article root
Message was edited by: The Trivia Geek
Discussion on:
View:
Show:
How much does it cost to hire such an investigator? It seems like it would cost much more than the average investigation.
I say, just lock down your computers systems and educate your employees how information should be shared. You're sure to save a lot of money! This study suggests that on average it costs up to 22 million dollars to recover from a breach when creating and implementing securtiy policies only costs 180,000....
So in terms of ROI, the smart decision to make is pretty obvious
I say, just lock down your computers systems and educate your employees how information should be shared. You're sure to save a lot of money! This study suggests that on average it costs up to 22 million dollars to recover from a breach when creating and implementing securtiy policies only costs 180,000....
So in terms of ROI, the smart decision to make is pretty obvious
right, but common sense is very uncommon!
But can you get management to to accept all of the potential costs in the ROI calculation.
All to often, the computer guys try to do it "right" but are not allowed to for "business" reasons (most commonly cost, which may or may not be a valid argument).
Here is a link to an example of that situation:
http://blogs.ittoolbox.com/security/investigator/archives/even-more-horror-stories-15524
(And yes, I know, that data leaks often a result of mistakes by the IT department.)
If you like that story, check out this link, it has links to dozens more of similar stories, boy some of them are scary:
http://blogs.ittoolbox.com/security/investigator/archives/official-securitymonkey-case-file-index-14787
And even if you do manage to do it "right", the sad fact of the matter is that there is always someone smarter than you who will find a way to bypass your security setup. It may be a hacker, your IT guy "gone bad", an executive who wants extra "privileges", a front line user who wants to use VOIP or simply clicks on the wrong link in an email. Or it could be a "honest" to goodness spy ...
If the U$ Navy can't do it 'right' what chance does the average company have:
http://blogs.zdnet.com/Murphy/?p=835
A navy petty office was caught with some porn, oops. Even more unfortunate for him, one of the porn files had secret specification files for the Aegis targeting system, double oops.
Sadly, computer security, or more importantly DATA security, is a topic that is very rapidly gaining in importance requiring more time, effort and attention.
But can you get management to to accept all of the potential costs in the ROI calculation.
All to often, the computer guys try to do it "right" but are not allowed to for "business" reasons (most commonly cost, which may or may not be a valid argument).
Here is a link to an example of that situation:
http://blogs.ittoolbox.com/security/investigator/archives/even-more-horror-stories-15524
(And yes, I know, that data leaks often a result of mistakes by the IT department.)
If you like that story, check out this link, it has links to dozens more of similar stories, boy some of them are scary:
http://blogs.ittoolbox.com/security/investigator/archives/official-securitymonkey-case-file-index-14787
And even if you do manage to do it "right", the sad fact of the matter is that there is always someone smarter than you who will find a way to bypass your security setup. It may be a hacker, your IT guy "gone bad", an executive who wants extra "privileges", a front line user who wants to use VOIP or simply clicks on the wrong link in an email. Or it could be a "honest" to goodness spy ...
If the U$ Navy can't do it 'right' what chance does the average company have:
http://blogs.zdnet.com/Murphy/?p=835
A navy petty office was caught with some porn, oops. Even more unfortunate for him, one of the porn files had secret specification files for the Aegis targeting system, double oops.
Sadly, computer security, or more importantly DATA security, is a topic that is very rapidly gaining in importance requiring more time, effort and attention.
What happens if you are a Computer Forensic recovery specialists and you come across indecent images of children? If your conscience pushes you towards reporting the images to the law, yet the very law leaves legaly exposed to be prosecuted!
Message was edited by: beth.blakely@...
Message was edited by: beth.blakely@...
In the United States, discovery of evidence of illegal activity unrelated to the crime or incident under investigation, found subsequent to a legal search, is typically admissable. The investigator is not at risk.
The normal procedure when discovery of evidence of another crime is made while searching under a warrant for something else (i.e. Investigating a fraud scheme and finding child porn mingled with the finance entries) usually halts all further search until a search warrant is obtained for the crime uncovered by the "new" discovery. Often overzeleous investigators believe a permit to stroll through the garden allows tehm to look into the barn. So why risk the possibility of a 'sympathetic idiot' in a black robe tossing the whole thing out for the twenty minutes it takes to prepare and get a telephonic warant?
Gerry
Retired Police Officer
(Arson and Fraud investigations)
Gerry
Retired Police Officer
(Arson and Fraud investigations)
This is a great point. When something changes stop and consider the ramifications of not pursuing expanded search authorization. This is true for warrants as well as for corporate officer approved searches.
If we come across any criminal activity in the pursuit of our jobs we are legally obliged to report this to the authorities.
As a Computer repairer if you find pictures of children that are indecent you are legally bound to report this to the nearest Police Station and they will then come out and look at the picture/s that you found and make a decision from there. If there is only 1 photo these are generally forgotten about but this depends on the content of the photo as well so a Copy can be asked for to see if any Digital Enhancements/Alterations have been applied to the picture to make it look as something different to what it actually looks like now.
Here in AU provided that it can be shown that you acted In Good Faith there is no comeback against the repairer for reporting the incident. The only possible comeback is if it is felt by the investigating Officer that you are being Frivolous or Vexatious you can then be held legally Libel for the cost of the Police Investigation and they will report you to the owner who is them capable of filing Civil Charges against the person who is making a nuisance of themselves. So far I haven't heard of one claim of this happening but it may have and been settled out of Court with Hush Orders as part of the settlement.
Col
As a Computer repairer if you find pictures of children that are indecent you are legally bound to report this to the nearest Police Station and they will then come out and look at the picture/s that you found and make a decision from there. If there is only 1 photo these are generally forgotten about but this depends on the content of the photo as well so a Copy can be asked for to see if any Digital Enhancements/Alterations have been applied to the picture to make it look as something different to what it actually looks like now.
Here in AU provided that it can be shown that you acted In Good Faith there is no comeback against the repairer for reporting the incident. The only possible comeback is if it is felt by the investigating Officer that you are being Frivolous or Vexatious you can then be held legally Libel for the cost of the Police Investigation and they will report you to the owner who is them capable of filing Civil Charges against the person who is making a nuisance of themselves. So far I haven't heard of one claim of this happening but it may have and been settled out of Court with Hush Orders as part of the settlement.
Col
I agree with HAL 9000, and would go further. If in the course of professional work I find child porn, and because it's a serious criminal offence, I'm legally bound to report it to the Police. If I don't I could be accused of being an accessory after the fact by concealing (i.e. not revealing) it, although I've no knowledge of anyone being so accused here in UK.
Keep in mind that the original question was posted by a Brit and the responses have been US or from the Land of Oz ( Austrailia for the uninitiated)- completely different laws and obligations.
In the US - CP is contraband at the federal level - mere possession is chargable. In the original example, a data recovery specialist find CP in the process of recovering a drive. S/He is obligated by law to report - this is NOT a conscience thing - and failure to do so has its ramifications. Keep in mind that actually determining if a picture is CP or has been morphed is a factor. I would report and let those with the proper tools determine the authenticity.
The further disctiction between adult porn and obscenity is jurisdictional. Something legal in one baliwick may be chargable in another.
CD
In the US - CP is contraband at the federal level - mere possession is chargable. In the original example, a data recovery specialist find CP in the process of recovering a drive. S/He is obligated by law to report - this is NOT a conscience thing - and failure to do so has its ramifications. Keep in mind that actually determining if a picture is CP or has been morphed is a factor. I would report and let those with the proper tools determine the authenticity.
The further disctiction between adult porn and obscenity is jurisdictional. Something legal in one baliwick may be chargable in another.
CD
That could be contrived as CP is a chargeable offence and HAS to be reported.
Where life gets difficult is what some people consider as Obscenity as different people have different views on this subject.
My favourite case involved a very Prudish Police Officer who arrested a Newsagent for selling Pornography and had him charged for this offence. Apparently he took a poster of the Statue of David to be Hard Core Porn and acted as such.
I believe that he was sent to Sensitivity Training Classes after that case so that would probably make him the same one who was recently charged for Manslaughter at Palm Island where after arresting someone they did the unthinkable and died on him after he wasn't quite as gentle as he should have been. This caused the Natives to get restless and riot causing all the Big Burly Bullet Proof Police Officers to hide under their beds while the Court House and most of the Police Vehicles where destroyed.
Just to keep the Authorities worried someone managed to lay obstacles across the only runway on the island so that aircraft couldn't put down to supply reinforcements. They had to send them out on a boat and then when they arrived everyone had gone home to bed.
Col
Where life gets difficult is what some people consider as Obscenity as different people have different views on this subject.
My favourite case involved a very Prudish Police Officer who arrested a Newsagent for selling Pornography and had him charged for this offence. Apparently he took a poster of the Statue of David to be Hard Core Porn and acted as such.
I believe that he was sent to Sensitivity Training Classes after that case so that would probably make him the same one who was recently charged for Manslaughter at Palm Island where after arresting someone they did the unthinkable and died on him after he wasn't quite as gentle as he should have been. This caused the Natives to get restless and riot causing all the Big Burly Bullet Proof Police Officers to hide under their beds while the Court House and most of the Police Vehicles where destroyed.
Just to keep the Authorities worried someone managed to lay obstacles across the only runway on the island so that aircraft couldn't put down to supply reinforcements. They had to send them out on a boat and then when they arrived everyone had gone home to bed.
Col
If any evidence must be collected from a server or pc it must be stated within the warrant. If email is the target the court can even seize your email server but again it must be stated in a warrant. Once seized though a copy must be made of the hard drives and work done with those in order to maintain that the evidence wasn't tampered with.
This whole issue is a tricky one - because all of us (speaking on behalf of techies) see all sorts of stuff over the years. There was a discussion on this a couple of months ago I believe. I know I can say I have seen things and sometimes turned a blind eye and other times I have first of all reported it to a senior manager who then took it to HR. It is common sense but also human conscience plays a part (how many turn a blind eye if its a friend or somebody we like) for example lol
I know we had to take somebody to court for using a digital camera and taking indecent photos so copies of the SIM card had to be taken. It went to court as the lady in question fought against being dismissed becasue of it and tried to claim she hadnt meant to cause offence !
I know we had to take somebody to court for using a digital camera and taking indecent photos so copies of the SIM card had to be taken. It went to court as the lady in question fought against being dismissed becasue of it and tried to claim she hadnt meant to cause offence !
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
