Computer Service and Repair, 5th Edition page 866

Copyright Goodheart-Willcox Co., Inc. 848 Computer Service and Repair when the incident fi rst occurs. For this reason, it is always best to follow all policies and security best practices as completely as possible. Once law enforcement becomes involved in an event, they take over the responsibility for handling the evidence or chain of custody. Th ey most likely will collect the original incident report, so you should make a copy for your records. Experience is the best teacher for determining whether an incident is consid- ered routine or very serious. Th is is why, as a new technician, you will rely on your supervisor’s judgment of how to proceed after the initial report is created. Large companies and organizations always have policies established as to how to handle all of the most common security incidents. Be sure to review your company’s security policy publications, so you know how to respond to an incident. First Response/Incident Response Th e fi rst response is to identify what happened when an unauthorized activity or prohibited material was discovered. A security incident could be discovering phishing e-mail, malware, unauthorized access to a user account, deletion of data, or any activity that is considered an unauthorized use of organization equipment. Many organizations routinely run software applications that detect security prob- lems and breaches. Organizations can also monitor employee activities on a network or workstation and generate reports containing the date, time, and type of activity. For example, there are software applications that monitor user Internet activity and record the locations visited, the amount of time at the location, and even the type of transaction conducted at a location, such as a purchase or e-mail and chat room activity. It is normal for an organization to have employees, students, or other users of the computer system sign agreements describing permissible network and work- station conduct. After the incident is properly identifi ed or classifi ed, the incident must be documented. Identify Sometimes identifying the issue can be the most diffi cult part of problem-solving, particularly when you are dealing with an emergency. Human tendency is to use what we already know to label the problem. Unfortunately, our labels are often wrong. If the situation is not an emergency, take the time to verify that your assumptions are correct, and then use the most appropriate nomenclature for the problem. Report through Proper Channels If you are part of an enterprise, make sure you communicate the situation to the proper individuals. Make sure you document what you are doing, especially if e-mail is available. Use of paper or electronic documentation provides an audit trail for subsequent investigation and post-intervention analyses. Preservation of Data and Devices Any time you deal with a problem or opportunity, assume that chain of custody is important. Document every handoff and keep the evidence protected from modifi - cation or inadvertent damage. All hardware items and printouts should be labeled and dated by each person handling them. 1002: 4.6 1002: 4.6 1002: 4.6 1002: 4.6

Previous Page Next Page

Computer Service and Repair, 5th Edition Page 866 (866 of 1024)

Resources and Downloads

Help