CompTIA A+ Exam 220-902 sub-objective 5.3 – Summarize the process of addressing prohibited content/activity, and explain privacy, licensing, and policy concepts – Part 2 of 2

Back to the main 902 ExamNotes page

This is Part 2 of 2 of our coverage of CompTIA A+ Objective 5.3

Detailed (and official) description of CompTIA A+ sub-objective 5.3

5.3 Summarize the process of addressing prohibited content/activity, and explain privacy, licensing, and policy concepts.
Incident Response
First response

Identify
Report through proper channels
Data/device preservation
Use of documentation/documentation changes
Chain of custody

Tracking of evidence/documenting process
Licensing / DRM / EULA
Open source vs. commercial license
Personal license vs. enterprise licenses

Personally Identifiable Information
Follow corporate end-user policies and security best practices

Welcome to Exam Notes by CertBlaster! This is Part 2 (of 2) of A+220-902 Exam Objective 5.3 “Summarize the process of addressing prohibited content/activity, and explain privacy, licensing, and policy concepts.” We will inspect the issues and procedures surrounding the use of data that is in violation of corporate policies.

Tracking of evidence/documenting process

The documentation surrounding the handling of evidence is a crucial factor in any matter that will be subsequently reviewed for completeness and accuracy. You and all parties concerned in the handling of physical and digital evidence should be prepared to present accurate irrefutable records of time/date received and what actions were performed. The Chain of Custody is a major factor as is the Due Care of these materials while you are responsible for them. Forensics experts should be involved immediately as their skill set includes the storage and preservation of volatile digital data. They are capable of recovering the most volatile data like system RAM as well as preserving the integrity of storage media by making workable copies without making any changes to it.

Licensing / DRM / EULA

A common infraction involving midsized to large corporations is caused by employees misunderstanding or disregarding software licensing. While organizations make every effort to avoid copyright infringement, there are cases where a careless employee may feel that a special graphics program or piece of music will enhance their presentation. The legality of this practice may come into question causing financial hardship for the company.  It falls to the user to carefully read the End User License Agreement (EULA) before accepting it. In practice, very few users actually read the agreement and simply accept it. Acceptance is a liability. The EULA contains clauses regarding the acceptable use of the product and the ramifications of misuse among other legally binding matters. Digital Rights Management (DRM) protect artists and from having their works used in unauthorized manners. The DRM is digitally embedded in the media and is aggressively enforced.

photo of a maze or labyrinth
What navigating Licensing, DRM & EULA can feel like

Open source vs. commercial license

Software can be generally classified two ways. Open source (freeware) where the source code is freely available and can be modified by subsequent developers providing that any derivative works remain freely available and there are no fees for its use. This software is developed by and for a community that values the betterment of the product over financial reward. The Linux and Android operating systems are great examples of this philosophy. Closed source software is commercial for-profit programming that charges for the use of its programs. Closed source coding is closely guarded and not available. Obviously, use of this programming will be controlled by various licenses as you will see below.

Personal license vs. enterprise licenses

When using commercial software the licensing is purchased based on the intended use. Personal use is defined a single user installing the product on the personal devices in his home (domicile). In the corporate environment, products are usually covered under an enterprise site license that grants use to all employees. If the software is particularly expensive or use is confined to a small group or department, a per-seat license may be more cost effective. This license limits the installations to a predetermined number of users.

Personally Identifiable Information

Personally Identifiable Information (PII) is the information about you that you would consider confidential. This includes your full name, complete address, credit card numbers, date of birth and social security number. It also covers health records. Entities that store this information are subject to strict legally binding guidelines as to the confidential storage and dissemination of this information. PII is a high-value target for hackers who can use this data to create identities and access and deplete all of your assets, even creating new lines of credit in your name. Lists containing this information are easily attainable on the black market. Don’t release this information without careful consideration. Something as simple as a job application contains enough information for someone to deplete your assets and ruin your credit.

Follow corporate end-user policies and security best practices

Every corporation has security policies regarding the handling of personal and corporate data. Be knowledgeable of these policies and follow them to the letter. There will also be guidelines covering the handling of PII in certain situations. Treat these as absolute rules with no room for personal interpretation. Your job and someone’s financial well-being can both suffer irreparable damage.

And that’s all for Objective 220-902 5.3! You are very close to the end. Keep up the good work! Good Luck on the test!

Leave a Reply

Your email address will not be published. Required fields are marked *

On Facebook

Share This
Real Time Web Analytics