E-Business is, by definition, technology-dependent. With the increased use of technology it is often assumed that failures are directly related to IT.
In actual fact, a significant number of failures or incidents are the result of unauthorized acts by employees or some third party.
E-business needs to be equipped to handle the exposure to “digital” risks, and to manage, enquire and record all qualifying incidents.
It is critical that businesses adopt a proactive strategy towards the acquisition of digital data, or Computer Forensics.
At the simplest level companies should have a well-defined incident handling policy and procedures to adopt.
Within an Incident Handling Policy there are “qualifying” incidents, which invoke differing responses such as the mobilization of an Emergency Response Team (ERT). In addition, incidents that appear to originate within the company may require a different agenda, namely resolution and possible disciplinary measures, as opposed to threats from outside the organization.
Advance planning and selection of appropriate forensic methodology is critical to successful incident resolution. An example of this would be an external incident, which may require a different response, to factor law enforcement involvement, possible damage to reputation and adverse publicity.
The role of computer forensics is to consider these scenarios, develop contingency plans, minimize business impact and asset damage, and also retain the option of recourse to some form of legal action, if appropriate.
Computer Forensics is complementary to IT Security. Forensics is a specialist service which seeks to contain, analyze and identify sources of “incidents” – Whether try are utilizing packet sniffing tools or diagnosing WiFi Heat Maps or intrusions.
By such analysis it is possible to reduce further occurrence by taking action or reinforcing corporate countermeasures by removing any threats or by taking legal action.
Computer Forensics plays a vital role within the organization in all forms of incident management and is an integral part in the company’s incident management policy, establishing protocols to facilitate control, and prompt resumption of normal business processes with minimal risk and publicity to the overall business.