Fatskills
Practice. Master. Repeat.
Study Guide: SSCP: 13. Legal Issues
Source: https://www.fatskills.com/systems-security-certified-practitioner-sscp/chapter/sscp-13-legal-issues

SSCP: 13. Legal Issues

By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.

⏱️ ~3 min read

A security incident is any violation of policies or security practices that has the potential to result in an adverse event. An incident lifecycle includes several different phases. The first phase is preparation, which includes implementing security controls to prevent, detect, and correct security incidents. When an event occurs, personnel investigate it in the detection, analysis, and escalation phase. If analysis verifies that an incident has occurred, personnel may escalate it depending on the severity of the incident. During the containment phase, personnel attempt to isolate the incident to limit potential damage. The next phase is to eradicate all elements of an incident. This phase can be combined with the recovery phase to return all systems to normal operations. After an incident has occurred, it’s important to examine the responses in a lessons learned phase. In many situations, this results in a recommendation to implement additional countermeasures.
First responders are the first forensics-trained personnel on the scene, and one of their primary responsibilities is the preservation of the scene. The three phases of a typical computer forensic investigation are acquiring the evidence, authenticating the evidence, and analyzing the evidence.
When acquiring the evidence, one of the most important concerns is to protect the data and prevent data modifications. Forensic tools allow experts to capture data in volatile RAM before a system is powered down and use bit-copying procedures to copy the contents of hard drives. Several forensic tools are available such as FTK, COFEE, the Sleuth Kit, EnCase, and more.
In the authentication stage, a chain-of-custody document is used to provide proof that the evidence was controlled after it was collected. The chain-of-custody document ensures that the evidence is admissible in a court of law. The analysis of the evidence is the last stage. Some of the same forensic tool suites used to collect evidence include tools that can be used to analyze evidence.
Computer abuse indicates that an individual is using a computer or network in an unauthorized manner, such as counter to an organization’s security policies. Computer crime indicates that the user is committing illegal acts with the computer. Computer crime is punishable by fines and/or jail time.
Computers can be used in fraud and embezzlement crimes resulting in substantial losses to an organization. Mandatory vacations and job rotation are two security policies that an organization can use to reduce the success of fraud and embezzlement crimes. These two policies are often used with other security controls as part of an overall defense-in-depth strategy.
PII includes any information that can identify an individual. Privacy issues related to the protection of PII have become more important as the amount of data that organizations collect on their customers has increased. If an organization doesn’t take precautions to protect customer data, attackers may breach the organization’s database and access its customer data. Many laws have been enacted on the international, national, and state levels requiring organizations to protect PII.
Legal and regulatory concerns apply to cloud computing and various monitoring systems. They typically identify requirements to maintain the privacy of data. Jurisdiction refers to the legal authority that a legal body has over an organization. It can change depending on the physical location of an organization, where the data is held within the cloud, and where the data was collected from, such as from an EU resident. Electronic discovery refers to any process that attempts to locate and secure electronic data for a civil or a criminal legal case.



ADVERTISEMENT