Pace IT - Prohibited Content and Activity
•Download as PPTX, PDF•
1 like•237 views
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology) "Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53" Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
Recommended
More Related Content
What's hot
What's hot (17)
Similar to Pace IT - Prohibited Content and Activity
Similar to Pace IT - Prohibited Content and Activity (20)
More from Pace IT at Edmonds Community College
More from Pace IT at Edmonds Community College (20)
Recently uploaded
Recently uploaded (20)
Pace IT - Prohibited Content and Activity
- 1. Dealing with prohibited content or activity.
- 2. Page 2 Instructor, PACE-IT Program – Edmonds Community College Areas of Expertise Industry Certifications PC Hardware Network Administration IT Project Management Network Design User Training IT Troubleshooting Qualifications Summary Education M.B.A., IT Management, Western Governor’s University B.S., IT Security, Western Governor’s University Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions. Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.
- 3. Page 3 PACE-IT. – First response. – Documentation. – Chain of custody.
- 4. Page 4 Dealing with prohibited content or activity.
- 5. Page 5 Prohibited content or activity can be anything that is against the law or is restricted by company policy. Unauthorized programs being installed, additional drives being added, virus activity and other malware, unauthorized access, and viewing proscribed content can all be deemed as either prohibited content or activities. As an IT professional, it is your responsibility to know your organization’s IT acceptable use and security policies. Dealing with prohibited content or activity.
- 6. Page 6 Dealing with prohibited content or activity. – Identify. » Recognize the activity or content is either unauthorized or illegal. • Know your organization’s acceptable use and security policies. » If it is against policy, it is a security incident by definition. – Report through the proper channels. » If it is clearly illegal, the obligation is to report not only through the chain of command but also to the proper authorities. » To not report is to become an accessory. » Follow the proper procedures for reporting. • Know your organization’s security policies. – Data and services preservation. » All data and services need to be preserved as evidence. » Often, the best approach is to not touch and to restrict access. » Turning off or using the keyboard can destroy evidence. » If required to stop a virus or malware attack, unplug the network cable only.
- 7. Page 7 Dealing with prohibited content or activity.
- 8. Page 8 Dealing with prohibited content or activity. – Proper documentation is vital. » Use the appropriate documentation form. • Know your organization’s acceptable use and security policies. » As a first responder, your observations can be key evidence; document them thoroughly. » Interview and document the responses of other people involved. » Documentation can be used as evidence. • Chain of custody documentation is vital. » Properly documenting an incident can lead to improved future responses. – Document any changes. » Document any steps that have been taken to reduce security risks. • Remember that any changes to the system may alter the evidence. • Remember to preserve the situation to as close to how it was found as possible.
- 9. Page 9 Dealing with prohibited content or activity. – Chain of custody. » Chain of custody logs establish control of the evidence. » Chain of custody logs show who has and when they have had access to the evidence. • Chain of custody logs in themselves are also evidence as they verify that what is presented in court is the same as what was collected. • An improper chain of custody can negate any evidence that has been collected. – Protecting evidence. » Restrict physical access to the systems involved. » Never power down; the contents of RAM can be recovered with specialized tools, but it is volatile. » If anything is changed, evidence may be lost; do not access files (the attributes will be changed and evidence will be lost). » Secure the evidence. • Create a solid chain of custody.
- 10. Page 10 Dealing with prohibited content or activity. Know your organization’s acceptable use and security policies. Be able to identify prohibited content or activity. Report incidents through the proper channels. Practice data and services preservation techniques: restrict access to the affected system; don’t use the system; and, if necessary to stop an ongoing virus or network attack, only unplug the network cable. Topic First response. Summary Proper documentation is vital. It can provide key evidence in any legal proceedings. A chain of custody document will be vital in proving who had access to the affected systems and the collected evidence. Document any changes that have occurred. Protect the evidence by: restricting access to the systems, not powering the system down, and securing the evidence by creating a solid chain of custody. Documentation.
- 12. This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53. PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.