4.6 Policy and Privacy Concepts Flashcards

Explain the importance of prohibited content/activity and privacy, licensing, and policy concepts

1
Q

Incident response

A

A set of procedures an investigator follows when examining a computer security incident

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Incident management program

A

Monitoring and detection of security events on a computer network and the use of proper responses to those events

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

List the six components of an incident management program

A
  1. Preparation
  2. Identification
  3. Containment
  4. Eradication
  5. Recovery
  6. Lessons learned
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Chain of custody

A

The record of evidence history from collection to court presentation and disposal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Specialised evidence bags

A

Ensure electronic media cannot be damaged or corrupted by electronic discharge

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Faraday bag

A

Shields devices from outside signals to prevent data from being altered, deleted, or added to a new device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Legal hold

A

A preemptive measure aiming to preserve all relevant information when litigation is reasonably expected to occur

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What system/hardware is needed to ensure a legal hold?

A

Spare hardware and good backups of systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Data acquisition

A

A forensically sound copy of data is created from the source device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Order of volatility

A

Collecting evidence that could easily be tampered with or destroyed first

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Give the order of volatility

A
  1. Registers and cache
  2. Routing tables, ARP caches, process tables and kernel statistics, and memory
  3. Temporary file systems
  4. Disks
  5. Remote logging and monitoring data
  6. Physical configurations and network topologies
  7. Archival media
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

When is the only time that registers and cache can be collected?

A

When the computer is powered on

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

When are the contents of the RAM lost?

A

If the computer is turned off

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How would temporary files be destroyed?

A

By being overwritten during system operation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How can physical configuration and network topologies help with a forensic investigation?

A

They can provide context

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Proprietary software

A

Original developer retains all rights and ownership of a software code,
where you pay them a fee and you receive a license in return

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Give the two types of open-source license

A

Permissive and copy-left

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Copyleft license

A

Users are legally bound to publicly provide the source code for any modifications made

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Permissive license

A

Must give credit to the original developers but do not have to provide the modifications; can be modified for private or commercial use

20
Q

Digital Rights Management

A

Ensures copy protection for music and video that is being used in an online or digital manner

21
Q

What is the main consideration when classifying data?

A

Its value to the organisation and the sensitivity of the information were it to be disclosed

22
Q

What is the highest level of data classification that can be released to the public?

A

Unclassified

23
Q

What are the four lowest levels of data classification?

A
  1. Public
  2. Sensitive
  3. Private
  4. Confidential
24
Q

What are the four highest levels of data classification?

A
  1. Controlled Unclassified Information
  2. Confidential
  3. Secret
  4. Top Secret
25
Long-term retention
Moving data to an archive to prevent it being overwritten
26
Data preservation
Keeping information for a specific purpose outside of an organisation's data retention policy
27
What data should legally be backed up?
Any data that is legally required to be based on retention policies
28
Recovery Point Objective
The maximum amount of time that can be lost from a recovery after a disaster, failure, or comparable event before data loss will exceed what is acceptable to an organization
29
Health data
Data related to health conditions, reproductive outcomes, causes of death, or quality of life for individuals or the population
30
Financial data
Consists of pieces or sets of information related to the financial health of a business
31
Intellectual Property
A type of data that includes intangible creations of human intellect
32
Personally Identifiable Information
Any data that could potentially identify a specific individual
33
Payment Card Industry Data Security Standard
An agreement that any organisation that collects, stores, or processes credit card customer information must abide by
34
Data format
The organisation of information into preset structures of specifications
35
Give an example of structured data
CSV
36
Give an example of unstructured data
PowerPoint slides, emails etc.
37
Acceptable Use Policy
Defines the rules that restrict how a computer, network, or other systems may be used
38
Change management
Defines the structured way of changing the state of a computer system, network, or IT procedure
39
Separation of Duties
A preventative type of administration control; having more than one person to complete a task
40
Job rotation
Different users are trained to perform the tasks of the same position to help prevent and identify fraud that could occur if there was only one user with the job
41
Mandatory vacations
Require every employee to take a vacation at some point during the year
42
Change management
Defines the structured way of changing the state of a computer system, network, or IT procedure
43
Due diligence
Ensuring that IT infrastructure risks are known and managed properly
44
Due care
Mitigation actions that an organisation takes to defend against the risks that have been uncovered during due diligence
45
Due process
A legal term that refers to how an organisation must respect and safeguard personnel's rights
46
Who does due process protect and from what?
Citizens from their government; companies from lawsuits
47