Chapter 11 Implementing Policies to Mitigate Risks

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

memdump

A Linux command-line utility that can dump physical and kernel memory contents to both local storage and network locations.

Chain of Custody

Digital forensics element which provides assurances that evidence has been controlled and appropriately handled after collection. Describes who handled the evidence and when. Completed after evidence is first collected.

Measurement Systems Analysis (MSA)

Evaluates the data collection and statistical methods used by a quality management process to ensure they don't create errors

Playbook

a checklist of things to check for suspected incidents in SOAR

Non-Disclosure Agreement (NDA)

a legal contract between two entities which ensures that proprietary data is not disclosed to unauthorized entities.

Separation of Duties

a security principle that prevents any single person or entity from being able to complete all the functions of a critical or sensitive process. Helps prevent fraud, theft, and errors.

Gamification

a way to get users interested in training materials by incentivizing them with prizes and rewards.

Business Partners Agreement (BPA)

agreement that details the relationship between business partners including their obligations towards the partnership.

Supply Chain

all the elements required to produce and sell products and services. Vulnerabilities here can impact the primary organization.

Service Level Agreement (SLA)

an agreement between a company and a vendor that specifies performance expectations such as minimum uptime, response time, etc.

Memorandum of Understanding (MOU)

an agreement between two or more parties indicating their intention to work together toward a common goal.

Job Rotation

concept that has employees rotate through different jobs to learn the processes and procedures in each job. Helps prevent or expose dangerous shortcuts or fraudulent activity

dd

data duplicator - old disk imaging tool available on both Windows and Linux

Data masking

data protection method which hides sensitive data by permanently replacing it with fake data.

Data anonymization

data protection method which removes all PII within a data set to protect the privacy of individuals

Pseudo-Anonymization

data protection method which replaces PII and other data with pseudonyms or artificial identifiers Example: Eric-->Z3

Data tokenization

data protection method which replaces sensitive data with a token. A tokenization system can convert the token back to its original form. Example: Credit card on phone

Data minimization

data protection method which requires organizations to limit the information they collect and use from users.

Acceptable Use Policy (AUP)

describes the purpose of computer systems and networks, how users can access them, and the responsibilities of users when they access the systems.

Runbook

implements the SOAR playbook to take action on incidents

Mandatory Vacations

policy which forces employees to take time away from their job. Used to detect when employees are involved in malicious activity such as fraud or embezzlement

Least Privilege

security principle which specifies that individuals and processes are granted only the privileges needed to perform assigned tasks or functions.

autopsy

the GUI used to interact with tools in the Sleuth Kit

Provenance

the act of tracing data back to where it originated. Examples: Hashing, checksums

Data protection officer

the entity responsible for ensuring the organization is complying with all data protection laws.

Data custodian

the entity responsible for routine daily tasks such as backing up data, storing data, and implementing business rules.

Data controller

the entity that determines why and how personal data should be processed.

Data processor

the entity that uses and manipulates the data on behalf of the data controller

Data owner

the entity who ensures adequate security controls are in place to protect data

Order of Volatility

the order in which evidence should be collected based on the permanence of data. Order from most to least volatile: Cache RAM Swap/Pagefile Hard Drive Attached devices Network data

FTK Imager

tool used to capture an image of a disk as a single file or multiple files and save the image in various formats.

Secure Orchestration Automation, and Response (SOAR)

tools used to respond to low-level security threats automatically which frees up admins to focus on other tasks. Example: Email filter


Kaugnay na mga set ng pag-aaral

Psychology 103 - Motivation/Emotion

View Set