Privacy, Licensing, and Policies - CompTIA A+ 220-1102 - 4.6

Evidence Collection in Information Technology

  • Evidence is crucial in information technology incidents needing collection.

  • Chain of Custody:

    • Documents everyone who handles the evidence.

    • Prevents tampering through tracking access to the evidence.

    • For digital evidence, hashing helps confirm the evidence remains unchanged.

  • Labeling and Cataloging:

    • Essential for proper evidence management.

    • Physical evidence should be placed in sealed containers.

    • Digital evidence may require a digital signature to certify that it has not changed post-collection.

First Responder Responsibilities

  • Significant role: discovering incidents and potentially mitigating them.

  • Identification can occur through logs, data monitoring, or visual observation.

  • Timeliness:

    • Report immediately to management or involve law enforcement if legally required.

  • Evidence Collection:

    • First responders collect evidence while ensuring its integrity.

    • Typically involves obtaining copies of storage drives, referred to as bit-for-bit or byte-for-byte copies.

    • This captures everything on the drive, including hidden files.

    • Physical removal of the drive may be required, followed by the use of a hardware write blocker to prevent data alteration.

    • Evidence copied using specialized hardware or software imaging tools.

    • A hash is created for verification of data integrity during later analysis.

Importance of Documentation

  • Documentation is critical in any incident response.

    • Serves both internal and potential legal purposes.

    • Should include:

      • Summary of the incident

      • Steps taken to acquire data

      • Analysis of data collected

      • Conclusions based on analyses.

Software Licensing Types

  • Software Licensing:

    • Defines the terms and conditions for software usage.

    • Licenses detail usage rights, copies allowed, and backup procedures.

  • Types of Licenses:

    • Per Seat License: A fixed number of users per license.

    • Concurrent License: Allowed simultaneous usage by different users up to a limit.

    • Perpetual License: One-time purchase for perpetual use.

    • Subscription License: Time-limited use, requiring renewal.

  • Corporate licenses often have more complex terms, accommodating various user needs through site licenses or annual renewals.

  • Free and Open Source Software (FOSS):

    • No cost associated with usage; users have access to the source code.

    • For contrast, closed-source software (e.g., Microsoft Windows) provides no access to source code.

  • End User Licensing Agreements (EULAs):

    • Formal documents outlining software usage agreements often overlooked during installation.

    • May involve negotiations between users and manufacturers to shape appropriate terms.

Payment Card Industry Data Security Standard (PCI DSS)

  • PCI DSS ensures secure handling of credit card information.

  • Ensures protection of cardholder data through:

    • Secure network and systems;

    • Cardholder data protection;

    • Vulnerability management;

    • Access control;

    • Network monitoring;

    • Information security policy maintenance.

Management of Personally Identifiable Information (PII)

  • Organizations typically hold sensitive PII, with legal implications on its management.

  • Data breaches highlight the need for robust protections for sensitive personal data.

  • OPM data breach (2015) example showed impact on 21.5 million individuals, underscoring the importance of PII management.

  • Recognizing the sensitivity of PII, organizations must implement security controls to thwart unauthorized access.

Governance of Personal Data in the EU

  • General Data Protection Regulation (GDPR) outlines personal data usage protocols, including PII rights.

  • Individuals have autonomy over their data and can request deletion (right to erasure).

  • Privacy policies must disclose data management practices by organizations in the EU.

Protected Health Information (PHI) Management

  • PHI includes health status, appointments, and health care details.

  • Regulations like HIPAA enforce security measures for PHI handling, storage, and transmission.

Data Retention Requirements

  • Organizations must comply with data retention policies which may serve various purposes such as version control and insurance against data loss from incidents.

  • Legal requirements might necessitate retention of certain data types (e.g., emails, corporate tax info).

  • Offsite storage and backups are often mandated for sensitive data retention.