Process Mining in Forensics

GDPR has increased the awareness about data privacy but also security questions. Companies have started to do data risk assessments, look at where their data is stored, who has access to the data, etc.

Within IT Security, there are preventive measures like risk analyses and security assessments. Investigations of what has happened after a fraud, hack, or other incident are called ‘forensics’ (after the scientific methods of solving crimes).

In the latest Process Mining Café, we talked with Lucas Vousten and Vincenzo Salden about process mining in a security audit and forensics context. They discussed the most common errors that companies make, and, step by step, we went through their analysis of a ransomware attack with process mining. If you missed the live broadcast or want to re-watch the café, you can now watch the recording here.

Thanks again to Lucas and Vincenzo and all of you for joining us!

Here are the links that we mentioned during the session:

After the café, Lucas also put the following seven fundamental principles together for you:

  1. Identification of Crown jewels. Identify all critical assets (information and systems) in your organization.
  2. Identify vulnerabilities. Scan all your IT components for known vulnerabilities and make a risk analysis based on availability, integrity, and confidentiality.
  3. Use safe settings. Check the settings of equipment, software, and network and Internet connections. Adjust default settings and look critically at features and services that are automatically ‘on’.
  4. Perform periodic updates. Ensure devices and software are up to date. Install security updates immediately. Turn on automatic updates so that your devices and software always run on the latest version.
  5. Restrict access. Define for each user which systems and data access are required to work. Make sure that access rights are adjusted in a timely manner if someone gets a new position or leaves the company.
  6. Prevent viruses and other malware. There are a few ways to prevent malware: Encourage safe employee behavior, use antivirus/anti-malware programs, download apps safely, and limit software installation.
  7. Incident Response Plan. Be sure to have a well-prepared contingency plan if anything goes wrong (including disaster recovery, insurance, communication, etc.).

Contact us via if you have questions or suggestions for the café anytime.

Anne Rozinat

Anne Rozinat

Market, customers, and everything else

Anne knows how to mine a process like no other. She has conducted a large number of process mining projects with companies such as Philips Healthcare, Océ, ASML, Philips Consumer Lifestyle, and many others.