Lesson 9 - Chapter 4: Compliance and Auditing Flashcards
Besides encryption, how else must IT professionals protect data? (3)
- handle it according to its classification
- enforcing user policies so data is handled appropriately in its use (at rest, transit, in use)
- apply classification to other software/hardware resources
What is data classification?
organizing data according to its sensitivity
(for larger organizations, government entities and strict government regulations apply)
What does using classification schemes allow employees/techs to know quickly? (2)
- what to do with documents
- what to do with drives containing documents
What are the 4 types of regulated data?
- Personally Identifiable Information (PII)
- Protected Health Information (PHI)
- Payment Card Industry (PCI)
- General Data Protection Regulation (GDPR)
What is PII?
Personally Identifiable Information
umbrella term for any data that can lead back to a specific individual
What is PHI?
Protected Health Information
any PII that involves a person’s health status, medical records, and healthcare services they received
What is PCI and what does it stand for?
Payment Card Industry
a rigorous set of rules for systems that accept, transmit, process, or store credit/debit card payments
What is GDPR?
General Data Protection Regulation
a new law that defines a broad set of rights and protections for the personal information of citizens living in countries in the European Union
What does compliance mean?
members of a company/organization must comply with all of the rules that apply to that company
(hardware, software, data, network access)
What’s the point of compliance in IT?
designed to stop users with insufficient technical skill or knowledge from installing malicious programs/applications
(keeps technical support calls down)
From a tech’s point of view, what’s the most common compliance issue?
software (what users can install or can’t)
You have a ___ ____ to use software in compliance with its license
legal obligation
How do you access software that released under a commercial license?
you have a legal obligation to pay money to access it
(before you could buy it, use it forever, sell it to someone, or give it away, etc but now it’s different as they want monthly fees)
What does a personal license grant you when you buy a monthly subscription to Microsoft 365?
enables you to share the software with several other people or accounts and use it on several of your personal machines
What does EULA stand for?
End User License Agreement
What is the EULA?
End User License Agreement
you agree when you open or install new software, obliged to use the copyright holder’s sharing guidelines
What does DRM stand for?
Digital Rights Management
What are you forbidden from doing if an application uses DRM?
the EULA forbids you from breaking, reverse-engineering, or removing the DRM protections
Many non-commercial licensing has variations. Like what?
Many non-commercial programs are only free for personal use, to use it at the office you need a commercial license
What does open source software license allow you to do?
allows you to take the original code and modify it
(some require you to make the modified code free to download, others no)
What is closed source software? What does it not allow you to do?
you cannot modify the source code or make it part of some other software suite
Not all open-source programs are ___
free
(compiled, ready-to-run versions may carry a price tag)
A tech must know the specific licenses their company paid for and ensure that that company….
abides by those licenses
What is shareware?
(besides another software distribution method)
software you’re free to use, but if you find it useful and continue to use it the owner asks you to pay a fee
(software may expire after a period or unlock features after paying)
What is pay-to-win gaming?
the basic game is free but you buy helper items to make the game more winnable
(or make it ad-supported with ads that nag you to pay)
If your security policies enable logging, where can you access them?
via Event Viewer
To unlock the full potential of Event Viewer, you need to set up …..?
auditing
What is auditing?
tell Windows to create an entry in the Security Log when certain events happen
What is event auditing?
Windows creates a Security log when a user logs on
What is object access auditing?
Windows creates a Security log when a user tries to access a certain file or folder
How do you turn auditing policies on/off at a local level?
Local Security Policy (secpol)
2. Select ‘Local Policies’
3. click ‘Audit Policy’
4. Double-click one of the policies, select one or both of the checkboxes in dialog
Where are Event Viewer logs stored?
%SystemRoot%\System32\Config
What is incident reporting?
using documentation/documentation changes to report a system or network problem to a supervisor
Do you need to do incident reporting?
Yes!
What are 2 benefits that incident reporting provides?
- Provides a record of your work
- Provides information that can be combined with other data to reveal patterns or bigger problems to someone higher up the chain
What is an AUP?
Acceptable Use Policy
defines what actions an employee may or may not perform on company equipment
(employees must sign this)
What kinds of devices does an AUP cover?
computers, phones, printers, network
What policy defines the handling of passwords, email and many other issues?
Acceptable Use Policy (AUP)
What’s an incident response leader?
who you report any prohibited actions or content to (don’t speak to the person making the infraction unless OK’d by supervisor)
What is chain of custody? What is it used for? (2)
a documented history of who has been in possession of the system
used for tracking of evidence/documenting
What are the 3 fairly common rules to chain of custody steps?
- Isolate the system (store somewhere with no access)
- Document when you took control of system and actions took (shutting down, moving it, etc) to track the location
- If another person takes control of system, document transfer of custody
