A forensic framework for handling information privacy incidents

IFIP Advances in Information and Communication Technology

Volumn 306, Issue , 2009, Pages 143-155

  Reddy, Kamil ^a   Venter, Hein ^a  

^a NONE

Author keywords

Forensic readiness capability; Information privacy incidents

Indexed keywords

ELECTRONIC CRIME COUNTERMEASURES;

BUSINESS PROCESS; FORENSIC PROCEDURES; FORENSIC READINESS; HIGH LEVEL POLICIES; INFORMATION PRIVACY; ORGANIZATIONAL FUNCTIONS;

DIGITAL FORENSICS;

EID: 84943538687     PISSN: 18684238     EISSN: 1868422X     Source Type: Book Series    
DOI: 10.1007/978-3-642-04155-6_11     Document Type: Conference Paper

References (23)

1. [1] G. Antoniou, L. Sterling, S. Gritzalis and P. Udaya, Privacy and forensics investigation process: The ERPINA protocol, Computer Standards and Interfaces, vol. 30(4), pp. 229–236, 2008.
2. [2] H. Berghel, BRAP forensics, Communications of the ACM, vol. 51(6), pp. 15–20, 2008.
3. [3] H. Burkert, Privacy-enhancing technologies: Typology, critique, vision, in Technology and Privacy: The New Landscape, P. Agre and M. Rotenberg (Eds.), MIT Press, Cambridge, Massachusetts, pp. 125–142, 1997.
4. [4] M. Caloyannides, Privacy Protection and Computer Forensics, Artech House, Norwood, Massachusetts, 2004.
5. Canadian Institute of Chartered Accountants, Generally Accepted Privacy Principles, Toronto, Canada (www.cica.ca/index.cfm/ciid/258/laid/1.htm).
6. [6] B. Carrier and E. Spafford, An event-based digital forensic investigation framework, Proceedings of the Fourth Digital Forensic Research Workshop, 2004.
7. R. Clarke, Introduction to Dataveillance and Information Privacy and Definitions of Terms, Xamax Consultancy, Chapman, Australia (www.rogerclarke.com/DV/Intro.html), 2006.
8. [8] B. Endicott-Popovsky, D. Frincke and C. Taylor, A theoretical framework for organizational network forensic readiness, Journal of Computers, vol. 2(3), pp. 1–11, 2007.
9. [9] R. Gellman, Does privacy law work? in Technology and Privacy: The New Landscape, P. Agre and M. Rotenberg (Eds.), MIT Press, Cambridge, Massachusetts, pp. 193–218, 1997.
10. International Association of Privacy Professionals, IAPP Privacy Certification, York, Maine (www.privacyassociation.org/index.php?option=comcontent&task=view&id=17&Itemid=80).
11. [11] Y. Jordaan, South African Consumers’ Information Privacy Concerns: An Investigation in a Commercial Environment, Ph.D. Thesis, Department of Marketing and Communication Management, University of Pretoria, Pretoria, South Africa, 2003.
12. [12] S. Lau, Good privacy practices and good corporate governance – Hong Kong experience, Proceedings of the Twenty-Third International Conference of Data Protection Commissioners, 2001.
13. [13] V. Luoma, Computer forensics and electronic discovery: The new management challenge, Computers and Security, vol. 25(2), pp. 91–96, 2006.
14. [14] G. Mohay, Technical challenges and directions for digital forensics, Proceedings of the First International Workshop on Systematic Approaches to Digital Forensic Engineering, pp. 155–161, 2005.
15. M. Noblett, M. Pollitt and L. Presley, Recovering and examining computer forensic evidence, Forensic Science Communications, vol. 2(4), 2000.
16. [16] A. Oliver-Lalana, Consent as a threat: A critical approach to privacy negotiation in e-commerce practices, Proceedings of the First International Conference on Trust and Privacy in Digital Business, pp. 110–119, 2004.
17. Organization for Economic Cooperation and Development, OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, Paris, France (www.oecd.org/document/18/0,3343,en26493425518151861111,00.html).
18. [18] K. Reddy and H. Venter, Privacy Capability Maturity Models within telecommunications organizations, Proceedings of the Southern African Telecommunication Networks and Applications Conference, 2007.
19. R. Rowlingson, A ten step process for forensic readiness, International Journal of Digital Evidence, vol. 2(3), 2004.
20. South African Law Reform Commission, Privacy and Data Protection, Discussion Paper 109, Project 124, Pretoria, South Africa (www.doj.gov.za/salrc/dpapers.htm), 2005.
21. [21] C. Taylor, B. Endicott-Popovsky and D. Frincke, Specifying digital forensics: A forensics policy approach, Digital Investigation, vol. 4(S1), pp. 101–104, 2007.
22. [22] H. Wolf, The question of organizational forensic policy, Computer Fraud and Security, vol. 2004(6), pp. 13–14, 2004.
23. [23] A. Yasinsac and Y. Manzano, Policies to enhance computer and network forensics, Proceedings of the Second IEEE Workshop on Information Assurance and Security, pp. 289–295, 2001.