No products in the cart.
Download
| File | |
|---|---|
| eForensics_Open_03_2014-2.pdf | |
| eForensics_Open_03_2014.epub |
Dear Readers,
We are pleased to present you our new OPEN issue "CyberCrime and CyberSecurity"of eForensics Magazine with an open access, so that everybody interested in the subject is able to download it free of charge. This edition was carefully prepared to present our Magazine to a wider range of readers. We hope that you will enjoy reading our Magazine and subjects covered in this issue will help you to stay updated and aware of all possible pitfalls!
Table of content:
1. CYBERCRIME AND CYBERSECURITY - THE LEGAL AND REGULATORY ENVIRONMENT
by Colin Renouf
In this article we will look at the environment in which eForensics exists; the legal and regulatory regimes in which systems and cyber criminals operate. We perform forensic analysis on systems to investigate a crime and hopefully prosecute a criminal; but to do that we need to understand which laws and regulations have been broken. There are pitfalls in working out what laws and regulations are in operation for a particular context; as what is illegal in one regime may not be in another, and is it the law in the location of the system or the criminal that applies? The information here forms the underlying legal knowledge in the CISSP certification and underpins the International Information Systems Security Certification Consortium (ISC)2 knowledge.
2. ARE 2 FACTOR AUTHENTICATIONS ENOUGH TO PROTECT YOUR MONEY?TARGETING ITALIAN BANK AND CUSTOMERS
by Davide Cioccia and Senad Aruch
During last few years banks, and different financial institutions, have been trying to protect or prevent fraud and cyber-attacks from accessing their customers’ credentials. They increased security and login factors to avoid these kind of problems. One of these is the Two Factor Authentication (2FA), used to “help” username and password to protect the bank account.
3. AN OVERVIEW OF CLOUD FORENSICS
by Dejan Lukan
When discussing cloud forensics, we’re actually talking about the intersection between cloud computing and network forensic analysis. Cloud computing basically refers to a network
service that we can interact with over the network; this usually means that all the work is done by a server somewhere on the Internet, which might be backed up by physical or virtual hardware. In recent years, there has been a significant increase on the use of virtualized environments, which makes it very probable that our cloud service is running somewhere in a virtualized environment.
4. SMS PASSCODE“CLOUD SECURITY”. CONTRIBUTED ARTICLE AUTHENTICATING REMOTE ACCESS FOR GREATER CLOUD SECURITY
by David Hald, co-founder, chief relation officer
The nature and pace of business have changed as technology has opened new possibilities for organizations. One of these possibilities is cloud services, which benefit companies by enabling remote access to data stored offsite. Its convenience has made cloud services incredibly popular, both to business and malicious actors. With so much data at stake, the rise in the use of remote access necessitates ironclad security. Authenticating the identities of users remotely accessing these resources has never been more critical.
5. PACKET ANALYSIS WITH WIRESHARK ANDPCAP ANALYSIS TOOLS
by Eric A. Vanderburg
Almost every computer today is connected. Their communication with others takes the form of packets which can be analyzed to determine the facts of a case. Packet sniffers are also called as network analyzers as it helps in monitoring every activity that is performed over the Internet. The information from packet sniffing can be used to analyze the data packets that uncover the source of problems in the network. The important feature of packet sniffing is that it captures data that travels through the network, irrespective of the destination. A log file will be generated at the end of every operation performed by the packet sniffer and the log file will contain the information related to the packets.
6. UNDERSTANDING DOMAIN MAIN SYSTEM
by Amit Kumar Sharma
Domain Name System (DNS) DNS spoofing also referred to as DNS cache poisoning in the technical world is an attack whereinjunk (customized data) is added into the Domain Name System name server’s cache database, which causes it to return incorrecdata thereby diverting the traffic to the attacker’s computer.
7. CSA CERTIFICATION OFFERS SIMPLE, COST EFFECTIVE WAY TO EVALUATE AND COMPARE CLOUD PROVIDERS
by John DiMaria
Technological developments, constricted budgets, and the need for flexible access have led to an increase in business demand for cloud computing. Many organizations are wary of cloud services, however, due to apprehensions around security issues. Ernst & Young conducted a survey of C-level leaders in 52 countries which showed a unified concern over the accelerated rate that companies are moving information to the cloud and the subsequent demise of physical boundaries and infrastructure.
8. ROAD MAP TO CSA STAR CERTIFICATION – OPTIMIZING PROCESSES, REDUCING COST AND MEETING INTERNATIONAL REQUIREMENTS
by John DiMaria
For centuries, the Swiss dominated the watchmaking industry and their national identity was somewhat tied to their expertise in the precision mechanics required to making accurate timepieces. Yet the Swiss were so passionate about their expertise that they hesitated to embrace the new technology in watchmaking with batteries and quartz crystals. With Japan’s
introduction of the quartz wristwatch in 1969, the majority Swiss market share dropped from 80% at the end of World War II to only 10% in 1974 (Aran Hegarty, Innovation in the Watch Industry, Timezone.com, (November 1996) http://people.timezone.com/
9. EFORENSICS CSA STAR CERTIFICATIONSUPPLY CHAIN MANAGEMENT USING CSA STAR CERTIFICATION
by John DiMaria
When an organization adopts cloud services, it is in fact expanding its operations from a local or regional presence to a more global one. As a result, the corresponding organizational operations’ strategy needs to be adjusted to align with these changes. A more formal analysis of the supply-chain as part of a more comprehensive due diligence review also needs to be considered (By definition, the Cloud Controls Matrix (CCM) is a baseline set of security controls created by the Cloud Security Alliance to help enterprises assess the risk associated with a cloud computing provider).
10. CONTINUOUS MONITORING – CONTINUOUS AUDITING/ASSESSMENT OF RELEVANT SECURITY PROPERTIES
by John DiMaria
While the Cloud Security Alliance’s (CSA) STAR Certification has certainly raised the bar for cloud providers, any audit is still a snap-shot of a point in time. What goes on between audits can still be a blind spot. To provide greater visibility, the CSA developed the Cloud Trust Protocol (CTP), an industry initiative which will enable real time monitoring of a CSP’s security properties, as well as providing continuous transparen-cy of services and comparability between services on core security proper-ties (Source: CSA CTP Working Group Charter). This process is now being further developed by BSI and other industry leaders. CTP forms part of the Governance, Risk, and Compliance stack and the Open Certification Frame-work as the continuous monitoring component, complementing point-in-time assessments provided by STAR certification and STAR attestation. CTP is a common technique and nomenclature to request and receive evidence and affirmation of current cloud service operating circumstances from CSPs.
Download
| File | |
|---|---|
| eForensics_Open_03_2014-2.pdf | |
| eForensics_Open_03_2014.epub |
thank you much appreciated
Hi , I really liked this article.You know that Cyber Security has always been an important issue and as time is passing now Cloud Security is also of equal importance. You know Joanna while keeping in mind the importance of all these issues about 12 years back I designed a Security Auditing Software by the name of Secure Auditor. I am sending you a link of my company’s website when you have time then please do go and give me your suggestions about it . I will really appreciate it.
http://www.secure-bytes.com/
Thank you, Joanna. Looking forward to reading this one and eventually subscribing to the complete archives. ~ Vernessa Taylor
Are the magazines available in print?
Only digital version, but together with our subscription you get the access to whole archives
Are the other issues labeled “open” also available for complementary download? The others do not seem to allow downloading. Thanks!
Yes, all OPEN issues are posted 2 times, as an issue and you cannot download them for free and as a free issues (link available on our twitter/fb from time to time) but it will be visible in search profile :) so put open in search and check what you have and download :)