watching you watching us . .

Standards and Procedure

Securing Freedom, What Tactics Should and Currently are Being Used to Combat Criminal Exploitation of the Internet, and is it Legal or Proportionate ?

A few recent broadcasts not too be missed..

Stephen Grey investigates the use of computer hacking by the police and security agencies to combat criminal exploitation of the internet and asks if it is legal.

“.. RIPA .. range of surveillance powers.. unspecified hardware/software, keyloggers..

software installed on suspect computers could be considered breaking section 3 of Computer Misuse Act, by altering data..

lack of clarity from authorities, Article 8 Human Rights Act, scope of states power must be disclosed and made clear what authorities will or won’t use ..

William Hague, who speaks for the government on computer security issues, said: “Any export of goods that could be used for internal repression is something we would want to stop” .. He also admitted the law governing software exports was a grey area ..”

UK firm denies ‘cyber-spy’ deal with Egypt
Stephen Grey, File on 4, BBC Radio 4, 20 September 2011
http://www.bbc.co.uk/news/technology-14981672 – (Full Broadcast) – last access 23 September 2011

~

Excellently delivered by Eliza, offering public insight into reasons behind securing freedom and perceived hypocrisy.

Her second Reith lecture of 2011, the former director-general of the British Security Service (MI5), Eliza Manningham-Buller, discusses policy priorities since 9/11. She reflects on the Arab Spring, and argues that the West’s support of authoritarian regimes did, to some extent, fuel the growth of al-Qaeda.

The Reith Lectures – Securing Freedom: 2011 : Freedom
Eliza Manningham-Buller, BBC Radio 4, 20 September 2011
http://www.bbc.co.uk/iplayer/episode/p00k4053/The_Reith_Lectures_Eliza_ManninghamBuller_Lecture_3_Freedom/ – (Full Broadcast) – last access 23 September 2011

Her first and the previous Reith Lecture:

The Reith Lectures – Securing Freedom: 2011 : Security
Eliza Manningham-Buller, BBC Radio 4, 13 September 2011
http://www.bbc.co.uk/iplayer/episode/b014fcyw/The_Reith_Lectures_Securing_Freedom_2011_Eliza_ManninghamBuller_Security/ – (Full Broadcast) – last access 23 September 2011

/cobramark3

Advertisements

New CESG initiative builds on IISP Skills Framework in drive for greater professionalism in Information Assurance

“.. As part of the UK Government’s investment in cyber security, a consortium comprising the IISP (Institute of Information Security Professionals), CREST (Council for Registered Ethical Security Testers) and Royal Holloway’s Information Security Group (ISG) has been appointed by CESG to provide certification for UK Government Information Assurance (IA) professionals. The consortium has been awarded a licence to issue the CESG Certified Professional Mark based on the IISP Skills Framework, as part of a certification scheme driven by CESG, the IA arm of GCHQ ..

step forward in professionalising key Information Assurance roles needed by the public sector. It is also an important development along the path of securing the UK against cyber attack and protecting government and individuals’ data. CESG looks forward to continuing close co-operation with the IISP, CREST and Royal Holloway in delivering this IA Certification Service ..”

New CESG initiative builds on IISP Skills Framework in drive for greater professionalism in Information Assurance
PR-Inside, 22 September 2011
http://www.pr-inside.com/new-cesg-initiative-builds-on-iisp-r2823053.htm – last access 23 September 2011 – (Full article)

New CESG initiative builds on IISP Skills Framework
Forensic Focus, 22 September 2011
http://www.forensicfocus.com/index.php?name=News&file=article&sid=1730 – last access 23 September 2011 – (Full article)

/cobramark3


Review of Disclosure in Criminal Proceedings (Judiciary of England and Wales)

” This is a review (“the review”) conducted at the request of and for the Lord Chief Justice, prompted by concerns as to the operation of the disclosure regime contained in the Criminal Procedure and Investigations Act 1996, as amended (“the CPIA”). ”

Review of Disclosure in Criminal Proceedings (Judiciary of England and Wales)
The Rt Hon. Lord Justice Gross
September 2011

Full Report: http://www.judiciary.gov.uk/Resources/JCO/Documents/Reports/disclosure-review-september-2011.pdf

/cobramark3


The UK Forensic Science Society: Launch of the Digital Forensic Component Standards

The Society has announced the extension of its accreditation scheme to include two new Component Standards to address digital forensics:

  • Computer Network Evidence Recovery and Analysis
  • Digital Evidence Analysis Recovery and Preservation

These two new Standards plus the Core Standard of Interpretation, Evaluation and Presentation of Evidence (IEPE) make up the new Digital Component Standards.

http://www.forensic-science-society.org.uk/Accreditation/Launchofdigitalstandards

Launch event in the afternoon on 19th October 2011:
http://www.forensicsciencesociety.co.uk/Events/2011/Digital%20Launch

/cobramark3


Digital Forensics – ISO 27001, ISO 17025, ISO 17020 – Compliance, Accreditation and Best Practice

The United Kingdom Accreditation Service (UKAS) accredits against ISO 17025 and ISO 17020 and this is seen as an integral part of the quality framework and an expectation for those supplying forensic science services.

ISO 17025 can be applied to accredit any general laboratory and ASCLD-LAB, special purpose forensic laboratories.

Digital forensics is also key in implementing and maintaining an effective information security management system (ISMS) as specified by the ISO27001.

Control A.13.2.3 of the ISO 27001 Standard requires: in the event of a security incident any evidence presented in a criminal or civil action against an individual or company must fully conform to all relevant legislation. While this requirement is fairly obvious, it is crucial to the success of the legal process that the digital evidence is collected as accurately and reliably as possible.

The best practice as defined in clause 13.2.3 of the ISO 27002 Code of Practice (not a management standard, only best practice, cannot be accredited) recommends the preparation of an investigation procedure which includes the forensic collection of digital evidence together with the originals of all documents and witness details.

All such plans are major contributors to ensuring conformance to Clause 7.3 of the ISO 27001 Standard on preventative action which is of course essential to the maintenance of the ISMS continual process improvement.

/cobramark3