4.6 Policy and Privacy Concepts Flashcards
Explain the importance of prohibited content/activity and privacy, licensing, and policy concepts
Incident response
A set of procedures an investigator follows when examining a computer security incident
Incident management program
Monitoring and detection of security events on a computer network and the use of proper responses to those events
List the six components of an incident management program
- Preparation
- Identification
- Containment
- Eradication
- Recovery
- Lessons learned
Chain of custody
The record of evidence history from collection to court presentation and disposal
Specialised evidence bags
Ensure electronic media cannot be damaged or corrupted by electronic discharge
Faraday bag
Shields devices from outside signals to prevent data from being altered, deleted, or added to a new device
Legal hold
A preemptive measure aiming to preserve all relevant information when litigation is reasonably expected to occur
What system/hardware is needed to ensure a legal hold?
Spare hardware and good backups of systems
Data acquisition
A forensically sound copy of data is created from the source device
Order of volatility
Collecting evidence that could easily be tampered with or destroyed first
Give the order of volatility
- Registers and cache
- Routing tables, ARP caches, process tables and kernel statistics, and memory
- Temporary file systems
- Disks
- Remote logging and monitoring data
- Physical configurations and network topologies
- Archival media
When is the only time that registers and cache can be collected?
When the computer is powered on
When are the contents of the RAM lost?
If the computer is turned off
How would temporary files be destroyed?
By being overwritten during system operation
How can physical configuration and network topologies help with a forensic investigation?
They can provide context
Proprietary software
Original developer retains all rights and ownership of a software code,
where you pay them a fee and you receive a license in return
Give the two types of open-source license
Permissive and copy-left
Copyleft license
Users are legally bound to publicly provide the source code for any modifications made
Permissive license
Must give credit to the original developers but do not have to provide the modifications; can be modified for private or commercial use
Digital Rights Management
Ensures copy protection for music and video that is being used in an online or digital manner
What is the main consideration when classifying data?
Its value to the organisation and the sensitivity of the information were it to be disclosed
What is the highest level of data classification that can be released to the public?
Unclassified
What are the four lowest levels of data classification?
- Public
- Sensitive
- Private
- Confidential
What are the four highest levels of data classification?
- Controlled Unclassified Information
- Confidential
- Secret
- Top Secret
Long-term retention
Moving data to an archive to prevent it being overwritten
Data preservation
Keeping information for a specific purpose outside of an organisation’s data retention policy
What data should legally be backed up?
Any data that is legally required to be based on retention policies
Recovery Point Objective
The maximum amount of time that can be lost from a recovery after a disaster, failure, or comparable event before data loss will exceed what is acceptable to an organization
Health data
Data related to health conditions, reproductive outcomes, causes of death, or quality of life for individuals or the population
Financial data
Consists of pieces or sets of information related to the financial health of a business
Intellectual Property
A type of data that includes intangible creations of human intellect
Personally Identifiable Information
Any data that could potentially identify a specific individual
Payment Card Industry Data Security Standard
An agreement that any organisation that collects, stores, or processes credit card customer information must abide by
Data format
The organisation of information into preset structures of specifications
Give an example of structured data
CSV
Give an example of unstructured data
PowerPoint slides, emails etc.
Acceptable Use Policy
Defines the rules that restrict how a computer, network, or other systems may be used
Change management
Defines the structured way of changing the state of a computer system, network, or IT procedure
Separation of Duties
A preventative type of administration control; having more than one person to complete a task
Job rotation
Different users are trained to perform the tasks of the same position to help prevent and identify fraud that could occur if there was only one user with the job
Mandatory vacations
Require every employee to take a vacation at some point during the year
Change management
Defines the structured way of changing the state of a computer system, network, or IT procedure
Due diligence
Ensuring that IT infrastructure risks are known and managed properly
Due care
Mitigation actions that an organisation takes to defend against the risks that have been uncovered during due diligence
Due process
A legal term that refers to how an organisation must respect and safeguard personnel’s rights
Who does due process protect and from what?
Citizens from their government; companies from lawsuits
