$30 off During Our Annual Pro Sale. View Details »

Forensic Science and Information Security: Life...

ScienceandTech
August 10, 2019
Technology
1
360

Forensic Science and Information Security: LifeTime Lovers, Part-Time Friends

Forensic Science and Information Security are very parallel fields. They are both methodical in nature and often one area builds succinctly on top of the other. With the ability to have a specialty in various areas, it is interesting that the two do not often merge together and share policies and procedures. You see Forensic Scientists often are called in at the “endpoint.” Usually, it is at the scene of a crime, only giving the final “product” and must work backwards to build a story for what initially happened. In Information Security, with the rapid growth of exposure to data, specifically PHI, it is evident that it would be beneficial for both communities to work together. With my area of extended knowledge and expertise in Forensic and Clinical Toxicology, I am often met with various attempts to “social engineer” me out of patient results to having sent incorrect reports to clients (not on purpose of course). In a Toxicology lab, whether government (local, state or federal) or private, PHI is the utmost important issue. Scientists adhere to the policies and procedures of the SCIENTIFIC aspect of the organization, but not always to the INFORMATION SECURITY aspect of the organization. Let’s chat a little about how to make both industries more aware how they are really Lifetime Lovers and Part-time Friends.

ScienceandTech

August 10, 2019
Tweet

Other Decks in Technology

See All in Technology
Zennのパフォーマンスモニタリングでやっていること
ryosukeigarashi
0
690
Entra ID の基礎(Japan Microsoft 365 コミュニティ カンファレンス 2024)
murachiakira
2
640
Amazon Forecast亡き今、我々がマネージドサービスに頼らず時系列予測を実行する方法
sadynitro
0
200
心が動くエンジニアリング ── 私が夢中になる理由
16bitidol
0
140
Entra ID の多要素認証(Japan Microsoft 365 コミュニティ カンファレンス 2024 )
murachiakira
0
390
生成AIが変えるデータ分析の全体像
ishikawa_satoru
0
310
'24/11月開催 Visual Studio CodeのDev Containersを使って開発環境構築してみよう
devops_vtj
0
130
もう一度、 事業を支えるシステムに。
leveragestech
5
1.9k
AWS re:Invent 2024 予選落ちのBedrockアプデをまとめて解説!
minorun365
PRO
1
180
FlutterアプリにおけるSLI/SLOを用いたユーザー体験の可視化と計測基盤構築
ostk0069
0
310
OS 標準のデザインシステムを超えて - より柔軟な Flutter テーマ管理 | FlutterKaigi 2024
ronnnnn
1
440
SkiaとImpellerについて
moriya0130
0
200

Featured

See All Featured
Embracing the Ebb and Flow
colly
84
4.5k
A better future with KSS
kneath
238
17k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
126
18k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
27
4.3k
Stop Working from a Prison Cell
hatefulcrawdad
267
20k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
How to Ace a Technical Interview
jacobian
276
23k
KATA
mclloyd
29
14k
VelocityConf: Rendering Performance Case Studies
addyosmani
326
24k
Reflections from 52 weeks, 52 projects
jeffersonlam
346
20k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
665
120k
Scaling GitHub
holman
458
140k

Transcript

  1. FORENSIC SCIENCE AND INFORMATION SECURITY PRESENTS: “LIFETIME LOVERS, PART-TIME FRIENDS”

    AUTHORED BY: NAJLA LINDSAY

  2. #WHOAMI? • I am Najla. Jersey Girl. Penn State Grad.

    Criminal Show Junkie. Traveler. Wine Explorer. Bowling Lover. Forensic Scientist by Trade. Cybersecurity Enthusiast. Pentester Neophyte.

  3. #WHATISONTHEAGENDA? ▪ Quick Survey of the room ▪ General Background

    of Forensic Science

  4. #AUDIENCECHECK • SCIENTISTS in the room? • INFORMATION SECURITY professionals

    in the room? • MEDICAL professionals in the room? • CAREER TRANSITIONERS in the room? • CRIME SHOW watchers?

  5. FORENSIC SCIENCE, YOU SAY?!? • Latin word forensis: public, to

    the forum or public discussion; argumentative, rhetorical, belonging to debate or discussion. • A relevant, modern definition of FORENSIC is: relating to, used in, or suitable to a court of law (Merriam Webster Dictionary, www.merriam-webster.com). • ANY science used for the purposes of the law is a forensic science. • Source: https://www.aafs.org/home-page/students/choosing-a-career/what-is-forensic-science • Forensics is concerned with the recognition, identification, individualizations and evaluation of physical evidence using the methods of natural sciences. • Source: www.coehsem.com/forensic-science-pathway

  6. WHAT DO FORENSIC SCIENTISTS DO? SCIENTISTS first and foremost. It

    becomes classified as “FORENSIC” when our knowledge is used to help in ANY legal proceeding, CRIMINAL OR CIVIL. Accurate, methodical, detailed and above all, unbiased. Report writing Testify Government, Public AND Private sector, in labs and/or as consultants.

  7. DISCIPLINES OF FORENSIC SCIENTISTS • Anthropology • Criminalistics • Digital

    & Multimedia Sciences • Engineering & Applied Sciences • General • Jurisprudence • Odontology • Pathology/Biology • Psychiatry & Behavioral Science • Questioned Documents • Toxicology

  8. WHAT IS INFORMATION SECURITY? • The protection of information and

    information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity and availability. • Source: https://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf (retiring July 2019) • Information can be physical or electrical. At the core of Information Security is Information Assurance, which means the act of maintaining CIA of information, ensuring that information is not compromised in any way when critical issues arise. • Source: https://www.geeksforgeeks.org/what-is-information-security/

  9. WHAT DO INFORMATION SECURITY PROFESSIONALS DO? • PROTECT • IMPROVE

    & INCREASE • REVIEW & VALIDATE • CONDUCT • IMPLEMENT and SUPPORT • DEVELOP Source: https://www.cia.gov/careers/opportunities/support-professional/information-assurance.html

  10. DISCIPLINES OF INFORMATION SECURITY • Artificial Intelligence • Web and

    Mobile Application Security • Aviation • Blockchain • Blue Team / Defensive Security • Cloud Security • Cryptography • Privacy • Internet of Things • Social Engineering • Red Team / Offensive Security • Penetration Testing • Industrial Control Systems

  11. NITTY GRITTY: WHY DO THESE 2 FIELDS NOT WORK MORE

    CLOSELY?

  12. CLINICAL & FORENSIC TOXICOLOGY PERSPECTIVE PHI & PII Protected Health

    Information (PHI) Personable Identifiable Information (PII) “ENDPOINTS” We are given the endpoint of it all: crime scene, deceased bodies and bodily fluids, drug testing “Social Engineering” Results

  13. LIFE. TIME. LOVERS. • DOCUMENTATION • VARIOUS DISCIPLINES • BREACHES

    • https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf • https://www.nacdl.org/criminaldefense.aspx?id=20373 • https://www.theguardian.com/uk-news/2019/jun/21/police-suspend-work-with-major-forensics-firm-after- cyber-attack • https://newyork.cbslocal.com/2019/06/03/nearly-12-million-quest-diagnostics-patients-may-have-had-info- exposed-in-data-breach/

  14. LIFE. TIME. LOVERS. • GOVERNANCE, COMPLIANCE & ETHICS • Governance-

    corporation dependent • NIST, HIPAA, DOJ, CAP**, DEA**,SOFT**, ASCLD**, ASCLD-LAB**, CLIA**, SOX, FDCC, ISO, GDPR*, SAMHSA**, OSAC**, • CODE OF ETHICS

  15. PART. TIME. FRIENDS. • 3rd party vendor software (LIMS, Orchard

    Harvest) reporting out results • Controls are within the software AND not through IT/Security group USER ACCEPTANCE TESTING • Identify, Assess, Treat RISKS • 6 Types for Forensic Science •Source: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5514178/ • Hacking & Computer Crime, Privacy •Source: https://www.researchgate.net/publication/307863852_Role_of_Ethics_in_Information_Security ETHICS

  16. PART. TIME. FRIENDS. • MEDICAL DEVICES DEFINED: A device is:

    "an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory which is: ….. • recognized in the official National Formulary, or the United States Pharmacopoeia, or any supplement to them, • intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals, or • intended to affect the structure or any function of the body of man or other animals, and which does not achieve its primary intended purposes through chemical action within or on the body of man or other animals and which does not achieve its primary intended purposes through chemical action within or on the body of man or other animals and which is not dependent upon being metabolized for the achievement of its primary intended purposes. The term "device" does not include software functions excluded pursuant to section 520(o). • Source: https://www.fda.gov/medical-devices/classify-your-medical-device/product-medical-device

  17. PART. TIME. FRIENDS. • DIGITAL FORENSICS & INCIDENT RESPONSE #DFIR

    Source: https://www.sciencedirect.com/science/article/pii/S1742287618304304?via%3Dihub
  18. None

  19. LET’S MEET IN THE MIDDLE • DOCUMENTATION IS KEY!!! •

    Check your Access Controls- all of the lab does not need access to every test run on a patient • Segment your networks!! • FAILURE TO COMPLY RESULTS IN LOSS REVENUE, RESTRICTIONS, AUDITING & FINES!!! • Scientists talk to IT/Security & Vice Versa • Check the 3rd party vendor equipment as well and then have your IT/Security group RECHECK IT. • DF & IR- get training from Forensic Scientists (webinars, local government entities)

  20. THANK YOU!! BIOHACKING VILLAGE TWITTER INFOSEC COMMUNITY IZZY, STEPH, MAGEN,

    JAI, ZAY, MO CYBRARY COMMUNITY ANY & EVERY ONE Twitter: @FORSCI_Q https://www.forensicsandinfosec.tech/