4.6 Policy and Privacy Concepts

Question 1

Incident response

Answer 1

A set of procedures an investigator follows when examining a computer security incident

Question 2

Incident management program

Answer 2

Monitoring and detection of security events on a computer network and the use of proper responses to those events

Question 3

List the six components of an incident management program

Answer 3

1. Preparation
2. Identification
3. Containment
4. Eradication
5. Recovery
6. Lessons learned

Question 4

Chain of custody

Answer 4

The record of evidence history from collection to court presentation and disposal

Question 5

Specialised evidence bags

Answer 5

Ensure electronic media cannot be damaged or corrupted by electronic discharge

Question 6

Faraday bag

Answer 6

Shields devices from outside signals to prevent data from being altered, deleted, or added to a new device

Question 7

Legal hold

Answer 7

A preemptive measure aiming to preserve all relevant information when litigation is reasonably expected to occur

Question 8

What system/hardware is needed to ensure a legal hold?

Answer 8

Spare hardware and good backups of systems

Question 9

Data acquisition

Answer 9

A forensically sound copy of data is created from the source device

Question 10

Order of volatility

Answer 10

Collecting evidence that could easily be tampered with or destroyed first

Question 11

Give the order of volatility

Answer 11

1. Registers and cache
2. Routing tables, ARP caches, process tables and kernel statistics, and memory
3. Temporary file systems
4. Disks
5. Remote logging and monitoring data
6. Physical configurations and network topologies
7. Archival media

Question 12

When is the only time that registers and cache can be collected?

Answer 12

When the computer is powered on

Question 13

When are the contents of the RAM lost?

Answer 13

If the computer is turned off

Question 14

How would temporary files be destroyed?

Answer 14

By being overwritten during system operation

Question 15

How can physical configuration and network topologies help with a forensic investigation?

Answer 15

They can provide context

Question 16

Proprietary software

Answer 16

Original developer retains all rights and ownership of a software code,
where you pay them a fee and you receive a license in return

Question 17

Give the two types of open-source license

Answer 17

Permissive and copy-left

Question 18

Copyleft license

Answer 18

Legally bound to publicly provide the source code for modifications

Question 19

Permissive license

Answer 19

Must give credit to the original developers but do not have to provide the modifications; can be modified for private or commercial use

Question 20

Digital Rights Management

Answer 20

Ensures copy protection for music and video that is being used in an online or digital manner

Question 21

What is the main consideration when classifying data?

Answer 21

Its value to the organisation and the sensitivity of the information were it to be disclosed

Question 22

What is the highest level of data classification that can be released to the public?

Answer 22

Unclassified

Question 23

What are the four lowest levels of data classification?

Answer 23

1. Public
2. Sensitive
3. Private
4. Confidential

Question 24

What are the four highest levels of data classification?

Answer 24

6. Controlled Unclassified Information
7. Confidential
8. Secret
9. Top Secret

Question 25

Long-term retention

Answer 25

Moving data to an archive to prevent it being overwritten

Question 26

Data preservation

Answer 26

Keeping information for a specific purpose outside of an organisation’s data retention policy

Question 27

What data should legally be backed up?

Answer 27

Any data that is legally required to be based on retention policies

Question 28

Recovery Point Objective

Answer 28

The maximum amount of time that can be lost from a recovery after a disaster, failure, or comparable event before data loss will exceed what is acceptable to an organization

Question 29

Health data

Answer 29

Data related to health conditions, reproductive outcomes, causes of death, or quality of life for individuals or the population

Question 30

Financial data

Answer 30

Consists of pieces or sets of information related to the financial health of a business

Question 31

Intellectual Property

Answer 31

A type of data that includes intangible creations of human intellect

Question 32

Personally Identifiable Information

Answer 32

Any data that could potentially identify a specific individual

Question 33

Payment Card Industry Data Security Standard

Answer 33

An agreement that any organisation that collects, stores, or processes credit card customer information must abide by

Question 34

Data format

Answer 34

The organisation of information into preset structures of specifications

Question 35

Give an example of structured data

Answer 35

CSV

Question 36

Give an example of unstructured data

Answer 36

PowerPoint slides, emails etc.

Question 37

Acceptable Use Policy

Answer 37

Defines the rules that restrict how a computer, network, or other systems may be used

Question 38

Change management

Answer 38

Defines the structured way of changing the state of a computer system, network, or IT procedure

Question 39

Separation of Duties

Answer 39

A preventative type of administration control; having more than one person to complete a task

Question 40

Job rotation

Answer 40

Different users are trained to perform the tasks of the same position to help prevent and identify fraud that could occur if there was only one user with the job

Question 41

Mandatory vacations

Answer 41

Require every employee to take a vacation at some point during the year

Question 42

Change management

Answer 42

Defines the structured way of changing the state of a computer system, network, or IT procedure

Question 43

Due diligence

Answer 43

Ensuring that IT infrastructure risks are known and managed properly

Question 44

Due care

Answer 44

Mitigation actions that an organisation takes to defend against the risks that have been uncovered during due diligence

Question 45

Due process

Answer 45

A legal term that refers to how an organisation must respect and safeguard personnel’s rights

Question 46

Who does due process protect and from what?

Answer 46

Citizens from their government; companies from lawsuits