Cysa+ Domain 4

Service Level Objectives (SLOs):

Specific metrics, often related to time, that are set by an organization or defined as part of a vendor agreement. (Measuring the time to remediate or patch).

Memorandums of Understanding (MOUs)

Agreements that may contain performance or uptime targets that inhibit systems from being taken offline for timely patching.

Service Level Agreements (SLAs)

Agreements that include terms influencing performance targets and may cause organizations to delay patching.

Root Cause Analysis (RCA)

The process of determining the underlying cause for why an incident or issue occurred.

Lessons Learned

An exercise or analysis conducted after an incident to figure out how to prevent similar future incidents.

Mean Time to Detect (MTTD)

The duration from the initial event of an incident until it was discovered.

Mean Time to Respond (MTTR)

The time from detection of an event to assessing it as an incident and activating the full response process

Write Blockers

Tools used to ensure that a drive connected to a forensic system cannot be written to. (Using a hardware write blocker during drive acquisition ensures that attaching the drive does not result in modifications being made to the source data).

Forensic Image

An exact, bit-for-bit copy of a device or drive, including the contents of "empty" space, unallocated space, and slack space.

Slack Space

The unused space remaining when a file is written that can contain fragments of files previously written to that space.

File Carving

A forensic technique that looks at data on a block-by-block basis to find information like file headers and other indicators of file structure.

Order of Volatility

A ranking of how easy data is to lose, which dictates the order in which data should be acquired during a forensic investigation