User Account

All Pages

Evidence collection policy

Assignment Help Basic Computer Science
Reference no: EM133048519

Evidence Collection Policy

Scenario

After the recent security breach, Always Fresh decided to form a computer security incident response team (CSIRT). As a security administrator, you have been assigned the responsibility of developing a CSIRT policy that addresses incident evidence collection and handling. The goal is to ensure all evidence collected during investigations is valid and admissible in court.

Consider the following questions for collecting and handling evidence:

1. What are the main concerns when collecting evidence?

2. What precautions are necessary to preserve evidence state?

3. How do you ensure evidence remains in its initial state?

4. What information and procedures are necessary to ensure evidence is admissible in court?

Tasks

Create a policy that ensures all evidence is collected and handled in a secure and efficient manner. Remember, you are writing a policy, not procedures. Focus on the high-level tasks, not the individual steps.

Address the following in your policy:

 Description of information required for items of evidence

 Documentation required in addition to item details (personnel, description of circumstances, and so on)

 Description of measures required to preserve initial evidence integrity

 Description of measures required to preserve ongoing evidence integrity

 Controls necessary to maintain evidence integrity in storage

 Documentation required to demonstrate evidence integrity

Reference no: EM133048519

Questions Cloud

Ensure compliance with Section 404 : As an Internal Auditor you have been given the task of creating a specific checklist to ensure compliance with Section 404.
What are primary and secondary memory : What are Primary and secondary memory? What is difference between RAM and ROM?
Practical connection-info tech and mobile application : Provide a reflection of how the knowledge, skills, or theories of this course(Info Tech and Mobile Application) have been, or could be applied,
Management of an information technology department : What would you do to improve the visibility and perception of an IT department? Describe the organization of an IT department.
Evidence collection policy : What are the main concerns when collecting evidence? What precautions are necessary to preserve evidence state?
Law enforcement officer obtains search warrant : Explain exigent circumstances with regard to digital evidence. Discuss how a law enforcement officer obtains a search warrant.
Differences between viruses and worms : Whats the similarities and differences between viruses and worms.
When thinking about data visualization : When thinking about data visualization, it is important to understand regular expressions in data analytics.
Siem security information and events management : Describe SIEM concept in general, research the available implementations, tools, Splunk is perhaps the best known, find more .

Reviews

Write a Review

Basic Computer Science Questions & Answers

  Are r, t , and m collectively exhaustive

Are R, T , and M collectively exhaustive?

  How many pounds of each type of food

How many pounds of each type of food should be used to minimize the cost?

  Critical to ensure database security

Why database monitor and audit are critical to ensure database security?

  Determine the power required at steady state

determine the power required at steady state, in hp, to heat the building using electrical resistance elements and compare with the minimum theoretical power that would be required by a heat pump.

  Discuss what the display reveals about the groups

In the news. Find an article in a newspaper, magazine, or the Internet that compares two or more groups of data.

  Research on threat response software

Do some research on Threat Response software. Find one particular software package to investigate. What are it's major features?

  Find out the average cpi for the two executables compiled

Consider a program compiled using compilers A and B running on the same processor. Find out the average CPI for the two executables compiled by compilers A and B given that the processor has a clock cycle time of 1ns.

  Position of being neutral third party

Can you help me propose at least two reasons why a mediator should maintain a position of being neutral third party within the mediation process

  Erin andrews invasion of privacy case

Please do an internet search and find out the results of the Erin Andrews invasion of privacy case that the Craig discusses in the assigned text.

  Network security policy

What are the threats that you need to be concerned about on your home network? what are the key themes you need to have in a network security policy?

  Protect web authentication service

Explain the best way to protect web authentication service. Remember that this component is too valuable to trust to a single defense,

  Developing the security program

An information security program is entire set of activities, resources, personnel, and technologies used by an organization to manage the risks to information

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd