Information Technology Reference
In-Depth Information
ce to be accepted in a court of law. Many best practices have been developed worldwide
which are used to ensure observance of forensic investigation procedures.
Computer forensic experts make use of various tools to investigate crimes committed on
computer systems. Some of the tools include MailXaminer used for collecting evidence
from 20+ mailbox formats, WindowsSCOPE used to analyse a computer's volatile
memory, and Forensic Explorer (FEX) used as a multipurpose computer forensic tool.
The major challenge of computer forensics is ensuring that evidence is not contaminated
or tampered with. Computer forensics specialists and enterprises involved in computer
forensics have developed advanced systems which are used to collect evidence from com-
puter systems without tampering with the evidence.
Computer forensics is a specialised field and has legal implications when investigating and
collecting evidence. It is a recommendation that IS audit teams make use of experts when
working on IS audits which require forensic investigations.
Cloud Computing Security Auditing
Cloud computing is a new IT solution which is growing in terms of usage. Many enter-
prises that would like to cut costs and also move away from administering large and com-
plex IT systems have taken up cloud computing services. Cloud computing is growing in
popularity and is considered by many enterprises to be a better option than managing an IT
infrastructure themselves.
Application systems can be run from the cloud in a similar way an enterprise would run
application systems from the local data centre. Most enterprises using cloud computing ser-
vices have moved most of their core application systems, such as ERP and email systems
into the cloud.
The major concern with cloud computing is security. Many enterprises do not feel secure
to have their data and information stored in the cloud with many other enterprises located
on the same virtual servers. Whilst the concern is rightly so, enterprises offering cloud ser-
vices have gone an extra mile to ensure that client systems are secure. A client or enterprise
using cloud computing is normally given its own virtual space on the cloud infrastructure
which is secure and only available to a specific enterprise. Cloud solution providers also
offer dedicated physical servers to host application systems and data.
Auditing a cloud computing infrastructure would require a good understanding of the se-
curity architecture and systems used to run the infrastructure. This would help the IS audit
team understand how security is implemented by the cloud service provider. The first audit
objective would be to assess security at the hosting site. Secondly, the audit team might
consider reviewing security for application systems, data, and other systems the enterprise
Search WWH ::
Custom Search