Hits: 0
Evidence Collection Policy
Scenario
Evidence collection policy After the recent security breach, Always Fresh decided to form a computer security incident response team (CSIRT). As a security administrator, you have been assigned the responsibility of developing a CSIRT policy that addresses incident evidence collection and handling. The goal is to ensure all evidence collected during investigations is valid and admissible in court.
Consider the following questions for collecting and handling evidence:
- What are the main concerns when collectingevidence?
- What precautions are necessary to preserve evidencestate?
- How do you ensure evidence remains in its initialstate?
- What information and procedures are necessary to ensure evidence is admissible incourt?
Tasks
Create a policy that ensures all evidence is collected and handled in a secure and efficient manner. Remember, you are writing a policy, not procedures. Focus on the high-level tasks, not the individual steps. Evidence collection policy
Address the following in your policy:
- Description of information required for items ofevidence
- Documentation required in addition to item details (personnel, description of circumstances,and so on)
- Description of measures required to preserve initial evidenceintegrity Evidence collection policy
- Description of measures required to preserve ongoing evidenceintegrity
- Controls necessary to maintain evidence integrity instorage
- Documentation required to demonstrate evidenceintegrity
Required Resources
- Internetaccess
- Coursetextbook
Submission Requirements
- Format: Microsoft Word (orcompatible)
- Font: Times New Roman, size 12,double-space
- Citation Style: APA
- Length: 2 to 4pages
Self-Assessment Checklist
- I created a policy that addressed all
- I followed the submission
Evidence Collection Policy
Scenario
After the recent security breach, Always Fresh decided to form a computer security incident response team (CSIRT). As a security administrator, you have been assigned the responsibility of developing a CSIRT policy that addresses incident evidence collection and handling. The goal is to ensure all evidence collected during investigations is valid and admissible in court.
Consider the following questions for collecting and handling evidence:
- What are the main concerns when collectingevidence?
- What precautions are necessary to preserve evidencestate?
- How do you ensure evidence remains in its initialstate?
- What information and procedures are necessary to ensure evidence is admissible incourt?
Tasks
Create a policy that ensures all evidence is collected and handled in a secure and efficient manner. Remember, you are writing a policy, not procedures. Focus on the high-level tasks, not the individual steps.
Address the following in your policy:
- Description of information required for items ofevidence
- Documentation required in addition to item details (personnel, description of circumstances,and so on)
- Description of measures required to preserve initial evidenceintegrity
- Description of measures required to preserve ongoing evidenceintegrity
- Controls necessary to maintain evidence integrity instorage
- Documentation required to demonstrate evidenceintegrity
Required Resources
- Internetaccess
- Coursetextbook
Submission Requirements
- Format: Microsoft Word (orcompatible)
- Font: Times New Roman, size 12,double-space
- Citation Style: APA
- Length: 2 to 4pages Evidence collection policy
Self-Assessment Checklist
- I created a policy that addressed all
- I followed the submission