Article

Plentiful resources, certifications for combating cybercrime

Ed Tittel, Contributor

In the aftermath of September 11 and numerous well-publicized exploits, viruses and worms since 2000, IT professionals are more sensitized to information security matters than ever before.

FOR MORE INFORMATION:

    Requires Free Membership to View

SearchSecurity.com news exclusive: "Cert spotlight: Hype is high over Security+"

SearchSecurity.com news exclusive: "Cert spotlight: CISSPs 'know' security"

Best Web Links on security training

SearchSecurity expert advice: "Certifications with a focus on forensics:"


There are various professional organizations, resources and certifications of potential interest to those who need to learn more about what's involved in securing, protecting, investigating and analyzing the evidence necessary to handle security incidents when they occur, and to prosecute individuals or groups alleged to have perpetrated computer-related crimes or attacks.

The community of individuals involved in such activities is quite interesting, and represents a real cross-section of investigators and analysts from law enforcement, military and classified communities along with full-time IT professionals charged with handling security incidents for their organizations.

All these groups share an abiding interest in information security, but law enforcement-types tend to look at things more in terms of gathering, securing and maintaining the evidence necessary to prosecute malefactors. Other professionals more often look at things in terms of causes, effects, remediation and cures. Both outlooks can benefit from understanding each other's primary concerns, interests and activities.

The roles involved when dealing with possible computer crimes, network break-ins, attacks and so forth, often include the following:

  • Incident response: Individual(s) identified in an organization's security policy charged with responding to and handling security incidents (and also, with involving law enforcement where required or necessary).
  • Incident remediation: Individual(s) charged by an incident-response team with repairing damage done, restoring lost data or services affected and with taking necessary steps to prevent recurrences.
  • Incident investigation: Individual(s), under the direction of a lead investigator, charged with identifying the cause(s) and perpetrator(s) of the incident and with gathering, protecting, maintaining and presenting evidence. This usually involves law enforcement professionals, only if the victim of an incident decides to pursue legal remedies, makes claims for lost income or property or seeks criminal prosecution.
  • Incident analysis: Individual(s) who examine the evidence related to the incident to establish a sequence of related events and to prepare a case against one or more perpetrators resulting from such analysis.

A number of certifications aim at the investigation or forensics (analysis of evidence) aspects of security incidents, including the following:

  • CCCI -- Certified Computer Crime Investigator (Basic and Advanced)
    The CCCI aims at law enforcement and IT professionals seeking to specialize in investigative matters. Basic requirements include two years of experience (or a college degree plus one year of experience), 18 months of investigations experience, 40 hours of computer crimes training and documented experience from at least 10 cases investigated. Advanced requirements bump experience to three years, four years of investigations, 80 hours of training and involvement as a lead investigator in 20 cases with involvement in over 60 cases overall.
    Source: High Tech Crime Network certifications
  • CCFT -- Certified Computer Forensics Technician (Basic and Advanced)
    The CCFT aims at law enforcement and private IT professionals seeking to specialize in forensics matters. Basic requirements include two years of experience (or a college degree plus one year of experience), 18 months of forensics experience, 40 hours of computer forensics training and documented experience from at least 10 cases investigated. Advanced requirements bump experience to three years, four years of investigations, 80 hours of training and involvement as a lead investigator in 20 cases with involvement in over 60 cases overall.
    Source: High Tech Crime Network certifications
  • CFCE -- Computer Forensic Computer Examiner
    The International Association of Computer Investigative Specialists (IACIS) offers this credential to law enforcement and industry personnel alike. Candidates must have broad knowledge, training or experience in computer forensics, including forensic procedures and standards, as well as ethical, legal and privacy issues. Certification includes both hands-on performance-based testing as well as a written exam.
    Source: Computer Forensic Certification
  • PCI -- Professional Certified Investigator
    A high-level certification from the American Society for Industrial Security for those who specialize in investigating potential cybercrimes. Thus, in addition to technical skills, this certification concentrates on testing individuals' knowledge of legal and evidentiary matters required to present investigations in a court of law, including case management, evidence collection and case presentation. Requires seven-to-nine years of investigation experience, with at least three years in case management (a bachelor's degree or higher counts for up to two years of such experience) and a clean legal record for candidates.
    Source: ASIS International Certification

In addition, most of the vendor-neutral security certifications and many of the vendor-specific programs include at least high-level coverage of the legal niceties and technical concepts involved in incident handling, investigation and analysis, as well as a high-level description of requirements for gathering, preserving and maintaining a well-documented chain of evidence that meets legal standards.

Likewise, numerous organizations and publications devote themselves to topics related to digital evidence -- which sits at the heart of investigations and forensics for both legal and technical reasons. The best of these include:

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: