LITIGATION SUPPORT TIP OF THE NIGHT

Windows 10 and earlier versions of Windows include Windows File Protection, which helps to prevent the corruption of system files. When protected files change directories, Windows File Protection (working in the background) will check the file against a file signature catalog. A cache of backup files is kept at C:\Windows\System32\dllcache. Bad system files will be replaced.

If you run the command:

sfc /scannow

. . . in the System32 folder, the utility System File Checker will perform a comprehensive search for any corrupted system files and replace any it finds with the backups stored in the cache folder.

The Australian government's Information Security Registered Assessors Program (IRAP) provides cyber security guidelines. Assessors identify security deficiencies and then evaluate compliance with corrective measures.

The program has four key principles:

1. Govern - IRAP recommends organizations hire a chief information security officer, and that cyber security be considered part of the risk management framework.

2. Protect - information should be encrypted at rest and while in transit between systems, and applications should have their attack surface limited.

3. Detect - Both breaches and 'anomalous activities' should be recorded and analyzed quickly.

4. Respond - Incidents should be reported both internally and to security regulatory agencies.

The UK's G-Cloud programme is a digital marketplace where British government agencies can acquire cloud computing services. The UK has a 'cloud first' policy which requires that agencies purchase cloud based IT services, unless the alternatives are cheaper. The current framework agreement, G-Cloud 11, bans providers from disclosing confidential information without written consent, and information can only be disclosed to the cloud service provider's staff to the extent that it is necessary under the agreement. The supplier has to notify the government agency about security breaches immediately. Unless the law provides otherwise, data has to be deleted 7 years after the framework contract ends. The framework includes a separate schedule addressing the processing of data.

Providers listed on the G-Cloud are not required to have a specific cyber security certification, but the National Cyber Security Centre's Cyber Essentials Certification is recommended. This advises organizations to use a firewall; two factor authentication; Windows Defender to protect against malware; whitelisting (having an admin restrict installed applications to a pre-approved list); and use applications that allow for sandboxing - or the running of the software in an isolated environment with limited access to network data.