Midterm Review 2

If the tool is accurate, there should be no problems using it.

You must be certified in this tool in case you have to go to court.

The tool must be endorsed by the FBI.

You need to be verify that the tool is not considered junk science.

Obtain a search warrant

Install a write-blocker to the system

Shut the system off to prevent remote access

Install Encase on the machine to begin the forensic search

CIRT

CART

RCFL

First-response

business management

engineering

criminal justice

analytics

Eradication

Recovery

Identification

Lessons learned

Risk management provides the steps for an incident response.

Risk management is performed by first responders, and incident response is performed by the CSIRT.

Risk management is optional; incident response is mandatory.

Risk management helps analyze and set prevention strategies, and incident response consists of the steps to follow if an incident still occurs

Install encrypted an e-mail system

Review the annual training procedures on phishing

Have the employee who opened the e-mail explain why they answered the e-mail

Update the risk assessment procedures for e-mail usage

Take a photograph of the work area

Disconnect the computer from the network

Turn the computer off

Run anti-malware software

NCCIC

HIPAA

FISMA

SOX

The human resources specialist forgot their password.

Personal student information was exposed on a public website.

A user plugged in an unknown USB stick into a computer on the company network

Several users are receiving phishing e-mails.