Tools for protecting business operations Flashcards
SIEM is an acronym for?
Security Information and Event Management
What is a SIEM tools?
An application that collects and analyzes log data to monitor critical activities in an organization.
What is a log?
A record of events that occur within an organization’s systems.
What is a network protocol analyzer (packet sniffer)?
A network protocol analyzer is a tool designed to capture and analyze data traffic in a network
What is a playbook?
A playbook is a manual that provides details about any operational action, such as how to respond to a security incident. Organizations usually have multiple playbooks documenting processes and procedures for their teams to follow.
Name 2 types of playbooks?
Chain of custody, and protecting and preserving evidence
What is chain of custody?
Chain of custody is the process of documenting evidence possession and control during an incident lifecycle.
What is protecting and preserving evidence?
Protecting and preserving evidence is the process of properly working with fragile and volatile digital evidence.
What is the order of volatility?
A sequence outlining the order of data that must be preserved from first to last. It prioritizes volatile data, which is data that may be lost if the device in question powers off, regardless of the reason. While conducting an investigation, improper management of digital evidence can compromise and alter that evidence. When evidence is improperly managed during an investigation, it can no longer be used.
What is the first priority in any investigation?
preserving data. You can preserve the data by making copies and conducting your investigation using those copies.
