DF2: Patrik Håkansson (Ericsson)
28 mai 2013A talk about corporate forensics by Patrik Håkansson, Group Security Advisor at Ericsson
First he introduced Ericsson, what they do and where they operate. 140000 employees, founded in Sweden, 14.5 billion operational income in 2012, delivering communication equipment to the infrastructure network for supporting mobile phones and the alike. They also manage customers servers.
He stesses it's important to place security high up in the corporate leadership, and how important it is to protect customer data. One example of this is to protect lawful interception interfaces as we saw compromized in the "Athenes affair".
Ericsson source code theft in 2003, an awakening to security. Experiences from explaining technical information in court. "Information security improvement project" creating a roadmap, logging procedures, mapping assets and starting ISO 27001 audit training. Need for forensics competence and tools, first response training and a procedure for dealing with corporate forensics.
He also talks of the benefit of in-house expertise vs. using external consultants for security and forensics in particular
- Knowledge of culture and technology/platforms
- Trusted, committed and loyal staff
- Minimize unwanted exposure (stock marked effects - protect the organization)
It's also important to have a system for reporting security incidents, and to have a safe anonymous way to report corruption, like a whistle blower process (Sarbanes Oxley - laws after economic bank trouble in US)
Having a framework in place also helps on "political" issues explaining and arguing on what must be done, especially when different managers have different views on what must be done.
Forensics in law enforcement vs. business forensics is different. The goal in business forensics is more about improvement while law enforcements is about penelty. Typical workday is about handling people risk, error and fraud, legal challenges, ethical challenges and business challenges (Socio-technical aspects).
Lastly his future perspectives: The cloud, "big data", Bring Your Own Ddevice, Thin clients. How to bundle forensics readiness for the customer in products enabling monitoring and tracing. Corporate forensics as a service. Cloud acquisition, where are the servers?