Rod, I work as a Senior Systems Analyst (IS Security) for a large pediatric healthcare facility in a very conservative Midwest city in the US (Cincinnati, Ohio). I have been designated as the primary forensic examiner for this organization after much self-study (including hands-on) and a subtle hint or two to my supervisor. Despite technically being a healthcare environment, research is a huge portion of our organization's missions, so it's really like working in an academic environment. What makes this statement unusual is that security (physical and digital) is taken *very* seriously here, and we've been able to make inroads that were not possible in other organizations I've worked for. My previous experience reflects that higher learning institutions here valued academic "freedom" rather than prudent security measures and policies, and I think that's still the case in this geographic area. Quite a paradox, eh? The information security market in Cincinnati seems to be very poor. Most of the larger companies based here have only a handful of people dedicated to infosec, and I know of nobody else in the private sector here doing criminal-grade forensic investigations. Even in the local banking industry, budgets do not seem to (or barely) validate the organization's stated commitment to information assurance. Medium-sized companies here seem to load infosec duties on alread overtaxed network admins, and I suspect only those admins who already have an established interest in infosec really do an effective job at protecting their information resourses. I have also heard evidence of "remediate and forget" attitudes here in the face of compromises, especially in the banking industry (which I would bet is typical world-wide). To get back to your original question, I think we are headed for some increased forensic emphasis and activity here, even if only in the public sector. There is a joint law-enforcement unit (city/county) here (see http://www.hcso.org/Divisions/ADM/RECI_wHeader.shtm ), one of only three in the State of Ohio. Other area departments rely exclusively on RECI for their computer crime investigative needs, and I am not aware of any departments in this county (or surrounding counties) who are planning to establish any similar unit. I personally predict slow, if any, progress in private-sector (including healthcare) forensics, at least in my region. I am currently working with other infosec professionals to help them develop this capability (even as we ourselves crawl and learn to walk). One of my goals is to help establish a local HTCIA chapter. Bear in mind that I cannot speak from experience regarding other regions of the US. Perhaps the forensic landscape differs, but I suspect not. Regards, /sig/ Jason A. Powell, CISSP Senior Systems Analyst Children's Hospital Medical Center Information Services Security (513) 636-1499 jason.powellat_private >>> "Morris, Rod" <Morris.Rodat_private> 10/14/02 09:28AM >>> This specific interview aside, I'd be very interested to hear other opinions on where we're going and what others working in this field think the major technological challenges and developments are likely to be over the next few years... Kind regards, Rod
This archive was generated by hypermail 2b30 : Fri Oct 18 2002 - 08:52:13 PDT