A digital example might be the use of an intrusion detection system (IDS) running on your firewall that alerts when an intruder attempts to break into your network.

This type of detection tries to catch the intruder right in the middle of the act.

Proactive

Proactive detection is the act of proactively securing possible holes in security.

Penetration testing involves a friendly party actively trying to break-in to your network to find any holes or leaks.

You find the holes and patch them before the would-be intruders even get a chance to exploit them.

Report through proper channels

Once you’ve identified the security incident and collected some form of evidence, it’s time to report the incident.

Always report strictly to the appropriate parties as indicated by your organizational Security Policy. The process you follow and the manner in which you report will be closely scrutinized. Be clear, accurate, and complete in your reporting.

The goal of the first responder is to collect evidence that answers the following questions

What happened?

When did it happen?

How did it happen?

Who made it happen?

Why did it happen?

An escalation team or law enforcement will then use the evidence to fill in the blanks.

If the evidence is clear and concise, it will be used to build a case against the threat agent. The end goal is to stop a future incident from happening.

Data/Device Preservation

Any evidence should be immediately removed from the hands of the attackers and preserved.

This will ensure that the data doesn’t mysteriously disappear before the proper parties are notified.

In cases where there is evidence of foul play or corporate espionage, the preservation of data is very important.

A forensic team should be involved in order to securely handle, store, and validate any digital media. Network logs and MRU lists showing recently accessed documents will solidify your case

Use of Documentation

Documentation you create will be used by many people in the investigation.

Take pics if you can, have written notes, screenshots.

Make sure the documentation is easily accessible to the investigation team and make sure people can add notes to the documentation using some kind of software tool.

Chain of Custody

Licensing/DRM/EULA

When you buy an application, you aren’t buying the application. Instead, you’re buying the right to use the application in a limited way.

Open source vs commercial license

Open Source

Open Source software is freer than free! Not only is the application free, but the source code is also shared to encourage others to contribute to the future development and improvement of the application.

Ex. Linux and OpenOffice.

Commercial License or Closed Source

Closed Source software is commercial for-profit programming that charges for the use of its programs.

Types of Commercial Licenses

Personal License

Personal License (Single User)

Defined as a single user installing the product on personal devices in their home.

You cannot install this license onto multiple PCs because the manufacturer will lock it onto one computer.

Enterprise License

Often used in the corporate environment and is used for many PCs at once.

Concurrent License

allows the software to be installed on many PCs but used all-at-once by a small group of users.

Ex. You have 1000 PCs with the application installed, but only 100 PCs (one department) actually can use it all-at-once.

Multiuser

The commercial software that allows you install on more than one computer.

Ex. You can install Microsoft Office onto multiple PCs

Closed source code is closely guarded and not available.

Ex. Apple iOS code

Regulated Data

Regulated data must be identified as it enters your network, and the proper SOPs should be followed.

PII

PII is Personal Identifiable Information. It’s anything that can be used to identify an individual person on its own or in context with other information.

Includes

Names, Address, names of family members.

PCI-DSS

PCI is Payment Card Industry.

PCI is the SOP for handling data related to transactions using payment cards (credit cards, debit cards, and gift cards)

PCI is not enforced by government agencies, but it’s actually enforced by Bankers and creditors.

Merchants must comply with the PCI standard to maintain payment card services.

GDPR

GDPR is General Data Protection Regulation.

GDPR is a European Union (EU) law governing how data is used and protected.

It was created to protect EU citizens.

Name, address, photo, email address, bank details, posts on social networking websites, medical information, a computer’s IP address, etc.

Users can decide where their data goes and gives individual users control of their data and where it goes

PHI

PHI is Protected Health Information.

PHI is any information used in the health-care industry to describe a patient or aliment.

HIPAA regulations are often closely associated with PHI.

EHR (Electronic Health Records) describe a person from the cradle to the grave.

It represents a patient’s vitals, every doctors visit, and billing information from the doctors as well.

Follow all policies and security best practices

Every corporation has security policies regarding the handling of personal and corporate data. Be knowledgeable of these policies and follow them to the letter. Guidelines will also exist covering the handling of PII in certain situations. Treat these as absolute rules with no room for personal interpretation. Your job and someone’s financial well-being can both suffer irreparable damage.

Want to print your doc?
This is not the way.

Try clicking the ⋯ next to your doc name or using a keyboard shortcut (

CtrlP

) instead.