider action”.
They go on further to add:
”Although information leakage is typically the result of unintentional action, it can be linked with malicious intent – for example the petty theft of a laptop can result in information leaking from that laptop, or social engineering techniques can encourage staff to leak information for the purposes of identity theft.”
As a business you need to protect your information, but also more importantly you need to know what to do if you suspect that your information is being ‘leaked out’ to other people. After all, the new asset in this economy is information, data or Intellectual Property (IP). If your company has got the IP that makes you the leader in your market – you can be sure somebody wants that IP!
This is where we can help you.
Depending on the ‘risk at hand’, various solutions in addressing your specific need will need to be tailored with you.
The following services can be provided to you:
- Discovery and examination of live, deleted, hidden, encrypted & formatted data
- Authentication of data
- Fast and effective forensic drive duplication
- Data recovery
- Password recovery
- Forensic data analytics
- Vulnerability IT Audits
- Reconstruction of computer usage
- Preservation of electronic evidence
- Presentation of electronic evidence
- Expert testimony
Forensic Technology Methodology
Exactech Computer Forensic Services division focuses entirely on Forensic Technology and e-discovery services.
The approach we adopt takes a holistic view of the role of Forensic Technology in an organisation and in support to a forensic investigation or litigation matter.
Technologies from which data can be forensically extracted include:
- Desktop, Laptop, Server;
- PDA, Cell Phone;
- Memory stick; and
- Most other storage devices.
- Pre-Incident Preparation – This entails defining what an incident is in your organisation. We offer services that ensure that your staff are trained and aware of your policies and procedures relating to the management of fraud incidents. We also offer technical services targeted at the computer network environment to ensure that critical data is recorded and are usable in the event of an incident.
- Incident Detection – We help your organisation with defining trigger mechanisms to initiate an Incident Response Plan in order to ensure a easy and timely method of reporting incidents.
- First Response – We offer services that are aimed at assisting with the rapid and accurate determination of the breadth and depth of an incident. Evidence preservation is a critical component of this process.
- Response Strategy – This entails determining who should be involved (capacity and resource planning) in the decision making process and owning the incident. We facilitate the process with law enforcement and your organisation.
- Investigation – Our expert Computer Forensic Team uses sophisticated tools and counter forensic techniques to rapidly perform forensic analysis on suspected computers/networks/mobile devices and/or databases.
- Reporting – We follow stringent measures to ensure that the full process is documented and can be used for disciplinary and/or court proceedings.
- Resolution – We offer post incident services which relate to the recovery from the effects of the incident (loss or data or services).
Information Landscape and Regulations
With the information landscape changing around the world largely due to portability of information through virtual mechanisms like the internet, the importance of protection and security of information could not be at an all time high, than now. You just need to look at any newspaper to see how information that was considered confidential, secret or sensitive has made its way into the public domain.
It also does not help with social networks like Facebook or Twitter where all your personal information is available in virtuality!
You just need to look at various piece of legislation like the Promotion of Access to Information Act (PAI Act); the Electronic Communications and Transactions Act (ECT Act), Regulation of Interception of Communications and Provision of Communication-related Information Act (RICA or RIC Act) and the pending Protection of Personal Information Bill (POPI Bill) – see links below – to gauge a sense of the criticality of information and not just what it is, but also how is it being used, how is it being protected, how is it being stored, etc.
As a business – irrespective of your size – if you have information (even about a client), you are obligated to protect that information in a particular way. With the introduction in 2009 of the Consumer Protection Act, you might even be subject to greater implications if you have consumers – from the 24th October 2010.