**************question #1 **********
What do you see as the role of computer forensics in recovering from cyber attacks?
Recovering from cyber attack can be difficult especially if the attack resulted in to data loss. However, computer forensic are trained to preempt the attacks and locate the perpetrators and this is very important when it comes to recovering data needed for recovery from cyber attacks. Additional, they are also very useful when it comes to well-timed cyber attack containment (Pearson, 2001).
Computer forensics will be required to provide post attack analysis to determine the nature of the damage, and the extent of the damage. They can provide timely information on the data breaches and the specific information accessed to faster reaction such as enterprise and critical infrastructure information restoration (Grunert, 2011)
Computer forensics is also trained to recover damaged, or stolen / deleted data in the event of cyber attack. This post attack activities are of importance to disaster recovery and smooth running of an enterprise after disaster.
Grunert, F. (2011), "Cyberwar- Probleme für die internationale Politik", Universität Osnabrück.
Pearson, G. (2001), "A Road Map for Digital Forensic Research". Report from DFRWS 2001, First Digital Forensic Research Workshop, Utica, NY.
How might business continuity planning incorporate aspects of computer forensics with respect to risk management?
Risk management requires risk preparedness and anticipation. Business continuity planning can incorporate aspects of computer forensics with respect to risk management by developing policies and procedures disaster recovery from awareness to preparedness procedures. These policies would be incorporate in the company’s business continuity planning (Reed, 2013).
A company may also have in place strategic contingency measures to be deployed in the event of cyber attack. All business continuity planning needs to consider cyber attacks as one of the key risk and include adequate resources to cyber attacks. Computer forensics should be considered as one of the key team members of the business continuity planning team (UMUC, 2011)
Digital forensic readiness is also an effective way of incorporating computer forensics in business continuity planning best practice. Making digital forensic readiness, and IS governance as mandatory practice in any organization can contribute to business continuity in the event of cyber attacks (UMUC, 2011)
Finally, Computer forensics usually serves a very important role in organizations incident response planning. Therefore, they can be included as part of the business continuity planning team to develop and audit policies geared at helping the organization identify and mitigate cyber attack risk before they result into costly legal actions (Wilson, &, Wolfe, 2003, pp55-64).
Wolfe-Wilson, J and Wolfe, H.B. (2003) Management strategies for implementing forensic security measures [Electronic version]. Information Security Technical Report Volume 8, Issue 2, June 2003, pp55-64
Robert Reed, ( 2013). Computer Forensics for CEO’s and Managers. Management Information Systems. Eller College of Management
UMUC (2011). CSEC 650 Module 4: Cybercrime Investigation and Digital Forensics CSEC650. Acquisition and Analysis. March 5, 2014, from UMUC Cybercrime Investigation and Digital Forensics: http://tychousa11.umuc.edu