... In these scenarios centralized logging leads to extremely localized (and short) chains of evi... more ... In these scenarios centralized logging leads to extremely localized (and short) chains of evidence that are difficult to relate to other chains on other ... Industry standards and expert advice in the area of incident handling have traditionally limited the scope of the 'crime scene' to the ...
Purpose Many methodologies exist to assess the security risks associated with unauthorized leak... more Purpose Many methodologies exist to assess the security risks associated with unauthorized leakage, modification and interruption of information used by organisations. This paper argues that these methodologies have a traditional orientation towards the identification and ...
... Breidenbach, S. (2000) 'How Secure Are You? InformationWeek, (800):71-7... more ... Breidenbach, S. (2000) 'How Secure Are You? InformationWeek, (800):71-78. Broadbent, M. (2002) 'CIO Futures Lead with Effective Governance' ICA 36th Conference, Singapore, October 2002. Broadbent, M. (2003) 'Effective IT Governance by Design' Gartner Inc. ...
... SB Maynard 1, AB Ruighaver 2, A. Ahmad 3 1,3 Department of Information Systems, The Universit... more ... SB Maynard 1, AB Ruighaver 2, A. Ahmad 3 1,3 Department of Information Systems, The University of Melbourne ... Baskerville 1988; Swanson 1998) Resource Owner (Tudor 2001) Information Owner (Swanson 1998) Data Providers (Szuba 1998) Junior Management (Warman ...
Current security governance is often based on a centralized decision making model and still uses ... more Current security governance is often based on a centralized decision making model and still uses an ineffective 20th century risk management approach to security. This approach is relatively simple to manage since it needs almost no security governance below the top enterprise level where most decisions are made. However, while there is a role for more corporate governance, new regulations, and improved codes of best practice to address current weak organizational security practices, this may not be sufficient in the current dynamic security environment. Organizational information security must adapt to changing conditions by extending security governance to middle management as well as system/network administrators. Unfortunately the lack of clear business security objectives and strategies at the business unit level is likely to result in a compliance culture, where those responsible for implementing information security are more interested in complying with organizational standards and policies than improving security itself.
... Security Research Centre Conferences 2010 Organisational Learning and Incident Response: Prom... more ... Security Research Centre Conferences 2010 Organisational Learning and Incident Response: Promoting Effective Learning Through The Incident Response Process Piya Shedden University of Melbourne Atif Ahmad University of Melbourne A B. Ruighaver Deakin University ...
Despite the widespread use of computing in almost all functions of contemporary society and the c... more Despite the widespread use of computing in almost all functions of contemporary society and the consequently large number of forensic investigations where computing has been involved, there has been little progress made in adapting the primary mechanism by which computers record past activity, namely event logs to facilitate computer forensic investigation. From an evidence point of view system event logs do not readily conform to the requirements of a forensic investigation. We identify two criteria - Accuracy, and Completeness, and a third criterion - Utility that can be used to assess the evidential weight of system event information derived from event logs and to identify the desirable qualities of a forensically suitable event log.
... we describe FIRESTORM, a tool we developed for the forensic investigation of NT audit logs. .... more ... we describe FIRESTORM, a tool we developed for the forensic investigation of NT audit logs. ... by the investigator allow him/her to visualize any disruptions or anomalous sequences of events ...Anomaly detection is not a new field, it has been researched for a considerable length ...
Many organizations still rely on deterrence to control insider threats and on purely preventive s... more Many organizations still rely on deterrence to control insider threats and on purely preventive strategies to control outsider threats. Such a simple approach to organizational information security is no longer viable given the increasing operational sophistication of current security threat agents and the complexity of information technology infrastructure. Effective implementation of security requires organizations to select a combination of strategies that work in tandem and best suits their security situation. This paper addresses the identification and classification of factors that influence implementation of security strategies in organizations. In this paper, we develop a preliminary architecture that aims to assist organizations in deciding how strategies can be designed to complement each other to improve the cost-effectiveness of security.
... In these scenarios centralized logging leads to extremely localized (and short) chains of evi... more ... In these scenarios centralized logging leads to extremely localized (and short) chains of evidence that are difficult to relate to other chains on other ... Industry standards and expert advice in the area of incident handling have traditionally limited the scope of the 'crime scene' to the ...
Purpose Many methodologies exist to assess the security risks associated with unauthorized leak... more Purpose Many methodologies exist to assess the security risks associated with unauthorized leakage, modification and interruption of information used by organisations. This paper argues that these methodologies have a traditional orientation towards the identification and ...
... Breidenbach, S. (2000) 'How Secure Are You? InformationWeek, (800):71-7... more ... Breidenbach, S. (2000) 'How Secure Are You? InformationWeek, (800):71-78. Broadbent, M. (2002) 'CIO Futures Lead with Effective Governance' ICA 36th Conference, Singapore, October 2002. Broadbent, M. (2003) 'Effective IT Governance by Design' Gartner Inc. ...
... SB Maynard 1, AB Ruighaver 2, A. Ahmad 3 1,3 Department of Information Systems, The Universit... more ... SB Maynard 1, AB Ruighaver 2, A. Ahmad 3 1,3 Department of Information Systems, The University of Melbourne ... Baskerville 1988; Swanson 1998) Resource Owner (Tudor 2001) Information Owner (Swanson 1998) Data Providers (Szuba 1998) Junior Management (Warman ...
Current security governance is often based on a centralized decision making model and still uses ... more Current security governance is often based on a centralized decision making model and still uses an ineffective 20th century risk management approach to security. This approach is relatively simple to manage since it needs almost no security governance below the top enterprise level where most decisions are made. However, while there is a role for more corporate governance, new regulations, and improved codes of best practice to address current weak organizational security practices, this may not be sufficient in the current dynamic security environment. Organizational information security must adapt to changing conditions by extending security governance to middle management as well as system/network administrators. Unfortunately the lack of clear business security objectives and strategies at the business unit level is likely to result in a compliance culture, where those responsible for implementing information security are more interested in complying with organizational standards and policies than improving security itself.
... Security Research Centre Conferences 2010 Organisational Learning and Incident Response: Prom... more ... Security Research Centre Conferences 2010 Organisational Learning and Incident Response: Promoting Effective Learning Through The Incident Response Process Piya Shedden University of Melbourne Atif Ahmad University of Melbourne A B. Ruighaver Deakin University ...
Despite the widespread use of computing in almost all functions of contemporary society and the c... more Despite the widespread use of computing in almost all functions of contemporary society and the consequently large number of forensic investigations where computing has been involved, there has been little progress made in adapting the primary mechanism by which computers record past activity, namely event logs to facilitate computer forensic investigation. From an evidence point of view system event logs do not readily conform to the requirements of a forensic investigation. We identify two criteria - Accuracy, and Completeness, and a third criterion - Utility that can be used to assess the evidential weight of system event information derived from event logs and to identify the desirable qualities of a forensically suitable event log.
... we describe FIRESTORM, a tool we developed for the forensic investigation of NT audit logs. .... more ... we describe FIRESTORM, a tool we developed for the forensic investigation of NT audit logs. ... by the investigator allow him/her to visualize any disruptions or anomalous sequences of events ...Anomaly detection is not a new field, it has been researched for a considerable length ...
Many organizations still rely on deterrence to control insider threats and on purely preventive s... more Many organizations still rely on deterrence to control insider threats and on purely preventive strategies to control outsider threats. Such a simple approach to organizational information security is no longer viable given the increasing operational sophistication of current security threat agents and the complexity of information technology infrastructure. Effective implementation of security requires organizations to select a combination of strategies that work in tandem and best suits their security situation. This paper addresses the identification and classification of factors that influence implementation of security strategies in organizations. In this paper, we develop a preliminary architecture that aims to assist organizations in deciding how strategies can be designed to complement each other to improve the cost-effectiveness of security.
Uploads
Papers by Atif Ahmad