CISSP Incidents and Ethics

Beschreibung

CISSP Study Guide - Chapt 19
Dani B
Karteikarten von Dani B, aktualisiert more than 1 year ago
Dani B
Erstellt von Dani B vor mehr als 7 Jahre
57
0

Zusammenfassung der Ressource

Frage Antworten
What is the first step in deciding how to respond to a computer attack? Determine if and when an attack has taken place
What's the second step once the occurrence of an incident has been determined? Conduct an investigation and collect evidence
Types of investigations Operational, criminal, civil, regulatory
This type of investigation examines issues related to the organization's computing infrastructure and primary goal is to resolve operational issues Operational investigations
This type of investigation is typically conducted by law enforcement personnel to look into alleged legal violations Criminal investigation
This type of investigation typically involves internal employees and outside consultants working on behalf of a legal team to prepare evidence necessary to resolve a dispute between two parties Civil investigations
This type of investigation is performed by government agencies when they believe administrative law has been violated Regulatory investigation
This investigation has the loosest standards for collection of information operational investigations
Evidence that demonstrates the outcome of the case is more likely than not, also called preponderance of the evidence standard, is good enough for which kind of investigation civil investigations
What are the 9 steps in the Electronic Discovery (eDiscovery) Reference Model that describes a standard process for conducting eDiscovery information governance, identification, preservation, collection, processing, review, analysis, production, presentation
What is media analysis A branch of computer forensic analysis involving the identification and extraction of info fro storage media
Why is it difficult to reconstruct activities that took place over a network for forensic analysis? It's difficult due to the volatility of network data. It has to be deliberately recorded at the time it occurs in log files as it is generally not preserved.
Major categories of computer crime military and intelligence attacks, business attacks, financial attacks, terrorist attacks, grudge attacks, thrill attacks
Primary focus of business attacks Business attacks focus on illegally obtaining an organisation's confidential information
Primary focus of financial attacks Financial attacks aim to unlawfully obtain money or services and are the most commonly reported
What are advanced persistent threats? Sophisticated highly effective attacks against a very focused target. The attackers are well funded, have advanced technical skilled and resources.
What are military and intelligence attacks? Military and intelligence attacks aim to obtain secret and restricted information from law enforcement or military and technological research resources.
What is an incident? An event that has a negative outcome affecting the CIA of an organization's data
List the general categories of incidents Scanning, compromises, malicious code, denial of service
What are scanning attacks? Scanning attacks are reconnaissance attacks that usually precede a more serious attack.
How might scanning attacks be identified? Look for any unusual activity on any port or from any single address. Automate evidence collection by setting up the firewall to log rejected traffic.
What is a system compromise? A system compromise is any unauthorized access to the system or information the system stores.
How can system compromises be detected? Difficult but usually the data custodian notices unusual action performed on the data.
How to detect a malicious code incident? Implement virus and spyware scanner, implement a security policy that addresses the introduction of outside code, end user may report suspicious behaviour caused by the malicious code
How to detect DoS incidents? The easiest to detect. A user or automated tool reports that a service or machine is unavailable
What are the primary responsibilities of a computer incident response team (CIRTs)? determine scope and level of damage caused by incident, determine if confidential info was compromised, implement any necessary recovery procedures, supervise implementation of any improvement security measures
Steps in the incident response process 1. detection and identification 2. response and reporting 3. recovery and remediation
Tools to monitor for events potentially pointing to security incidents intrusion detection / prevention systems, antivirus software, firewall logs, system logs, physical security systems, file integrity monitoring software
What source of data to gather or confiscate when gathering evidence computer systems involved in the incident, logs from the security system, logs from network devices, physical access logs, other relevant sources of information
Zusammenfassung anzeigen Zusammenfassung ausblenden

ähnlicher Inhalt

Final Exam 2015+
Alexandre Pinheiro
CISSP Domains
pikeje
Certified Information Systems Security Professional (CISSP)
GoAsk Chaz
CISSP Domians
examtime8725
Chapter 5 - CISSP Domain 2 - Protecting Security of Assets
Niels de Jonge
Chapter 4 - CISSP Domain 1 - Laws, Regulations and Compliance
Niels de Jonge
Asset Security
Dani B
Security Engineering
sefa duran
Chapter 6 - CISSP Domain 3 - Cryptographic and Symmetric Algorithms
Niels de Jonge
BCP/DR
hunter sekara