Skip to content

Latest commit

 

History

History
55 lines (42 loc) · 2.25 KB

D5.md

File metadata and controls

55 lines (42 loc) · 2.25 KB

Risk Treatments

  • Avoidance – risk deemed too high. Avoid activity.
  • Acceptance – risk too low – do not mitigate
  • Mitigation – reduce the risk; for example, anti-virus on laptop
  • Transference – transfer risk to a third party; for example, outsourcing, car insurance

Risk Assessment

  • Stage 1 – identify the asset – determine how it is treated and handled
  • Quantitative – measurement of loss expressed in a number format
  • Qualitative – grading risk as high, medium, or low
  • SLE – single loss of an item
  • ARO – number of losses in a year
  • ALE – SLE x ARO = annual losses in a year
  • Residual risk – remaining risk after mitigation

Personnel Management

  • Mandatory vacations – employee takes a holiday; the employer discovers fraud or theft
  • Job rotation – trains the staff also detect fraud or theft
  • Separation of duties – no one person completes the whole transaction
  • Exit interview – find reasons for leaving the company
  • Off-boarding – returning your company equipment on exit
  • Non-Disclosure Agreement (NDA) – legal agreement to not discuss company business

Business Impact Analysis

  • RPO – the amount of time you can be without data, acceptable downtime
  • RTO – returning to full operation after a disaster
  • MTTR – time to repair
  • MTBF – time between failures; measures reliability of a system
  • Single point of failure – one item, if it fails, takes the system down

Forensics

  • Stage 1 – hard drive – take a forensic copy
  • Stage 1 – computer – take a system image
  • Order of volatility – collect perishable evidence first
  • Record time offset – regional time of evidence that is collected
  • Time normalization – putting the record time offsets in sequence
  • Chain of custody – who collected and has handled the evidence, should not have a gap
  • Rapidly expanding virus – isolate or quarantine immediately

Recovery Sites

  • Hot – manned with all data up to date, most expensive site
  • Warm – manned data maybe 3 hours out of date
  • Cold – water and electricity – no equipment, cheapest site

Data Destruction

  • Hard drive – shred first, then pulverize, then degauss
  • Paper – pulp first, shred second
  • Paper – classified – use a burning bag, obtain destruction certificate