02. Incident Investigation and Evaluation (478)

Question 1

External Legal Counsel

Retaining outside legal counsel through contract agreement to provide legal advise in relation to security incidents

478

Question 2

Cyber-Insurance

It is possible to transfer risk through insurance but organisations have a responsibility to read small print and understand the requirements they must meet to validate insurance.
Insurance companies will not pay out if proven that neccessary controls were not put in place to minimise the likliehood or impact.

478

Question 3

Dwell Time

The time that elapses betwen the beginning of an incident and the moment the organisation is aware

479

Question 4

Chain of Custody

Chain of custody documents in detail how and when evidence is protected against tampering through every step of the investigation

481

Question 5

Forensic Proceedings

Senior Management must make a call as early as possible into an incident if they wish to involve forensic investigations. Forensic procedures can consume significant resources that slow down incident response.

482

Question 6

Service Provider Incidents

Organistaions need to develop plans that include procedures for when an incident occurs in a service providers environment

483