CompTIA A+ Exam 220-902 sub-objective 5.3 – Summarize the process of addressing prohibited content/activity, and explain privacy, licensing, and policy concepts – Part 1 of 2

Back to the main 902 ExamNotes page

This is Part 1 of 2 of CompTIA A+ Objective 5.3

Detailed (and official) description of CompTIA A+ sub-objective 5.3

5.3 Summarize the process of addressing prohibited content/activity, and explain privacy, licensing, and policy concepts.
Incident Response
First response
Identify
Report through proper channels
Data/device preservation
Use of documentation/documentation changes
Chain of custody

Tracking of evidence/documenting process

Licensing / DRM / EULA
Open source vs. commercial license
Personal license vs. enterprise licenses
Personally Identifiable Information

Follow corporate end-user policies and security best practices

Welcome to Exam Notes by CertBlaster! In this installment, we will examine Objective 5.3 Summarize the process of addressing prohibited content/activity, and explain privacy, licensing, and policy concepts. We will inspect the issues and procedures surrounding the use of data that is in violation of corporate policies.

Incident Response

In some cases violations may be innocent transgressions attributed the employee’s misinterpretation of the rules and in others, they may be flagrant violations with legal implications. In either case, regardless of how you become aware of the violation, it is important that you adhere to the policies that relate to your handling of the situation. You may be tempted to err on the side of leniency in some matters. This is NOT your decision to make. In the worst case, failure to report incidents could make you an accomplice. Every company has slight terminology variations as to what is and is not acceptable use. The fundamental principles will be the same. For example, every company will have an Acceptable Use Policy (AUP) that is part of the employment agreement and is also freely available for employee review. Read it completely and follow it to the letter.

First response

In a case where you believe there has been a legal infraction or one of poor judgment, the incident should be reported as defined by corporate policy. There is no situation where you would confront the employee directly. Doing this provides the employee time to cover up the transgression and opens the door for unauthorized parties who are not involved in the process to overhear your discussion. Speak to no one outside the authorized channel the regarding these matters. Your handling of matters involving data breaches will likely be scrutinized by the legal team making it important that you follow your guidelines to the letter. Take clear notes regarding reporting and the actions you take.

Identify

The identification of an incident may be a personal observation or through the routine observation of network logs. Log files will uncover unauthorized personnel accessing restricted data. Immediately document this behavior and bring it to proper individual(s) for direction.

Report through proper channels

Always report strictly to the appropriate parties as indicated by your organizational Security Policy. Again here the process you follow and the manner in which you report will bear close scrutiny. Be clear, accurate and complete in your reporting.

Data/device preservation

In cases where there is evidence of foul play or corporate espionage, the preservation of data is of paramount importance. This should involve a forensic team to securely handle, store and validate any digital media. Network logs and MRU lists showing recently accessed documents will solidify your case. Obtain the services of a forensic expert before you handle anything. The slightest change could render the evidence inadmissible.

Use of documentation/documentation changes

Company policies are subject to change as needed to keep pace with the evolving corporate environment. While as stated these policies are easily accessed by the employees, all employees should be notified when a change is made with instructions on how to view the updated documentation. In a lengthy document, the exact change can be listed as not to be overlooked.

Chain of custody

Whenever evidence is necessary to create or support a case all records and physical support needs to be carefully preserved. This is accomplished using a form called a Chain of Custody. The Chain of Custody is designed to allow anyone who comes in contact with the evidence the ability to record the date/time they come into possession, the actions taken and the release date/time, along with the party it was remanded to. Fill this form out completely because any mistakes or gaps will render the evidence inadmissible. Sign for everything you take possession of and require signatures from those who you transfer possession to.  Any gaps in the process can be interpreted as a point of evidence corruption

Well, that’s all for Part 1 (of 2) of Objective 220-902 5.3! You are very close to the end. Keep up the good work! Good Luck on the test!

Back to the main 902 ExamNotes page

Example of an interactive aka by CompTIA Performance Based Question for A+ Exam 220-902:

Leave a Reply

Your email address will not be published. Required fields are marked *

On Facebook

Share This
Real Time Web Analytics