KCSFA YouTube

Posts Slider

CyberSecurity

  • DATA PROTECTION

    Understanding your data.

    To be able to protect any form of data, you need to understand what data you have collected, identify the most sensitive part of that data, employ two-factor authentication and encryption and as a business encourage personal data protection for employees and customers as you educate them on the steps the business have taken to protect the data.

    What is data integrity?

    Data integrity is the process of ensuring and preserving the validity and accuracy of data throughout its lifecycle. It is the trustworthiness of data.

    Data integrity threat

    A data integrity breach is where unauthorized or accidental alteration of data happens. An Example is when a file is accessed and altered to reflect information other than what was intended. 

    Common threats that can alter the state of data integrity include:

    • Malicious or unintentional human error
    • Transfer errors. This include unintended alterations during transfer from one device to another.
    • Misconfigurations and security errors
    • Malware, insider threats and cyberattacks
    • Compromised hardware.

    How to preserve data integrity?

    • Check errors to identify any error in data transmission.
    • Input validation to verify and validate that the data supplied by a known or unknown source is accurate.
    • Validate data to identify specifications and key attributes that are important to your organization before you validate the data.
    • Remove duplicate Data. Always clean up and remove duplicates to prevent sensitive data from being compromised by unauthorized people. Some tools that can help in cleaning up the duplicate files are:
    • Back-up your data to prevent permanent data loss.  
    • Use access controls to limit the number of people authorized to access data at any given time.Anaccess Control is a mechanism of controlling who has the proper access to any system or computer or server or online services where the information is stored.
    • Keep an Audit trial to be able to determine the main source of the problem.

    Data breach

    A data breach exposes confidential and sensitive information to an unauthorized person. It happens after a successful infiltration of a data source to extract sensitive information by unauthorized person.

    In a data breach attack.  

    The cybercriminal looks for possible security weaknesses in the system or networks of their target individuals.

    In a Network attack they use an infrastructure or system weakness to infiltrate the targets network to acquire confidential information.

    In a Social attack they trick employees to give access to the company’s network by using their login credentials or clicking in malicious attachments.

    What to do when a data breach occurs

    Maintain your organizations reputation and help in complying with the cybersecurity regulations by reporting any form of data breach.

    When a data breach occurs,

    • Notify
    • If you think that your data has been misused and breached, you should contact the organization responsible and inform them.
    • The data protection act requires the organization controlling the data to report the data breach within 72 hours of becoming aware of the breach.
    • If the data breach poses a high risk to the individuals affected the organizations should inform the individuals to allow them take proactive measures against the potential consequences of the data breach.
    • Comply with the data protection regulations.
    • Investigate to know how the breach occurred and the information exposed to be able to fix all weak points that may have contributed to the breach.  
    • Always establish the facts of what happened, what personal data was involved, the number of people likely to be affected and the impact on the number affected.
    • Take preventive measures by implementing latest cybersecurity techniques and tools to ensure the data you control is secure.
    • You need to keep records of breaches and take action to reduce the risk of them happening again.

    DATA BACKUP

    A good backup plan helps to keep data safe, secured and ready to use. The idea of Back up is to make a copy for safeguarding your data. Once you have decided the data backup plan that suites your needs best, it important to carefully considered where to store it.

    MAJOR TYPES OF BACK UP

    FULL BACKUPA Full Backup is the process of copying everything that is considered important.
    INCREMENTAL BACKUPIncremental backup involves making copies of files by taking into account the changes made since the previous backup.
    DIFFERENTIAL BACKUPIn differential backup all files created since the original full backup will always be copied again.
    MIRROR BACKUPMirror Backup produces an exact copy of the original data.

    GOOD PRACTICES IN BACKING UP DATA

    • Save and store the backup copy in a different location from where the original files are kept.
    • Test the Backup to verify that the data you save as a backup is accessible when you need it.
    • Label the backup files to keep a good record and ease in recovering lost and corrupted data.
    • Schedule Frequent Backups.
    • Encrypt backups to add an extra layer of security to your backup files.

    CIA TRIAD

    Understanding the CIA triad

    It is good to understand what the CIA triad is and how it is used.

    CIA stands for confidentiality, Integrity and Availability.

    • Control mechanisms and policies to maintain confidentiality, integrity and availability when data is collected, transmitted, processed and stored is important.

    Confidentiality ensures that data exchanged is not accessible to unauthorized users.

    Integrity is an essential component designed to protect data from deletion or modification by unauthorized party. It is the assurance that information is trustworthy and accurate.

    Availability means information is consistent and readily accessible for use by authorized parties.

    DATA CLEANSING FOR QUALITY DATA

    Data cleansing.

    A review of all data within a database to either remove, update information that is incomplete, incorrect, improperly formatted, duplicated or irrelevant. Businesses must ensure that personal information like business info, employee info, customer and client info is kept safe and organized.

    Benefits of cleansing data

    • It removes major errors like spelling mistakes, inconsistent data formats and outdated data.
    • It allows you to map different data functions and understand what your data is intended to do.
    • It Improves the performance of your business and enable you make effective business intelligent solutions.
    • Helps in creating a positive customer experience and improve marketing campaigns to target audience and potential customers.
    • When you have data cleaning it saves a great deal of time and allow your business maximize the capacity of your workforce. 

    Get a copy of the data protection act in Kenya

Cyber Investigation

  • An overview on Computer Forensics

    Computer forensic deals with retrieval interpretation and preservation of evidence from computer(workstations, servers laptops etc.) storage drives then reporting findings The aim is of looking for everything from data exfiltration retrieving data that is deleted, timelines etc.  We focus on forensic techniques to preserve digital evidence.

    How Can Computer Forensics Be Used In Your Business?

    A business might want to see if an employee has been browsing inappropriate sites or had unauthorized files on their computer. Such instances might include  violations of a company policy, or they might be fraudulent actions that could cost the company millions of dollars in damages. Business-use cases can vary, but forensics techniques generally remain the same. The following are possible ways computer forensics can be used to help businesses solve a dispute or an investigation:

    • Identify unauthorized access by employees to Internet sites, intranet sites or files;
    • Identifying employee fraud, which including detection of documents related to fraud and keyword searches;
    • Identifying theft by employees, including copying and transferring company files onto external devices, linked-file analysis and registry analysis;
    • Finding out general employee usage patterns and behavior;
    • Spotting employee deleted files, including the recovery of deleted files and file carving.

    Preservation of Computer Forensic evidence

    Preservation is ensuring that evidence collected in not tampered with. It can be achieved through acquisition and ensuring authenticity in a forensic sound manner. The following processes Imaging, hashing and chain of custody are key to this

    Collection of evidence through Imaging

    Imaging a drive is a forensic process in which an analyst creates a bit-for-bit duplicate of a drive. 

    The first step in any digital forensics examination is to protect the original evidence in accordance with industry standards and digital forensics best practices. This is done by creating a forensic image of the original evidence item. A forensic image is a special type of copy of the original evidence, it contains all of the data found in the original, but that data is encapsulated in a forensic file format which makes it tamper-proof. 

    Imaging is important as it

    • Preserves the original evidence as it
      • Prevents inadvertent alteration of original evidence during examination
      • Allows recreation of the duplicate image if necessary

    Hash Values

    When an investigator images a machine for analysis, the process generates cryptographic hash values (MD5, SHA-1).

    A hash is a mathematical algorithm that produces a unique value most used algorithms are MD5, SHA-1 or SHA-256

    The value is used to demonstrate the integrity of the data, because altering even the smallest bit of data will generate a completely new hash value. . If the hash values do not match the expected values, it may raise the concerns it that the evidence has been tampered with.

    There are specialized software for performing this function

    The purpose of a hash value is to verify the authenticity and integrity of the image as an exact duplicate of the original media thus demonstrate that the image is a true unaltered copy of the original

    Chain of custody

    A chain of custody is a chronological paper trail documenting when, how, and by whom individual items of electronic evidence was collected, handled, analyzed during an investigation

    Chain of Custody Form

    To implement chain of Custody a Chain of Custody Form is used to records all the activities pertaining a particular electronic evidences change in the seizure, custody, control, transfer, analysis, and disposition of electronic evidence. It is alive document as it is updated s the evidence proceeds through the investigation and trail.

    What is captured in a Chain of Custody form

    • Details of the evidence item
    • Location and conditions under which the evidence was collected
    • The identity and signature of each person who handled the evidence and their authority to do so.
    • How long the evidence was in the possession of each person who handled it.
    • How the evidence was transferred each time it changed hands.

    Who handles a chain of custody?

    The Chain of Custody Form may be handled only by identifiable persons with authority to possess the evidence, such as police officers and detectives, forensic analysts, certain officers of the court, and evidence technicians.

    Forensic Tools used in Imaging

    Here are some of the free tools for forensic imaging  creation

    FTK imager by Access Data and runs on windows and Linux  

    Magnetic Acquire by Magnet Forensics team

    FEX imager  it runs on windows

    Linux dd

    Tools for Hashing

    Most of these hash tools can run on windows, Linux or mac and are free to uses softwares

    Hash calc

    Hash tool

    Hash check

    How Organizations Can Aid Computer Forensics

    Formulate a forensic plan in place which will guide on how a forensic investigation will be conducted and evidence be preserved

    Train they technical team computer forensic training, identifying computer forensic companies with the skills already that can assist, or a combination of both.

    Why train your IT Team

    When a cyber-security incident occurs the IT staff will often be expected to make an initial assessment to try and identify the exact nature and seriousness of the incident. They will often not have received any kind of computer forensic training. As a result they are not necessarily aware of the issues surrounding the collection of digital data that may have to be relied upon at a later date in court. Vital information such as time and date stamps can be lost making the investigation more difficult. In the worst case scenario vital evidence may be thrown out of court due to the improper handling of the data during the course of the investigation. Thus the need to train on collection and handling of digital evidence as it may be relied upon and will lead to saving on cost.

KCSFA Instagram Account