Over the past few years, as internet has become a vital part of organizations in the information processing activities, various threats have arisen. The organization's information systems are highly vulnerable to security threats both from internal and external sources, however the internal factors result in more serious risks. Due to the presence of internal threats, data theft and violating corporate data security policies have become serious organizational issues. The major reason for the increased probability of data theft activities by the employees is the fact that information has now become much more portable as compared to in the past (Hoog, et.al, 2010), due to the electronic nature of documents. The employees can easily cheat the company by selling information to anyone; they can simply email the information, or can copy and take the information in their flash, and other portable storage media.
This paper will discuss the initial steps information security consultant would take for the investigation of data theft, the places which would be investigates, the process to be used for email investigation, the process to be used to recover data from the suspected employee's computer, and the tools that would be used during the entire investigation process.
Initial Actions
The internal threats can cause more serious damage for the organization, as compared to the external threats. When compared to an outsider attack, the malicious insider threat can have exponentially far greater affect on the organization's information security (Colwill, 2010). The employees can cause damages to the company's information system infrastructure, both intentionally and unintentionally. As the employees are more aware about the information system architecture, nature and value of information, they can misuse the information for personal or monetary benefits. For example, the employees may sell the information about company's processes and policies to the competitors. To avoid such kind of information theft, the organization must explain the information security policies and punishments to the employees as soon as they join the company (Dine and Ontrack, 2012).
In the organization under consideration, it has been clearly identified that an employee has been misusing the corporate information. He is suspected for emailing the sensitive corporate information to another email ID, which may or may not belong to him. The suspect has been engaged in this unethical activity for more than 10 days, while he is still unaware about any suspects. Thus, employee has been suspected for committing cyber crime or fraud, as he has been misusing the corporate information.
While conducting the data theft investigation, the first step for the consultant is to find out the nature of information, and the extent to which the data has been compromised. As the management of company is already suspicious that certain employee has been engaged in data theft activities through emailing software, as a very first step, it should be tried to find out the nature of information which the employee has been stealing, or has been suspected to steal. This analysis would help the consultant in finding out ...