Forensic Science and Information Security: LifeTime Lovers, Part-Time Friends

Forensic Science and Information Security: LifeTime Lovers, Part-Time Friends

Forensic Science and Information Security are very parallel fields. They are both methodical in nature and often one area builds succinctly on top of the other. With the ability to have a specialty in various areas, it is interesting that the two do not often merge together and share policies and procedures. You see Forensic Scientists often are called in at the “endpoint.” Usually, it is at the scene of a crime, only giving the final “product” and must work backwards to build a story for what initially happened. In Information Security, with the rapid growth of exposure to data, specifically PHI, it is evident that it would be beneficial for both communities to work together. With my area of extended knowledge and expertise in Forensic and Clinical Toxicology, I am often met with various attempts to “social engineer” me out of patient results to having sent incorrect reports to clients (not on purpose of course). In a Toxicology lab, whether government (local, state or federal) or private, PHI is the utmost important issue. Scientists adhere to the policies and procedures of the SCIENTIFIC aspect of the organization, but not always to the INFORMATION SECURITY aspect of the organization. Let’s chat a little about how to make both industries more aware how they are really Lifetime Lovers and Part-time Friends.

A64ef1b9cad5a59206e256fc33d03563?s=128

ScienceandTech

August 10, 2019
Tweet

Transcript

  1. 2.

    #WHOAMI? • I am Najla. Jersey Girl. Penn State Grad.

    Criminal Show Junkie. Traveler. Wine Explorer. Bowling Lover. Forensic Scientist by Trade. Cybersecurity Enthusiast. Pentester Neophyte.
  2. 4.

    #AUDIENCECHECK • SCIENTISTS in the room? • INFORMATION SECURITY professionals

    in the room? • MEDICAL professionals in the room? • CAREER TRANSITIONERS in the room? • CRIME SHOW watchers?
  3. 5.

    FORENSIC SCIENCE, YOU SAY?!? • Latin word forensis: public, to

    the forum or public discussion; argumentative, rhetorical, belonging to debate or discussion. • A relevant, modern definition of FORENSIC is: relating to, used in, or suitable to a court of law (Merriam Webster Dictionary, www.merriam-webster.com). • ANY science used for the purposes of the law is a forensic science. • Source: https://www.aafs.org/home-page/students/choosing-a-career/what-is-forensic-science • Forensics is concerned with the recognition, identification, individualizations and evaluation of physical evidence using the methods of natural sciences. • Source: www.coehsem.com/forensic-science-pathway
  4. 6.

    WHAT DO FORENSIC SCIENTISTS DO? SCIENTISTS first and foremost. It

    becomes classified as “FORENSIC” when our knowledge is used to help in ANY legal proceeding, CRIMINAL OR CIVIL. Accurate, methodical, detailed and above all, unbiased. Report writing Testify Government, Public AND Private sector, in labs and/or as consultants.
  5. 7.

    DISCIPLINES OF FORENSIC SCIENTISTS • Anthropology • Criminalistics • Digital

    & Multimedia Sciences • Engineering & Applied Sciences • General • Jurisprudence • Odontology • Pathology/Biology • Psychiatry & Behavioral Science • Questioned Documents • Toxicology
  6. 8.

    WHAT IS INFORMATION SECURITY? • The protection of information and

    information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity and availability. • Source: https://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf (retiring July 2019) • Information can be physical or electrical. At the core of Information Security is Information Assurance, which means the act of maintaining CIA of information, ensuring that information is not compromised in any way when critical issues arise. • Source: https://www.geeksforgeeks.org/what-is-information-security/
  7. 9.

    WHAT DO INFORMATION SECURITY PROFESSIONALS DO? • PROTECT • IMPROVE

    & INCREASE • REVIEW & VALIDATE • CONDUCT • IMPLEMENT and SUPPORT • DEVELOP Source: https://www.cia.gov/careers/opportunities/support-professional/information-assurance.html
  8. 10.

    DISCIPLINES OF INFORMATION SECURITY • Artificial Intelligence • Web and

    Mobile Application Security • Aviation • Blockchain • Blue Team / Defensive Security • Cloud Security • Cryptography • Privacy • Internet of Things • Social Engineering • Red Team / Offensive Security • Penetration Testing • Industrial Control Systems
  9. 12.

    CLINICAL & FORENSIC TOXICOLOGY PERSPECTIVE PHI & PII Protected Health

    Information (PHI) Personable Identifiable Information (PII) “ENDPOINTS” We are given the endpoint of it all: crime scene, deceased bodies and bodily fluids, drug testing “Social Engineering” Results
  10. 13.

    LIFE. TIME. LOVERS. • DOCUMENTATION • VARIOUS DISCIPLINES • BREACHES

    • https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf • https://www.nacdl.org/criminaldefense.aspx?id=20373 • https://www.theguardian.com/uk-news/2019/jun/21/police-suspend-work-with-major-forensics-firm-after- cyber-attack • https://newyork.cbslocal.com/2019/06/03/nearly-12-million-quest-diagnostics-patients-may-have-had-info- exposed-in-data-breach/
  11. 14.

    LIFE. TIME. LOVERS. • GOVERNANCE, COMPLIANCE & ETHICS • Governance-

    corporation dependent • NIST, HIPAA, DOJ, CAP**, DEA**,SOFT**, ASCLD**, ASCLD-LAB**, CLIA**, SOX, FDCC, ISO, GDPR*, SAMHSA**, OSAC**, • CODE OF ETHICS
  12. 15.

    PART. TIME. FRIENDS. • 3rd party vendor software (LIMS, Orchard

    Harvest) reporting out results • Controls are within the software AND not through IT/Security group USER ACCEPTANCE TESTING • Identify, Assess, Treat RISKS • 6 Types for Forensic Science •Source: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5514178/ • Hacking & Computer Crime, Privacy •Source: https://www.researchgate.net/publication/307863852_Role_of_Ethics_in_Information_Security ETHICS
  13. 16.

    PART. TIME. FRIENDS. • MEDICAL DEVICES DEFINED: A device is:

    "an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory which is: ….. • recognized in the official National Formulary, or the United States Pharmacopoeia, or any supplement to them, • intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals, or • intended to affect the structure or any function of the body of man or other animals, and which does not achieve its primary intended purposes through chemical action within or on the body of man or other animals and which does not achieve its primary intended purposes through chemical action within or on the body of man or other animals and which is not dependent upon being metabolized for the achievement of its primary intended purposes. The term "device" does not include software functions excluded pursuant to section 520(o). • Source: https://www.fda.gov/medical-devices/classify-your-medical-device/product-medical-device
  14. 17.

    PART. TIME. FRIENDS. • DIGITAL FORENSICS & INCIDENT RESPONSE #DFIR

    Source: https://www.sciencedirect.com/science/article/pii/S1742287618304304?via%3Dihub
  15. 18.
  16. 19.

    LET’S MEET IN THE MIDDLE • DOCUMENTATION IS KEY!!! •

    Check your Access Controls- all of the lab does not need access to every test run on a patient • Segment your networks!! • FAILURE TO COMPLY RESULTS IN LOSS REVENUE, RESTRICTIONS, AUDITING & FINES!!! • Scientists talk to IT/Security & Vice Versa • Check the 3rd party vendor equipment as well and then have your IT/Security group RECHECK IT. • DF & IR- get training from Forensic Scientists (webinars, local government entities)
  17. 20.

    THANK YOU!! BIOHACKING VILLAGE TWITTER INFOSEC COMMUNITY IZZY, STEPH, MAGEN,

    JAI, ZAY, MO CYBRARY COMMUNITY ANY & EVERY ONE Twitter: @FORSCI_Q https://www.forensicsandinfosec.tech/