Btec international level 3 it specification

C5 External service providers

Yüklə 2,75 Mb.

Pdf görüntüsü

səhifə	148/350
tarix	17.10.2023
ölçüsü	2,75 Mb.
	#156471

1 ... 144 145 146 147 148 149 150 151 ... 350

btec-international-level-3-it-specification

Learning aim D: Examine procedures to collect forensic evidence following a security incident D1 Forensic collection of evidence

C5 External service providers
Understand the issues associated with external service providers.
•
External service provider (ESP) agreements will include:
o
cloud
o
hardware
o
software.
•
Implications of ESP agreements, including:
o
legal ownership and jurisdiction, including geographical location,
data movement across borders, procedures when an agreement ends
o
security protection, including data security obligations, privacy, encryption,
liability for data breaches, liability for data loss or damage (accidental or
deliberate), disaster recovery procedures
o
dispute resolution, including statutory requirements, and problems
encountered by data and processing residing in multiple jurisdictions.
•
Many or all of these points are covered by the data protection laws.
Learning aim D: Examine procedures to collect forensic evidence following a
security incident
D1 Forensic collection of evidence
Understand how to collect evidence using different forensic tools.
•
Forensic collection of evidence following a security incident and its purpose.
•
Desktop forensics:
o
meeting requirements for desktop forensics, including
–
confiscation of devices
–
taking an image of the system
–
using a forensic analysis tool
–
reviewing files and settings
–
reviewing system logs
–
reviewing user activity
–
malware analysis and alerts
o
the challenges of live forensics
–
changing data in situ
–
recovering corrupted data and preventing data corruption
–
capturing data in active memory
–
losing temporary files.
•
Network forensics:
o
agreeing a network-testing methodology with forensic supervisory and
investigatory authority
o
scanning of local infrastructure
–
ensuring permission is granted
–
ensuring that testing protocol will not disrupt a live system
–
passive and active analysis tools
o
reviewing and analysing firewalls and infrastructure devices, including switch,
router, wireless access point, client or server logs
o
analysing malware activity and alerts.

U
NIT
11:
C
YBER
S
ECURITY AND
I
NCIDENT
M
ANAGEMENT
Pearson BTEC International Level 3 Qualifications in Information Technology –
Specification – Issue 3 – September 2022 © Pearson Education Limited 2022
163

Yüklə 2,75 Mb.

Dostları ilə paylaş:

1 ... 144 145 146 147 148 149 150 151 ... 350