Amanda M Rossetti

This was also my first thought when I saw the Equifax page to know if you were hit. I would like to know but I’m not about to enter even more information on a website run by a company that I /know/ has bad security and controls. There has to be a better way for them to set this up to know if you were hit without having to trust a company that has…[Read more]

http://www.zdnet.com/article/critical-security-bug-threatens-fortune-100-companies/

The article I found discusses a vulnerability in applications using the REST plugin, built with Apache Struts. A research found the vulnerability and Apache released a full patch on 9/5/17. The researchers involved say there is no way to test if a system is…[Read more]

Elizabeth,
The fact that examiners are exposed to so much confidential data is important to remember. If an immoral person were to gain this kind of access, they could take advantage of it for personal gain. Companies go to great lengths to protect this kind of data, including conducting investigations when they believe they’ve been attacked. The…[Read more]

Mengxue, you bring up a good point in that while regulations need to be put in place for how examiners should conduct themselves, those alone will not be enough. Just like we’ve learned in other classes that putting controls in place will not always protect against the risk they are meant to. If someone is truly determined to do something, no…[Read more]

Ethics are at the core of digital forensics because if those conducting digital forensic investigations do not act in an ethical manner than none of the results they find can be trusted. The results of investigations can affect people’s lives and if the investigation is not done in an ethical way, and the wrong person is found guilty, it could r…[Read more]

The security risks that come from engaging third parties are, in my opinion, ones that companies routinely handle badly, but managing them should be one of the companies highest priorities. Organizations tend to think when they outsource a function, they are also outsourcing the risks associated with that function, when it is actually the opposite…[Read more]

This is part of why the San Bernardino iPhone case was so terrifying to me and why I think it is important for tech companies to not build in back doors for law enforcement. I want people who do bad things to get caught and justice to be served, but I think that the risk of these back doors being exploited by the people who do bad things far…[Read more]

I was a freshman when the grade hacking incident happened here at Temple. I remember several professors, including my intro to MIS professor, giving lectures about academic dishonesty and how the hack took so much more effort than just actually doing the course work. My MIS professor was particularly disappointed because with that kind of skill…[Read more]

A hospital in Virginia had over 5000 patient records stolen in a data breach. Vascular and thoracic patients from 2012 to 2015 had their records stolen from a third party vendor. The information includes patient names, social security numbers, and procedure information. The breach was discovered in November 2016 and the hospital has now sent out…[Read more]

Forensics is the practice of applying science to investigations. Organizational forensics is applying this scientific investigation style within an organization such as a company or government agency. In modern times, digital forensics is heavily involved in organizational forensics. This is because much of what organizations do is now heavily…[Read more]

Ruslan,
I agree with all points you have made, but I think it is important to add that not all forensics investigations have to involve law enforcement. Knowing when to involve law enforcement is important, and that companies should have a policy for this. However, some investigations involve things that are against company policy, but not…[Read more]

This is kind of tangentially related to this topic, but it is the first thing I thought of when I read the question, I tried to find a case where someone used digital forensics on wikipedia. I could not find such a case, but I will explain where this thought came from. Anyone can edit wikipedia, and there are many pages on there for people, and…[Read more]

D14.1: Discussion Topic 1:
As someone who uses healthcare a lot, this is terrifying to me. Healthcare data breaches are on the rise. Lucas Mearian from Computer World says that 1 in 4 breaches in 2016 will be against the healthcare industry, and every time there is a breach 1 in 13 patients are effected. This leads me to believe that doctors…[Read more]

I think that it is a good thing that routers are now coming with built in firewalls, especially at the low-mid range. I think that this will provide more protection for small businesses and home users who otherwise wouldn’t have any sort of firewall at all. I think that larger organizations still need to have an additional separate firewall since…[Read more]

TCP can be slow because of the handshake required that is used to make sure every single message is received. UDP is used when speed is important and dropped messages are allowable. Speed is the big thing gained when you take away the requirement that every message is received. Things like steaming and gaming use UDP because speed is important but…[Read more]

I agree that the security team should be allowed to use these tools but that the use of them should be strongly controlled. Only a very select set of users should be allowed to use them. They should only be used to test the defences of the company and there should be strict rules about when they can be used. There should also be required approvals…[Read more]

The idea of BYOD terrifies me in general, but BYOD in organizations that deal with highly sensitive data is even more terrifying. I agree that the current best solution to BYOD is that the individual forfeits any legal right to the data on the device and only has a right to the physical device itself. I think that an organization has to be able to…[Read more]

I believe that the threat of a pandemic needs to be considered when creating contingency plans the same way as loss of employees is planned for in other disasters. The probability needs to be considered against other disaster types and the priority of planning for a pandemic should be appropriately assigned. If the organization view that the…[Read more]

Encryption being used to store state secrets is a really good point, Mushima. Matthew Green, a computer scientist from Johns Hopkins Information Security Institute, predicts that practical use of quantum computing is still 15 to 30 years away. This will mean that most data currently being encrypted by ‘old’ encryption methods that rely on…[Read more]

There is an audit report called an Statement on Standards for Attestation Engagements (SSAE) 16, where an independent party goes in and audits an organization that provides services to other organizations, and attests that that organization has adequate controls in place to protect the organizations they are providing services to. For example a…[Read more]