This preview shows page 1. Sign up to view the full content.
Unformatted text preview: e takes place, it is critical that the investigation steps
are carried out properly to ensure that the evidence will be admissible to the court and
that it can stand up under the cross-examination and scrutiny that will take place. As a
security professional, you should understand that an investigation is not just about potential evidence on a disk drive. The whole environment will be part of an investigation,
including the people, network, connected internal and external systems, federal and
state laws, management’s stance on how the investigation is to be carried out, and the
skill set of whomever is carrying out the investigation. Messing up on just one of these
components could make your case inadmissible or at least damaging if it is brought to
court. So, make sure to watch many more episodes of CSI and Law & Order! Incident Response
Many computer crimes go unreported because the victim, in many cases, is not aware of
the incident or wants to just patch the hole the hacker came in through and keep the
details quiet in order to escape embarrassment or the risk of hurting the company’s reputation. This makes it harder to know the real statistics of how many attacks happen each
day, the degree of damage caused, and what types of attack and methods are being used.
Although we commonly use the terms “event” and “incident” interchangeably,
there are subtle differences between the two. An event is a negative occurrence that can
be observed, verified, and documented, whereas an incident is a series of events that
negatively affects the company and/or impacts its security posture. This is why we call
reacting to these issues “incident response” (or “incident handling”), because something is negatively affecting the company and causing a security breach. ch10.indd 879 12/4/2009 11:39:10 AM All-in-1 / CISSP All-in-One Exam Guide, 5th Ed. / Harris / 160217-8 CISSP All-in-One Exam Guide 880
Many types of incidences (virus, insider attack, terrorist attacks, and so on) exist,
and sometimes it is just human error. Indeed, many incident response individuals have
received a frantic call in t...
View Full Document
This note was uploaded on 06/01/2013 for the course NET 125 taught by Professor Hurst during the Fall '12 term at Wake Tech.
- Fall '12