NIST Cybersecurity Framework

The Framework [1] focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes.

The Framework Core consists of five concurrent and continuous Functions—Identify, Protect, Detect, Respond, Recover.  When considered together, these Functions provide a high-level, strategic view of the lifecycle of an organization’s management of cybersecurity risk.

The State of Cybersecurity

In November and December 2015, ISACA and RSA Conference conducted a global survey of 461 cybersecurity managers and practitioners [1]. Survey participants confirmed that the number of breaches targeting organizational and individual data continues to go unchecked and the sophistication of attack methodologies is evolving. The current state of global cybersecurity remains chaotic, the attacks are not expected to slow down, and almost 75 percent of respondents expect to fall prey to a cyberattack in 2016.

Ministry of Justice Investigation Bureau (MJIB) 法務部調查局 is the criminal-investigation and counter-intelligence agency reporting under the Ministry of Justice in Taiwan.  MJIB has recently announced the findings of ATM heist in Taiwan.

Now You See Me and You Don't

Penetration testing used to be a joyful journey. It is to look for security weaknesses in network, hosts, applications and data access.

Paradise Lost

The paradise has been lost when the penetration tester hit into a web application firewall (WAF). His favorable tools like Nessus and Acunetix turn to a state of helplessness.

Digital forensics in short deals with the application of scientific knowledge for collecting, analyzing, and presenting digital evidence.  Such evidence in digital forensics are found by observing digital artifacts, such as computer systems, storage devices, network devices, related logs and dumps.

Challenges of Digital Forensic Investigations

Civil and Criminal Cases

Civil law and criminal law are two broad and separate entities of law with separate sets of laws and punishments.

According to William Geldart, Introduction to English Law 146 (D.C.M. Yardley ed., 9th ed. 1984),