The RCMP Tech Crime Unit & Information Systems Security Presented to: ISSA January 26, 2005.

Slides:



Advertisements
Similar presentations
Identification and Disposition of Official University Records University of Texas at Arlington Records Management.
Advertisements

Computer Fraud Chapter 5.
Confidentiality and HIPAA
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Australian Competition & Consumer Commission
Presentation by Mark Grady Vancouver Island University June 13, 2012.
Driver Safety Program.  Address Safety  Achieve Accountability  Meet ORM and LPAA Requirements.
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
Security Controls – What Works
1 An Overview of Computer Security computer security.
Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.
Session 3 – Information Security Policies
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
Network security policy: best practices
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview
Introduction to Network Defense
CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.
Police Technology Chapter Eight
Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.
General Awareness Training
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.
Module 7. Data Backups  Definitions: Protection vs. Backups vs. Archiving  Why plan for and execute data backups?  Considerations  Issues/Concerns.
707 KAR 1:360 Confidentiality of Information. Section 1: Access Rights 1) An LEA shall permit a parent to inspect and review any education records relating.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Internal Investigations: A primer Bob Cooper May 30, 2007.
1 Maintain System Integrity Maintain Equipment and Consumables ICAS2017B_ICAU2007B Using Computer Operating system ICAU2231B Caring for Technology Backup.
Information Systems Security Operational Control for Information Security.
System Security Chapter no 16. Computer Security Computer security is concerned with taking care of hardware, Software and data The cost of creating data.
Lesson 7-Managing Risk. Overview Defining risk. Identifying the risk to an organization. Measuring risk.
UNIT 15 WEEK 9 CLASS 1 LESSON OVERVIEW Pete Lawrence BTEC National Diploma Organisational System Security.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
Eleventh National HIPAA Summit 5.04 Security Incident Response – What to do if a breach occurs and how to mitigate damages Chris Apgar, CISSP.
1 The Challenges of Globalization of Criminal Investigations Countries need to: Enact sufficient laws to criminalize computer abuses; Commit adequate personnel.
Chap1: Is there a Security Problem in Computing?.
Cmpe 471: Personnel and Legal Issues. Personnel Crime is a human issue not a technological one Hiring On-going management Unauthorised access Redundancy.
Session 8 Confidentiality and disclosure. 1 Contents Part 1: Introduction Part 2: The duty of confidentiality Part 3: The duty of disclosure Part 4: Confidentiality.
An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
19 th Theater Support Command Inspector General NEED ASSISTANCE? Before You Tell it to Your Inspector General….Give Your Chain of Command a Chance to Solve.
The Criminal Trial. Before the Trial Rights, Obligations and Procedure Chapter 8.
ICT and the Law Mr Conti. Did you see anything wrong with that? Most people wouldn’t want that sort of information posted in a public place. Why? Because.
Privacy Information for Advisors. Agenda PIPEDA Advisor Required Privacy Program Our MGA Privacy Program Recommendations for Advisors.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
WISHA, 7/23/04 Employee Medical and Exposure Records Chapter WAC Employer Responsibilities.
Legal Considerations Members in Practice (MIP) Members in Business (MIB)
Aged and Disabled Waiver Conflict-Free Case Management November 1, 2015.
Learning Intention Security of Information. Why protect files? To prevent unauthorised access to confidential information To prevent virus/corruption.
Database Security Threats. Database An essential corporate resource Data is a valuable resource Must be strictly controlled, managed and secured May have.
Electronic Records Management Alan Cameron Records Management Consultant.
Welcome to the ICT Department Unit 3_5 Security Policies.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Surveillance around the world
Securing Network Servers
Protection of CONSUMER information
Responding to Intrusions
OPEN GOVERNMENTAL PROCEEDINGS ACT April 18, 2017
Health Insurance Portability and Accountability Act
Chapter 3: IRS and FTC Data Security Rules
U.S. Department of Justice
Health Insurance Portability and Accountability Act
Database Security &Threats
The Health Insurance Portability and Accountability Act
OPEN GOVERNMENTAL PROCEEDINGS ACT April 18, 2017
Government Data Practices & Open Meeting Law Overview
Good Spirit School Division
Government Data Practices & Open Meeting Law Overview
Presentation transcript:

The RCMP Tech Crime Unit & Information Systems Security Presented to: ISSA January 26, 2005

E Div. Technological Crime Unit Who / What is the Tech Crime Unit anyway? –Mandate is: to conduct technical analysis of computer storage medium to conduct investigations of true computer crime (unauthorized access, mischief to data)

E Div. Technological Crime Unit Who / What is the Tech Crime Unit anyway? –Unit created in July 2002 and subsequent transfer of 5 members –Unit has grown to current size of 14 regular members and two support staff

E Div. Technological Crime Unit Who / What is the Tech Crime Unit anyway? –Approx. half of our members have undergrad degrees –Permanent posting to the Tech Crime Unit requires successful completion of an 18 month understudy program –Training is always ongoing

E Div. Technological Crime Unit Who / What is the Tech Crime Unit anyway? –Non personnel resources In addition to the RCMP computer equipment, we maintain our own 21 TB san to support our technical analysis work.

New Laws Criminal Code Production Orders –These are a court order similar to a general search warrant They replace a search warrant in that it dose not technically require a search. Required to produce the records when and in the form demanded in the production order. In the future you may see Preservation Orders

So…. What do you do when… –Your data is destroyed

So…. What do you do when… –Your data is destroyed –An unauthorized user has gained access

So…. What do you do when… –Your data is destroyed –An unauthorized user has gained access –Data has been modified By an intentional act…

Priorities Objectives (Primary) –Maintain the function / operation of your system

Priorities Objectives (Primary) –Maintain the function / operation of your system –Maintain the integrity of your system

Priorities Objectives (Primary) –Maintain the function / operation of your system –Maintain the integrity of your system –Prevent further security problems

Priorities When there is a security breach, it may be too late to start logging. –MOTO: - Have logging in place; make sure that your business can continue

Priorities When there is a security breach, it may be too late to start logging. –MOTO: - Have logging in place; make sure that your business can continue –Turn on all logging that is possible. Save log files (reports) from all routers possible.

Secondary Objective When do you call the police?

Secondary Objective When do you call the police? –When you know (or believe) that you have an intentional security breach (criminal offence) A criminal code offence requires “intent”.

Secondary Objective What are the offences?

Secondary Objective What are the offences? –Mischief to Data Dual / maximum 5 years

Secondary Objective What are the offences? –Mischief to Data Dual / maximum 5 years –Unauthorized Use of Computer (Access) Dual / maximum 10 years

Secondary Objective What are the offences? –Mischief to Data Dual / maximum 5 years –Unauthorized Use of Computer (Access) Dual / maximum 10 years –Other Criminal Code offences – but not “Theft of Information”

Secondary Objective What do police require to initiate an investigation?

Secondary Objective What do police require to initiate an investigation? –A reason to believe that an offence has taken place. Obviously, the more information that can be offered, the more quickly we can investigate.

Secondary Objective When will police take action??

Secondary Objective When will police take action?? –We do not normally investigate attacks on home computers

Secondary Objective When will police take action?? –We do not normally investigate attacks on home computers –UNLESS: Threat of physical harm Threat of Damage to property Related to other serious matter

Secondary Objective When will police take action?? –We will investigate business related matters Threat to livelihood Loss of jobs

Secondary Objective Who do you contact?? –Contact your local police agency (911 is probably not appropriate )

Secondary Objective Who do you contact?? –Contact your local police agency (911 is probably not appropriate ) –Advise your local police agency that our unit is available to assist / investigate if they are not able to fully respond. We will assign a priority and respond on that basis

Other Considerations? Should you notify upstream / downstream? –That’s your call… What are the risks to the other system / organization?

Other Considerations? What is the risk to your organization ? If you notify… If you don’t notify…

Other Considerations? What is the risk to your organization ? If you notify… If you don’t notify… What is the ethical thing to do?

Other Considerations? Share information –This is one of the strongest defense mechanisms that is available

How does it work? You’ve suffered (are suffering) an attack You’ve notified the police You’ve notified related organizations for their protection / information NOW WHAT??

How does it work? Secure your system (priorities) –Ensure that your business / operation can continue.

How does it work? –To assist police (or civil) investigation Make and keep notes / chronological journal of events and actions Retain all backups

How does it work? –To assist police (or civil) investigation Make and keep notes / chronological journal of events and actions Retain all backups If possible remove & retain the current hard drives and restore the system on replacement hard drives.

How does it work? If not… Obtain and preserve a “bit image” copy of your system at the point that you are aware of the attack. Linux ‘DD’ works well (Ghost would be a second choice) Ensure that the destination drive has been ‘wiped’, not just reformatted

How does it work? If an image of the system is not possible… –Make & retain copies of all of the log files possible

How does it work? Police investigation can take considerable time. –Jurisdictional issues may prevent prosecution

How does it work? IF we go to court…. –Detailed statements from all persons will be required. Much better quality easier to do if notes kept from the time of the attack.

How does it work? IF we go to court…. –Detailed statements from all persons will be required. Much better quality easier to do if notes kept from the time of the attack. –Court will likely be a year or two away and will be at least a week in duration.

How does it work? Disclosure… –Police and Crown Prosecutors will have to disclose ALL evidence upon which the case relies Exception: Confidential information

How does it work? Confidential Information… –This must be dealt with on a case by case basis.

How does it work? Confidential Information… –This must be dealt with on a case by case basis. –Disclosure may be limited to only a portion of the confidential information

How does it work? Confidential Information… –This must be dealt with on a case by case basis. –Disclosure may be limited to only a portion of the confidential information –Disclosure may be made to a third party

How does it work? Confidential Information… –In a ‘worst case’ scenario a decision may have to be made to proceed or withdraw from the prosecution

Don’t be a “Client” Enough about “when you suffer an attack” How can you prevent “an attack”??

Don’t be a “Client The boring and the usual!….

Don’t be a “Client The boring and the usual!…. –Keep your service packs up to date

Don’t be a “Client The boring and the usual!…. –Keep your service packs up to date –Ensure your authentication system is current and meets your security requirements

Don’t be a “Client The boring and the usual!…. –Keep your service packs (software) up to date –Ensure your authentication system is current and meets your security requirements –TEST YOUR BACKUP / DISASTER RECOVERY!!!

Don’t be a “Client Do you have policy?…

Don’t be a “Client Do you have policy?… –Separation of Duties

Don’t be a “Client Do you have policy?… –Separation of Duties –Required authentication

Don’t be a “Client Do you have policy?… –Separation of Duties –Required authentication –Employee Termination procedures A check list might be helpful

Don’t be a “Client Are your employees aware of your policy? –Can they report a problem to a confidential person… and do they know who that person is?

Don’t be a “Client Have you had an independent review of your policies / security / disaster recovery?? –A fresh look can be invaluable

Don’t be a “Client Where’s the threat?? –A vulnerable system will eventually be hit from an external source

Don’t be a “Client Where’s the threat?? –A vulnerable system will eventually be hit from an external source –A secure system may also be hit from an internal source

Don’t be a “Client Information from my contacts in private industry as well as my experience indicates… –You are at least as likely to be compromised from an internal threat as from an external threat.

Don’t be a “Client We are happy to respond to your request for an investigation…. –We sincerely hope that you don’t have to call!!

Don’t be a “Client S/Sgt. Bruce Imrie Regional Coordinator Vancouver Integrated Technological Crime Unit ITCU Lab: Unit Pager:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.