Category Archives: Guest

What Is Digital Forensics?

As cyber attacks and massive data leaks continue to dominate headlines, it raises the question: How do security professionals learn from these incidents to prevent attacks in the future?

Forensics analysts and criminologists investigate how, where, and why criminal behavior happens, which helps us learn to prevent crime in the future. Similarly, digital forensic analysts learn from cyber attacks and data leaks to understand the vulnerabilities and exploits that endanger our increasingly digital lives.

Digital forensics is the process that security professionals use to extract, preserve, and learn from electronic evidence. Whether to help in an investigation or to prevent crime in the future, digital forensic analysts play an essential role in advancing the field of cybersecurity.

Learn more about the field of digital forensics with the infographic below, created for the Maryville University Cybersecurity Program.

Information Security on a Budget: Data Classification & Data Leakage Prevention

A guest post by Zouheir Abdallah, CISA, Cyber Security – Senior Specialist Q-CERT/ictQatar

This article first appeared in the “Towards a Secure Cyber Space” special publication booklet 2014-2015 of the Research & Strategic Studies Center (RSSC), Lebanese Armed Forces.

Not long ago, protecting information was as easy as locking documents in suitcases and safes. Physical security was all that was needed to safeguard a top-secret document. Today, word documents have taken the place of printed papers, folders have replaced suitcases, and hard drives are now the preferable storage medium (The modern safes).

Data is no longer confined to a single place. Files can now be effortlessly, modified, copied, and transmitted, and for a trained smuggler, all without a trace.

There is no denying that modern technology has made our lives much easier, but such ease comes with a price. New technology presents new challenges, the challenge of maintaining organizational secrets, the challenge of safeguarding organizational data from modification and loss of data integrity, and the challenge of ensuring that the data is available when needed.

These challenges are summarized into what is known as the C.I.A triad; Confidentiality, Integrity, and Availability. All of which are at the heart of information security. Information Security is the process of protecting the Confidentiality, Integrity and Availability of information.

Confidentiality refers to limiting information access and disclosure to authorized users “the right people” and preventing access by or disclosure to unauthorized ones “the wrong people”. For example, if an unauthorized employee is able to view payroll data, this is a loss of confidentiality. Similarly, if an attacker is able to access a customer database including names and credit card information, this is also a loss of confidentiality.

Integrity refers to the trustworthiness of information resources, and the loss of integrity means that the information has been modified or destroyed. For example, if a file is infected with a virus, the file has lost its integrity. Similarly, if a message within an email is modified in transit, the email has lost its integrity.

Availability refers to the availability of the information.  The information that is not available when you need it is almost as bad as none at all.  It may be much worse, depending on how much the organization has become reliant on a functioning computer and communications infrastructure.

Protecting against loss of Confidentiality

Organizations protect against loss of confidentiality with access controls. For example, users are first required to login and then access is granted to users based on their proven identity. In short, users are granted access to data via permissions. If users do not have permissions, they are denied access.

Encryption is also used to assure confidentiality. Encryption changes clear data into ciphered data that cannot be read. The only way that the encrypted data can be read is by decrypting the data using an electronic key that should be properly secured. Anyone with access to this key can decrypt the encrypted data and change it back to clear text.

Data can sometimes be intercepted (when in transit ) and if not properly protected, confidentiality of this data can be lost. For that data should be encrypted whenever it is being moved around. Additionally, data at rest (stored data) should preferably also be encrypted, since these data could be stolen or lost.

Protecting against loss of Integrity

One of the ways of ensuring integrity of the data is by using hashing. A hash is a unique value of the data. Hashing is the process of calculating the hash using a mathematical function. So as long as the data has not changed, its hash will remain the same (calculated using the same mathematical function).

As an example, if you calculate the hash of “RSSC-Revue” it will be different than the hash of “RSSC-Revuu”. So by comparing any given two hashes, we will be able to verify if the data is identical or has been altered.

Protecting against loss of Availability

Backups are one of the many methods that organizations should use to ensure that important data is available for restoration in case the original data becomes corrupt. Backups take a mirror image of the data and ideally these backups should be stored separately to ensure that one set is available in case the other is not.

Data Classification

A data classification program is an extremely important first step in building a secure organization. Classifying data is the process of categorizing the data assets based on the value according to its sensitivity. For example, data might be classified as public, internal, confidential (or highly confidential), restricted, regulatory, or top secret.

Data and information assets are classified according to the value of the risk of unauthorized disclosure (e.g. lost or stolen intentionally or unintentionally). High risk data, typically classified “Confidential”, requires a greater level of protection, while lower risk data, possibly labeled “internal” requires proportionately less protection. Public data, typically classified as “Public”, requires no level of protection (e.g. Public press releases). In short, data classification gives you an overview on how your data should be protected. The riskier the data, the more confidential it is, and the more protection it should get.

Data classification is not necessarily a complex issue. It can be initiated on a personal level by following the company’s policies and using logic and common sense. Ideally in an organization, all data and information are classified as internal. That means that only employees should handle this data, and no outsider should have access to it. Public data contain no sensitive information and are meant to the general public, e.g. Press releases. While, Confidential data is highly sensitive data intended for limited, specific use by a workgroup, department, or group of individuals with a legitimate need-to-know.

It is very important for an organization to adopt a common set of terms and relationships between those terms in order to clearly communicate and begin to classify data types. Consequently, it is highly important that all data are labeled and the classification explicitly clear.

The label can be thought of as a code that the author uses to communicate to the users of the data how it should be protected based on the “sensitivity” of the data. For example, when data is labeled as  “Confidential,” one communicates to all custodians and users of the data that it is only to be seen by those with “need to know.” When one labels it “top secret,” one asserts that, among other measures, the data should be locked up when not in use.

Data Loss Prevention

Data loss is a situation that happens when information is lost due to an intentional action, unintentional action, failure, disaster, or crime. Data loss prevention employs several techniques and technologies to prevent the loss of data; it is a shared responsibility amongst everyone in the organization, and usually is fairly straightforward.

The majority of loss in data occurs due to a human error, and thus addressing the human factor through awareness and education is probably the most effective method of minimizing data loss.

A couple of years ago, a contractor working for an international intelligence agency forgot a suitcase full of backup tapes on a train. The tapes contained personal information about all agency employees, contacts and overseas informants.

The extremely sensitive personal data included Social Security Numbers, home addresses, information about family members, phone numbers, dates of birth, medical information, bank account numbers, employment information, driver’s license numbers, passport numbers, and biometric information.

Such accidents could’ve been avoided if the employee were better aware of the consequences of data loss and how to protect the data he was handling.

We don’t need to be working for an intelligence agency to practice data loss prevention. As a matter of fact, we are prone to losing data on a daily bases using much rudimentary technologies. Removable storage devices, USB drives, mobile devices, tablets, and laptops, they all pose a more grave risk as they are much more widespread in organizations, and most often these devices are transporting critical information, unprotected.

Organizations with limited resources can kick-off their information security programs with initiatives that require little resources. Information security awareness, data classification, data labeling, DLP, and other topics, that address the human factor in information security, are quick wins that are surely to lay the proper bases for an effective and successful organizational information security program.

Why don’t you join our blogging community and Take Security Back?

Join our blogging community and help us Take Security Back in Lebanon through awareness and education!

The rationale

Our blog aims at educating Lebanese citizens and raising their awareness regarding various aspects of security and safety, whether they deal with people, premises or new technologies.

The team

Don’t complain, Contribute! Join ZouheirTonyReemMichelMelissaMarounJocelyne and Hadi, our guest bloggers.

Examples of articles

What if we started preparing for storms?

Can Lebanese digital media operators DOOHgood?

Cybersecurity 9OclockTips, from Lebanon with Love

12 years later: On Arab strategy, 9/11 and the “war on terror”

Lebanon, where Instability is the newly found Stability

When a Lebanese Colonel contributes to global knowledge on governance and security

Is your health information private and secure?

Who has Cyber Security authority in Lebanon?

Are smartphones becoming the new law enforcement allies?

Are Lebanese banks vulnerable to cyber attacks?

The 10 Golden Rules and Guidelines

Abide by a pure scientific approach covering the security of people, premises and technology

Stay away from any political or religious bias

Be responsible when disclosing observed vulnerabilities in people, process or technology

Respect people’s privacy and be extremely cautious with their personal data

Put visual thinking to work in your posts and don’t hesitate to include infographics, photos or videos that support your arguments

Be persistent and generous in your information sharing

Remain constructive while depicting areas of improvement

Note that sales pitches and commercially oriented posts will not be allowed

Accept that your post will be moderated before publication

Keep this teaching in mind: “We must become the change we want to see in the world.” — Mahatma Ghandi

How to reach us

Read us on the Web: http://www.takesecurityback.com

Find us on Facebook: http://facebook.com/TakeSecBack

Follow us on Twitter: http://twitter.com/TakeSecBack

Email us: contact@takesecurityback.com