Privacy, Licensing and Policies( Comptia Objective 4.6) Flashcards
1
Q
What are the various steps involved in Incident Response: First Response?
A
- Identify the issues( logs, in person, monitoring data)
- Report to the proper channels( Don’t delay)
- Collect and protect information relating to the event. Many different data sources and protection mechanisms.
2
Q
How do you go about documenting a First Response?
A
- Documentation must be available( No questions)
- Gather as much information as possible( Written notes, pictures etc)
- Documentation always changes.( Constant updating, have a process in place, use the wiki model)
3
Q
Why is Incident Response: Chain of Custody so important how does it work?
A
- Control evidence( Maintain integrity)
- Everyone who contacts the evidence must be listed on the evidence ( Avoid tampering, use hashes)
- Label and catalog everything. ( Seal, store and protect). Use digital signatures.
4
Q
What are some different types of Licensing/ EULA’s?
A
- Closed source / Commercial. Source code is private, End user get’s compiled executable.
- Free and Open Source(FOSS). Source code is freely available. End user can compile their own executable.
- End User Licensing Agreement. Determines how the software can be used.
- Digital Rights Management(DRM) Used to manage the use of software.
5
Q
What are some different types of licenses?
A
- Personal license. Designed for the home user. Usually associated with a single device or small group of devices owned by the same person. Is a perpetual( one time) purchase.
- Enterprise License(Per seat purchase / site license)
The software can be installed everywhere. Usually involves annual renewals.
6
Q
What is PII? What does it stand for and what does it mean?
A
- Personally Identifiable Information. Basically any data that can ID an individual. Part of your privacy policy - How will you handle PII?
- Not everyone realizes the importance of this data. It becomes a “normal” part of the day. It can be easy to forget it’s importance. This data needs to be respected and protected.
- In July 2015 - US Office of Personnel Management(OPM) compromised PII including names ,Social Security Numbers, data of births, job assignments etc. Approximately 21.5 million people were affected.
7
Q
What is PCI DSS? What does it do?
A
- Payment Card Industry Data Security Standard( PCI DSS) a standard for protecting credit cards.
- Six control objectives :
1. Build and Maintain a Secure Network and Systems
2. Protect Cardholder data
3. Maintain a Vulnerability Management Program
4. Implement Strong Access Control Measures
5. Regularly Monitor and Test Networks
6. Maintain an information Security Policy.
8
Q
What is GDPR? What does it stand for and what does it do?
A
- General Data Protection Regulation( GDPR) is a European Union Regulation that provides data protection and privacy for individuals in the EU.
- Name, address, photo, email address, bank details, posts on social networking websites, medical information, a computer’s IP address etc.
- Gives individuals the right to control their personal data( A right to be forgotten)
- Site privacy data. Details all of the privacy rights for a user.
9
Q
What is PHI? What does it stand for and what does it do?
A
- Protected Health Information( Health information associated with an individual such as health status, health care records, payments for health care, and much more
- Data between providers must maintain similar security requirements.
- In the US this is regulated by HIPPA( Health Insurance Portability and Accountability Act of 1996.
10
Q
What are policies and best practices when it comes to IT?
A
- Policies such as general IT guidelines determine how much technology should be used.
- Provides processes for handling important technology decisions.
- Security best practices include some security techniques that are accepted standards.
- Covers both processes and technologies. These include practices such as making sure you have a firewall. Using WPA2 encryption, using strong passwords.
- Asking yourself what happens in the event of a breach?
