Lesson 9 - Chapter 4: Compliance and Auditing

Question 1

Besides encryption, how else must IT professionals protect data? (3)

Answer 1

1. handle it according to its classification
2. enforcing user policies so data is handled appropriately in its use (at rest, transit, in use)
3. apply classification to other software/hardware resources

Question 2

What is data classification?

Answer 2

organizing data according to its sensitivity

(for larger organizations, government entities and strict government regulations apply)

Question 3

What does using classification schemes allow employees/techs to know quickly? (2)

Answer 3

1. what to do with documents
2. what to do with drives containing documents

Question 4

What are the 4 types of regulated data?

Answer 4

1. Personally Identifiable Information (PII)
2. Protected Health Information (PHI)
3. Payment Card Industry (PCI)
4. General Data Protection Regulation (GDPR)

Question 5

What is PII?

Answer 5

Personally Identifiable Information

umbrella term for any data that can lead back to a specific individual

Question 6

What is PHI?

Answer 6

Protected Health Information

any PII that involves a person’s health status, medical records, and healthcare services they received

Question 7

What is PCI and what does it stand for?

Answer 7

Payment Card Industry

a rigorous set of rules for systems that accept, transmit, process, or store credit/debit card payments

Question 8

What is GDPR?

Answer 8

General Data Protection Regulation

a new law that defines a broad set of rights and protections for the personal information of citizens living in countries in the European Union

Question 9

What does compliance mean?

Answer 9

members of a company/organization must comply with all of the rules that apply to that company

(hardware, software, data, network access)

Question 10

What’s the point of compliance in IT?

Answer 10

designed to stop users with insufficient technical skill or knowledge from installing malicious programs/applications

(keeps technical support calls down)

Question 11

From a tech’s point of view, what’s the most common compliance issue?

Answer 11

software (what users can install or can’t)

Question 12

You have a ___ ____ to use software in compliance with its license

Answer 12

legal obligation

Question 13

How do you access software that released under a commercial license?

Answer 13

you have a legal obligation to pay money to access it

(before you could buy it, use it forever, sell it to someone, or give it away, etc but now it’s different as they want monthly fees)

Question 14

What does a personal license grant you when you buy a monthly subscription to Microsoft 365?

Answer 14

enables you to share the software with several other people or accounts and use it on several of your personal machines

Question 15

What does EULA stand for?

Answer 15

End User License Agreement

Question 16

What is the EULA?

Answer 16

End User License Agreement
you agree when you open or install new software, obliged to use the copyright holder’s sharing guidelines

Question 17

What does DRM stand for?

Answer 17

Digital Rights Management

Question 18

What are you forbidden from doing if an application uses DRM?

Answer 18

the EULA forbids you from breaking, reverse-engineering, or removing the DRM protections

Question 19

Many non-commercial licensing has variations. Like what?

Answer 19

Many non-commercial programs are only free for personal use, to use it at the office you need a commercial license

Question 20

What does open source software license allow you to do?

Answer 20

allows you to take the original code and modify it

(some require you to make the modified code free to download, others no)

Question 20

What is closed source software? What does it not allow you to do?

Answer 20

you cannot modify the source code or make it part of some other software suite

Question 21

Not all open-source programs are ___

Answer 21

free

(compiled, ready-to-run versions may carry a price tag)

Question 22

A tech must know the specific licenses their company paid for and ensure that that company….

Answer 22

abides by those licenses

Question 23

What is shareware?

(besides another software distribution method)

Answer 23

software you’re free to use, but if you find it useful and continue to use it the owner asks you to pay a fee

(software may expire after a period or unlock features after paying)

Question 24

What is pay-to-win gaming?

Answer 24

the basic game is free but you buy helper items to make the game more winnable

(or make it ad-supported with ads that nag you to pay)

Question 25

If your security policies enable logging, where can you access them?

Answer 25

via Event Viewer

Question 26

To unlock the full potential of Event Viewer, you need to set up …..?

Answer 26

auditing

Question 27

What is auditing?

Answer 27

tell Windows to create an entry in the Security Log when certain events happen

Question 28

What is event auditing?

Answer 28

Windows creates a Security log when a user logs on

Question 29

What is object access auditing?

Answer 29

Windows creates a Security log when a user tries to access a certain file or folder

Question 30

How do you turn auditing policies on/off at a local level?

Answer 30

Local Security Policy (secpol)
2. Select ‘Local Policies’
3. click ‘Audit Policy’
4. Double-click one of the policies, select one or both of the checkboxes in dialog

Question 31

Where are Event Viewer logs stored?

Answer 31

%SystemRoot%\System32\Config

Question 32

What is incident reporting?

Answer 32

using documentation/documentation changes to report a system or network problem to a supervisor

Question 33

Do you need to do incident reporting?

Answer 33

Yes!

Question 34

What are 2 benefits that incident reporting provides?

Answer 34

1. Provides a record of your work
2. Provides information that can be combined with other data to reveal patterns or bigger problems to someone higher up the chain

Question 35

What is an AUP?

Answer 35

Acceptable Use Policy

defines what actions an employee may or may not perform on company equipment

(employees must sign this)

Question 36

What kinds of devices does an AUP cover?

Answer 36

computers, phones, printers, network

Question 37

What policy defines the handling of passwords, email and many other issues?

Answer 37

Acceptable Use Policy (AUP)

Question 38

What’s an incident response leader?

Answer 38

who you report any prohibited actions or content to (don’t speak to the person making the infraction unless OK’d by supervisor)

Question 39

What is chain of custody? What is it used for? (2)

Answer 39

a documented history of who has been in possession of the system

used for tracking of evidence/documenting

Question 40

What are the 3 fairly common rules to chain of custody steps?

Answer 40

1. Isolate the system (store somewhere with no access)
2. Document when you took control of system and actions took (shutting down, moving it, etc) to track the location
3. If another person takes control of system, document transfer of custody