CCSP Domain 6 : Legal Hold and eDiscovery

Question 1

What does e-discovery typically involve?

Answer 1

identification, collection and production of data related to a case and legal holds

Question 2

What is the recommended action for a business when it faces a need for eDiscovery activity?

Answer 2

hiring an expert consultant who is licensed for this purpose

Question 3

What is eDiscovery (electronic Discovery)?

Answer 3

process of identifying and obtaining electronic evidence for either prosecutorial or litigation purposes

Question 4

What are the tools that aid with the process of eDiscovery?

Answer 4

1. some cloud providers offer SaaS eDiscovery solutions in the form of cloud-based applications that can perform searches and collection of pertinent data (provider’s own cloud data center for its own customers)
2. host-based tools that can be used to locate applicable information on specific machines (both HW and virtualized)

Question 5

What is the most significant barrier to eDiscovery efforts in organizations that make heavy use of many different cloud services?

Answer 5

coordinating multiple providers that might have relevant records

Question 6

I Preserve Collected Policies Rendered Absolutely Pointless

What are the seven main steps for eDiscovery?

Answer 6

1. ESI identification
2. preservation
3. collection
4. processing
5. review
6. analysis
7. production

Question 7

The Cloud Security Alliance points to a number of key areas to consider during e-discovery. What is most likely to drive higher costs in a cloud environment when the organization is operating under a litigation hold?

Answer 7

storage duration; cloud storage is typically billed by quantity and time

Question 8

What is the first concern for discovery and legal hold scenarios?

Answer 8

identify the data that the hold request or discovery requires

Question 9

What do legal holds require organizations to do with relevant data?

Answer 9

identify and preserve data that meets the hold’s scope

Question 10

Organization preserved data due to a legal hold, but the data has hit the end of its retention timeframe due to statutory requirements. What should be done to the data?

Answer 10

continue to preserve the data to meet the legal hold requirements - legal holds normally take precedence over other deletion requirements

Question 11

Why is a legal hold drive for retention process?

Answer 11

because it may require deviation from the organizational’s normal process for data retention and destruction

Question 12

When does a legal hold typically occur?

Answer 12

organization is notified that either (a) law enforcement or regulatory entity is commencing an investigation or (b) private entity is commencing litigation against the organization

Question 13

What organizational policy often accounts for legal holds?

Answer 13

retention policies often include language that addresses legal holds because holds can impact retention practices and requirements

Question 14

eDiscovery is specifically intended to ensure compliance with what?

Answer 14

ensure compliance with litigation hold obligations

Question 15

What is the initial phase of eDiscovery process?

Answer 15

legal hold

Question 16

What does ESI stand for?

Answer 16

electronically stored information

Question 17

When is eDiscovery is commonly used?

Answer 17

when there is a civil litigation to gather evidence for both plaintiffs and defendants

Question 18

What happens during the Production phase of eDiscovery?

Answer 18

relevant ESI is produced in a format suitable for legal proceedings, regulatory submissions, or investigations

Question 19

Which ISO standard provides guidance for eDiscovery programs?

Answer 19

ISO 27050

Question 20

What are the e-discovery challanges/complexities in the cloud?

Answer 20

1. organization investigating an incident may lack the ability to compel the CSP to turn over vital information needed to investigate
2. information may be housed in a country where jurisdictional issues make the data more difficult to access
3. maintaining a chain of custody is more difficult since the are more entities involved in the process

Question 21

Before migrating to cloud, at what phase should be eDiscovery considered as a security requirement?

Answer 21

when considering a cloud vendor, during the selection and contract negotiation phases; otherwise CSP may not cooperate to aid with eDiscovery

Question 22

What are important considerations for eDiscovery in the cloud that can be handled proactively?

Answer 22

data residency and system architecture - such as when designing or deploying a system or business process

Question 23

Why is the burden of recording and preserving potential evidence shift to the customer?

Answer 23

CSPs may not preserve essential data for the required period of time to support historical investigations; they may not even log all the data relevant to support an investigation