Chapter 11 Implementing Policies to Mitigate Risks
memdump
A Linux command-line utility that can dump physical and kernel memory contents to both local storage and network locations.
Chain of Custody
Digital forensics element which provides assurances that evidence has been controlled and appropriately handled after collection. Describes who handled the evidence and when. Completed after evidence is first collected.
Measurement Systems Analysis (MSA)
Evaluates the data collection and statistical methods used by a quality management process to ensure they don't create errors
Playbook
a checklist of things to check for suspected incidents in SOAR
Non-Disclosure Agreement (NDA)
a legal contract between two entities which ensures that proprietary data is not disclosed to unauthorized entities.
Separation of Duties
a security principle that prevents any single person or entity from being able to complete all the functions of a critical or sensitive process. Helps prevent fraud, theft, and errors.
Gamification
a way to get users interested in training materials by incentivizing them with prizes and rewards.
Business Partners Agreement (BPA)
agreement that details the relationship between business partners including their obligations towards the partnership.
Supply Chain
all the elements required to produce and sell products and services. Vulnerabilities here can impact the primary organization.
Service Level Agreement (SLA)
an agreement between a company and a vendor that specifies performance expectations such as minimum uptime, response time, etc.
Memorandum of Understanding (MOU)
an agreement between two or more parties indicating their intention to work together toward a common goal.
Job Rotation
concept that has employees rotate through different jobs to learn the processes and procedures in each job. Helps prevent or expose dangerous shortcuts or fraudulent activity
dd
data duplicator - old disk imaging tool available on both Windows and Linux
Data masking
data protection method which hides sensitive data by permanently replacing it with fake data.
Data anonymization
data protection method which removes all PII within a data set to protect the privacy of individuals
Pseudo-Anonymization
data protection method which replaces PII and other data with pseudonyms or artificial identifiers Example: Eric-->Z3
Data tokenization
data protection method which replaces sensitive data with a token. A tokenization system can convert the token back to its original form. Example: Credit card on phone
Data minimization
data protection method which requires organizations to limit the information they collect and use from users.
Acceptable Use Policy (AUP)
describes the purpose of computer systems and networks, how users can access them, and the responsibilities of users when they access the systems.
Runbook
implements the SOAR playbook to take action on incidents
Mandatory Vacations
policy which forces employees to take time away from their job. Used to detect when employees are involved in malicious activity such as fraud or embezzlement
Least Privilege
security principle which specifies that individuals and processes are granted only the privileges needed to perform assigned tasks or functions.
autopsy
the GUI used to interact with tools in the Sleuth Kit
Provenance
the act of tracing data back to where it originated. Examples: Hashing, checksums
Data protection officer
the entity responsible for ensuring the organization is complying with all data protection laws.
Data custodian
the entity responsible for routine daily tasks such as backing up data, storing data, and implementing business rules.
Data controller
the entity that determines why and how personal data should be processed.
Data processor
the entity that uses and manipulates the data on behalf of the data controller
Data owner
the entity who ensures adequate security controls are in place to protect data
Order of Volatility
the order in which evidence should be collected based on the permanence of data. Order from most to least volatile: Cache RAM Swap/Pagefile Hard Drive Attached devices Network data
FTK Imager
tool used to capture an image of a disk as a single file or multiple files and save the image in various formats.
Secure Orchestration Automation, and Response (SOAR)
tools used to respond to low-level security threats automatically which frees up admins to focus on other tasks. Example: Email filter