A few recent broadcasts not too be missed..
Stephen Grey investigates the use of computer hacking by the police and security agencies to combat criminal exploitation of the internet and asks if it is legal.
“.. RIPA .. range of surveillance powers.. unspecified hardware/software, keyloggers..
software installed on suspect computers could be considered breaking section 3 of Computer Misuse Act, by altering data..
lack of clarity from authorities, Article 8 Human Rights Act, scope of states power must be disclosed and made clear what authorities will or won’t use ..
William Hague, who speaks for the government on computer security issues, said: “Any export of goods that could be used for internal repression is something we would want to stop” .. He also admitted the law governing software exports was a grey area ..”
UK firm denies ‘cyber-spy’ deal with Egypt
Stephen Grey, File on 4, BBC Radio 4, 20 September 2011
http://www.bbc.co.uk/news/technology-14981672 – (Full Broadcast) – last access 23 September 2011
~
Excellently delivered by Eliza, offering public insight into reasons behind securing freedom and perceived hypocrisy.
Her second Reith lecture of 2011, the former director-general of the British Security Service (MI5), Eliza Manningham-Buller, discusses policy priorities since 9/11. She reflects on the Arab Spring, and argues that the West’s support of authoritarian regimes did, to some extent, fuel the growth of al-Qaeda.
The Reith Lectures – Securing Freedom: 2011 : Freedom
Eliza Manningham-Buller, BBC Radio 4, 20 September 2011
http://www.bbc.co.uk/iplayer/episode/p00k4053/The_Reith_Lectures_Eliza_ManninghamBuller_Lecture_3_Freedom/ – (Full Broadcast) – last access 23 September 2011
Her first and the previous Reith Lecture:
The Reith Lectures – Securing Freedom: 2011 : Security
Eliza Manningham-Buller, BBC Radio 4, 13 September 2011
http://www.bbc.co.uk/iplayer/episode/b014fcyw/The_Reith_Lectures_Securing_Freedom_2011_Eliza_ManninghamBuller_Security/ – (Full Broadcast) – last access 23 September 2011
/cobramark3
September 23, 2011 | Categories: Computer Misuse Act, Ethics, Eu Cybercrime Strategy, European Convention on Human Rights, FinSpy, Keyloggers, Legal, News, RIPA, Software, Standards and Procedure, Unauthorised Access | Tags: Cairo, Computer Forensics, Computer Misuse Act, Cyber Forensics, Digital Forensics, Email and IM Applications, Ethics, Eu Cybercrime Strategy, European Convention on Human Rights, Finfisher, FinSpy, Gamma International UK Limited, Keyloggers, Law, Legal, Malcious Software, Malware, Network Forensics, Privacy, RAM Acqusistion and Analysis, RATs, Remote Access Tools, RIPA, Skype, Trojan, Unauthorised Access, Video and Audio Applications, Wifi Snooping | Comments Off on Securing Freedom, What Tactics Should and Currently are Being Used to Combat Criminal Exploitation of the Internet, and is it Legal or Proportionate ?
“.. As part of the UK Government’s investment in cyber security, a consortium comprising the IISP (Institute of Information Security Professionals), CREST (Council for Registered Ethical Security Testers) and Royal Holloway’s Information Security Group (ISG) has been appointed by CESG to provide certification for UK Government Information Assurance (IA) professionals. The consortium has been awarded a licence to issue the CESG Certified Professional Mark based on the IISP Skills Framework, as part of a certification scheme driven by CESG, the IA arm of GCHQ ..
step forward in professionalising key Information Assurance roles needed by the public sector. It is also an important development along the path of securing the UK against cyber attack and protecting government and individuals’ data. CESG looks forward to continuing close co-operation with the IISP, CREST and Royal Holloway in delivering this IA Certification Service ..”
New CESG initiative builds on IISP Skills Framework in drive for greater professionalism in Information Assurance
PR-Inside, 22 September 2011
http://www.pr-inside.com/new-cesg-initiative-builds-on-iisp-r2823053.htm – last access 23 September 2011 – (Full article)
New CESG initiative builds on IISP Skills Framework
Forensic Focus, 22 September 2011
http://www.forensicfocus.com/index.php?name=News&file=article&sid=1730 – last access 23 September 2011 – (Full article)
/cobramark3
September 23, 2011 | Categories: Certification, Legal, News, Standards and Procedure | Tags: Certification, CESC, Communications Security Officer, Computer Forensics, Council for Registered Ethical Security Testers, CREST, cyber security, Digital Forensics, GCHQ, IA, IA Accreditor, IA Auditor, IA security Architect, IISP, Information Assurance, Institute of Information Security Professionals, ISG, IT Security Officer, Royal Holloway Information Security Group, Security and Information Risk Advisor | Comments Off on New CESG initiative builds on IISP Skills Framework in drive for greater professionalism in Information Assurance
” This is a review (“the review”) conducted at the request of and for the Lord Chief Justice, prompted by concerns as to the operation of the disclosure regime contained in the Criminal Procedure and Investigations Act 1996, as amended (“the CPIA”). ”
Review of Disclosure in Criminal Proceedings (Judiciary of England and Wales)
The Rt Hon. Lord Justice Gross
September 2011
Full Report: http://www.judiciary.gov.uk/Resources/JCO/Documents/Reports/disclosure-review-september-2011.pdf
/cobramark3
September 18, 2011 | Categories: Legal, News, Standards and Procedure, Uncategorized | Tags: Computer Forensics, CPIA 1996, Criminal Procedure and Investigations Act 1996, Digital Forensics, Legal | Comments Off on Review of Disclosure in Criminal Proceedings (Judiciary of England and Wales)
The Society has announced the extension of its accreditation scheme to include two new Component Standards to address digital forensics:
- Computer Network Evidence Recovery and Analysis
- Digital Evidence Analysis Recovery and Preservation
These two new Standards plus the Core Standard of Interpretation, Evaluation and Presentation of Evidence (IEPE) make up the new Digital Component Standards.
http://www.forensic-science-society.org.uk/Accreditation/Launchofdigitalstandards
Launch event in the afternoon on 19th October 2011:
http://www.forensicsciencesociety.co.uk/Events/2011/Digital%20Launch
/cobramark3
September 12, 2011 | Categories: Legal, News, Standards and Procedure | Tags: Computer Forensics, Digital Forensics, Standards and Procedure | Comments Off on The UK Forensic Science Society: Launch of the Digital Forensic Component Standards
The United Kingdom Accreditation Service (UKAS) accredits against ISO 17025 and ISO 17020 and this is seen as an integral part of the quality framework and an expectation for those supplying forensic science services.
ISO 17025 can be applied to accredit any general laboratory and ASCLD-LAB, special purpose forensic laboratories.
Digital forensics is also key in implementing and maintaining an effective information security management system (ISMS) as specified by the ISO27001.
Control A.13.2.3 of the ISO 27001 Standard requires: in the event of a security incident any evidence presented in a criminal or civil action against an individual or company must fully conform to all relevant legislation. While this requirement is fairly obvious, it is crucial to the success of the legal process that the digital evidence is collected as accurately and reliably as possible.
The best practice as defined in clause 13.2.3 of the ISO 27002 Code of Practice (not a management standard, only best practice, cannot be accredited) recommends the preparation of an investigation procedure which includes the forensic collection of digital evidence together with the originals of all documents and witness details.
All such plans are major contributors to ensuring conformance to Clause 7.3 of the ISO 27001 Standard on preventative action which is of course essential to the maintenance of the ISMS continual process improvement.
/cobramark3
August 12, 2011 | Categories: Legal, News, Standards and Procedure | Tags: Computer Forensics, Digital Forensics, ISO 17020 Standards, ISO 17025 Standards, ISO 27001 standards, ISO 27002 Best Practice, Standard Operating Procedures, Standards and Procedure | Comments Off on Digital Forensics – ISO 27001, ISO 17025, ISO 17020 – Compliance, Accreditation and Best Practice