Information Security Maintenance and Digital Forensics

Flashcards covering the maintenance of information security programs, security management models, monitoring factors, digital forensics, and legal aspects.

Why is ongoing maintenance of an information security program needed?

New cyber threats appear constantly, legal and regulatory requirements change, and organizational changes necessitate updates to the security program.

What are some popular security management models?

The National Institute of Standards and Technology (NIST) Cybersecurity Framework, ISO/IEC 27001, and COBIT.

What are the key elements of a full maintenance program?

Assessment, Implementation, Monitoring, and Review.

What external factors should be monitored?

New threats and vulnerabilities, and changes in laws or regulations.

What internal factors should be monitored?

Staff behavior or mistakes, and new systems or business changes.

What are key components of maintaining information security?

Software updates, incident response planning and testing, and staff training.

Why is digital forensics used?

To investigate digital misconduct and perform root cause analysis.

What are the two approaches to digital forensics?

Protect and Forget (focus on fixing issues) and Apprehend and Prosecute (focus on finding and punishing the attacker).

What are the steps in the digital forensic process?

Identify, collect, protect, examine, and share the results related to digital evidence.

What should be the focus when managing digital forensics?

The right team, good tools, following the law, and continuous improvement.

What is an affidavit in digital forensics?

A sworn written statement by an investigator explaining the facts, needed evidence, and its location.

What is a search warrant?

Official permission to search a location and take digital evidence, authorized by someone like a judge.