Towards a capability maturity model for digital forensic readiness

PDF / 704,177 Bytes
13 Pages / 595.276 x 790.866 pts Page_size
49 Downloads / 226 Views

(0123456789().,-volV)(0123456789(). ,- volV)

Towards a capability maturity model for digital forensic readiness Ludwig Englbrecht1

•

Stefan Meier2 • Gu¨nther Pernul1

Ó Springer Science+Business Media, LLC, part of Springer Nature 2019

Abstract Increasing IT-Security breaches and the extensively growing loss due to fraud related incidents cause the need for being prepared for a digital investigation. A specific capability maturity model can assist organizations to determine their current state according to implement digital forensic readiness measures and get assistance to reach a desired level in having related capabilities implemented. This paper examines how such a model can assist in integrating digital forensic readiness related measures and to reach an appropriate maturity level. Through facilitating core elements of the IT-Governance framework COBIT 5 and the core characteristics of implementing digital forensic readiness a proposal for a specific capability maturity model has been conducted. In five maturity levels (Initial, Managed, Defined, Quantitatively Managed and Optimized) the different stages of implementing digital forensic readiness measures are represented. It can be shown that with the IT-Governance aligned model the implementation of digital forensic readiness can be assisted. Keywords IT-Security management Digital forensic readiness Capability maturity model IT-Governance

1 Introduction Following the tremendous increased and advanced fraudulent attacks since 2015 even the most security aware executive managers, policy-makers, Chief Executive Officers, or other decision makers were suddenly given a wakeup call. In August 2015, the FBI already warned that losses related to fraudulent email attacks worldwide have been summed up to more than $1.2 billion USD from October 2013 until August 2015 [21]. One of the reasons for such an extensive loss was rooted to attacks on corporate banking accounts caused by the ransomware called dyre wolf. This malicious software is a highly effective banking trojan. It is characterized by the fact of being built with feature-rich capabilities and & Ludwig Englbrecht [email protected] Stefan Meier [email protected] Gu¨nther Pernul [email protected] 1

Department of Information Systems, University of Regensburg, Regensburg, Germany

2

Meier Computersysteme GmbH, Deining, Germany

ongoing updates to mitigate its detection. Remarkable is the group behind the malware which enables the unauthorized transaction of large sums of money. A neat combination of knowledge of the banking system, a feasible infrastructure, manpower, social engineering and technical skills demonstrates a new level of quality in malware-caused fraud. A single target could experience losses of $500,000 to more than $1,000,000 USD [20]. Also attacks related to spy and industrial espionage have led to significant losses during the last years. These cyber attacks threat valuable resources, e.g. intellectual property. The high value of intellectual property and its increased interest

Data Loading...

Towards a capability maturity model for digital forensic readiness

Recommend Documents

Towards a capability and maturity model for Collaborative Software-as-a-Service

Information Quality Management Capability Maturity Model

Corporate Foresight Towards a Maturity Model for the Future Orientat

Readiness and Maturity of Manufacturing Enterprises for Industry 4.0

Conceptual Framework to Assess the Maturity and Readiness Towards Industry 4.0

Blockchain in Supply Chain Management: A Review of the Capability Maturity Model

Towards a Reference Model for Configuring Services Portfolio of Digital Innovation Hubs: The ETBSD Model

A Maturity Model for Implementation of Enterprise Business Intelligence Systems

Benchmarking of Digital Forensic Tools

Developing a Maturity Assessment Model for IT-Supported Energy Management

Digital Readiness der Banken und Sparkassen

Assessment of Digital Maturity of Enterprises