Live forensics analysis: Violations of business security policy

Many more corporate entities today are utilizing ICTs to identify opportunities for innovative and customer-centric, value-added products and services. Indeed, information systems have been key characteristic of any growing and successful businesses, as they utilize ICTs for business value creation. The key motivation for the huge investment in IT infrastructures is to ensure an upsurge in revenue and retention of sizeable market share. Computer Usage policy is a document that provides guidelines that regulates the acceptable usage of these systems by end- users. The provision of these guidelines also serve as benchmark metrics in assessing the abuse or misuse of corporate information systems. These misuse and/or abuse are referred to as violations of computer usage in this study. 10 users, selected randomly from within each unit of a multi-lateral company, were observed for violations. Live computer forensics techniques utilizing EnCase, Microsoft reporting tools, WinHex, etc., were employed to investigate these violations. Notwithstanding the strict corporate policies, the study revealed that end-users virtually violated all computer usage policies. This paper further analyses and addresses the causes, effects and offers measures to mitigate computer usage violations.