4.6 Policy and Privacy Concepts Flashcards
Explain the importance of prohibited content/activity and privacy, licensing, and policy concepts
Incident response
A set of procedures an investigator follows when examining a computer security incident
Incident management program
Monitoring and detection of security events on a computer network and the use of proper responses to those events
List the six components of an incident management program
- Preparation
- Identification
- Containment
- Eradication
- Recovery
- Lessons learned
Chain of custody
The record of evidence history from collection to court presentation and disposal
Specialised evidence bags
Ensure electronic media cannot be damaged or corrupted by electronic discharge
Faraday bag
Shields devices from outside signals to prevent data from being altered, deleted, or added to a new device
Legal hold
A preemptive measure aiming to preserve all relevant information when litigation is reasonably expected to occur
What system/hardware is needed to ensure a legal hold?
Spare hardware and good backups of systems
Data acquisition
A forensically sound copy of data is created from the source device
Order of volatility
Collecting evidence that could easily be tampered with or destroyed first
Give the order of volatility
- Registers and cache
- Routing tables, ARP caches, process tables and kernel statistics, and memory
- Temporary file systems
- Disks
- Remote logging and monitoring data
- Physical configurations and network topologies
- Archival media
When is the only time that registers and cache can be collected?
When the computer is powered on
When are the contents of the RAM lost?
If the computer is turned off
How would temporary files be destroyed?
By being overwritten during system operation
How can physical configuration and network topologies help with a forensic investigation?
They can provide context
Proprietary software
Original developer retains all rights and ownership of a software code,
where you pay them a fee and you receive a license in return
Give the two types of open-source license
Permissive and copy-left
Copyleft license
Users are legally bound to publicly provide the source code for any modifications made
Permissive license
Must give credit to the original developers but do not have to provide the modifications; can be modified for private or commercial use
Digital Rights Management
Ensures copy protection for music and video that is being used in an online or digital manner
What is the main consideration when classifying data?
Its value to the organisation and the sensitivity of the information were it to be disclosed
What is the highest level of data classification that can be released to the public?
Unclassified
What are the four lowest levels of data classification?
- Public
- Sensitive
- Private
- Confidential
What are the four highest levels of data classification?
- Controlled Unclassified Information
- Confidential
- Secret
- Top Secret