CompTIA+ Core 2 Part 6

Incident Response

A set of procedures an investigator follows when examining a computer security incident

Incident Management Program

Consists of monitoring and detention of security events on a computer network and the use of proper responses to those security events

Chain of Custody

record of evidence history from collection to court presentation and disposal

Faraday Bag

Shields devices from outside signals to prevent data from being altered, deleted, or added to a new device

Legal Hold

Preserves all relevant information when litigation is reasonably expected to occur

Data Acquisition

Creates a forensically sound copy of the data from a source device

Order of Volatility

Collecting evidence that could be easily tampered or destroyed first

Digital Rights Management

Ensures copy protection for music and video that is being used in an online or digital manner

Public Data

No impact to the company if released and is often on a company’s website

Sensitive Data

Minimal impact if released and includes things like a company’s finances

Private Data

Contains information like personnel records, salaries, and other data only used in the organization

Confidential Data

Contains items such as trade secrets, intellectual property data, source code,  and things that would harm the company/ or government if disclosed

Unclassified

Can be released to the public under the Freedom of Information Act

Controlled Unclassified Information (CUI)

Includes unclassified information that should be protected from public disclosure

Secret Data

Includes data such as military deployment plans and other things that would damage national security if disclosed

Top Secret Data

 Includes blueprints for weapons or other information that could gravely damage national security if known by those unauthorized to know

Data Retention

Maintains and controls certain data to comply with business policies and applicable laws and regulations

Data Preservation

Keep information for a specific purpose outside of an organization’s data retention policy

Short-Term Retention

A term by how often the newest or youngest media sets are overwritten

Recovery Point Objective (RPO)

The maximum amount of time that can be lost from a recovery after a disaster, failure, or other event

Long-Term Retention

Any data moved to an archive to prevent being overwritten

Payment Card Industry Data Security Standard (PCI DSS)

is an agreement that organizations handling credit card information must follow.

Personally Identifiable Information (PII)

Any data that could potentially identify a specific individual

Personal Health Information (PHI)

is private details about an individual's health

Security policies

are rules and guidelines that define how to protect information and resources from unauthorized access or harm

Acceptable Use Policy (AUP)

Defines the rules that restrict how a computer, network, or other systems may be used

Change Management

Defines the structured way of changing the state of a computer system, network, or IT procedure

Separation of duties

means dividing tasks and responsibilities among different individuals to prevent conflicts of interest and enhance security.

Onboarding and Offboarding Policy

Dictates what type of things need to be done when an employee is hired, fired, or quits

Due Diligence

is making sure IT risks are identified and managed.

Due Care

is taking actions to defend against the risks found during due diligence.

Due Process

is a legal term about respecting and safeguarding personnel's rights

The four forms of regulated data covered by the exam are

PII (Personally Identifiable Information),

PCI (Payment Card Industry),

GDPR (General Data Protection Regulation)

PHI (Protected Health Information)

Enterprise license

like a business license, but for an unlimited number of users and is designed for large corporate and government networks.