Ch11: Implementing Policies to Mitigate Risks Flashcards
Written security policies are
administrative controls that identify a security plan
Personnel create plans and procedures to
implement security controls and enforce the security policies
Mandatory vacation policies
require employees to take time away from their job to help deter fraud and discover malicious activities while the employee is away
Separation of duties
prevents any single person or entity from controlling all the functions of a critical or sensitive process by dividing the tasks between employees. This helps prevent potential fraud (e.g. single person prints and signs checks)
Job rotation policies
require employees to change roles on a regular basis. This helps ensure that employees cannot continue with fraudulent activity indefinitely
Clean desk policy
requires users to organize their areas to reduce the risk of possible data theft. Reminds users to secure sensitive data and may include a statement about not writing down passwords
Background checks
investigate the history of an individual prior to employment
When an individual departs an organization, sometimes a _ is conducted
exit interview
Improper use of social networking can result in…
inadvertent information disclosure
_ occurs when users install P2P software and unintentionally share files
Data leakage
Organizations often block P2P software…
at the firewall
MOU/MOA
Memorandum of understanding or memorandum of agreement defines responsibilities of each party, but is not as strict as a SLA (service level agreement) or ISA (interconnection security agreement)
If the parties will be handling sensitive data, they should include a…
ISA to ensure strict guidelines are in place to protect the data while in transit
A MOU/MOA often supports a..
ISA
Public data…
is available to anyone
Confidential data…
is kept secret among a certain group of people
Proprietary data…
is data related to ownership, such as patents or trade secrets
Private data…
is information about individuals that should remain private
Data classifications and data labeling help ensure…
personnel apply the proper security controls to protect information
Cluster tip wiping
is a special process that removes the random data stored at the end of a file (can sanitize files stored on a system preventing random, possibly proprietary data showing up in this area)
Owner
has overall responsibility for protection of data
Steward or custodian
handles routine tasks to protect data
Privacy officer
an executive responsible for ensuring the organization complies with relevant laws
An incident response policy defines
a security incident and incident response procedures
Incident response procedures start with
preparation to prepare for and prevent incidents
_ allows personnel to analyze the incident and the response with the goal of preventing a future occurence
reviewing lessons learned
When collecting data for a forensic analysis, you should…
collect it from the most volatile to the least volatile. Order of volatility is cache, RAM, swap, hard drive, logs on remote systems, archived media
Forensic image
bit-by-bit copy of the data that does not modify the data during the capture
A chain of custody provides
assurances that evidence has been controlled and handled properly after its collection. It documents who handled the evidence and when they handled it
Legal hold
court order to preserve data as evidence
Role-based training
ensures that employees receive appropriate training based on their roles in the organization
Common roles that require role-based training
data owners, system admins, system owners, end users, privileged users, executive users
