SSCP Study Guide
This study guide provides you with 100% coverage for the SSCP exam.
TABLE OF CONTENTS SSCP Study Guide
Incident Investigation
When an instance of a threat occurs, it is referred to as being an incident. Incidents are unexpected or unwanted events that can threaten security, and have the ability to adversely effect the confidentiality, availability, or integrity of systems, projects, or businesses. Because a risk is the instance of a threat, it can occur from any number of the reasons discussed earlier in this chapter in the Risks and Threats section.
Certain threats may involve deliberate or malicious actions, so it is important that they are investigated and handled immediately after being identified. Companies may find their Web sites or networks hacked by outside parties, receive threats via e-mail, or fall victim to any number of cybercrimes. In other cases, an administrator may discover that people internal to the organization are committing crimes or violating policies. When certain incidents occur, the administrator not only needs to fix the immediate problem, but also needs to investigate the person behind it.
The Goals
As with any process, there are certain goals to achieve in an incident investigation. While the particular goals will depend on what is being investigated, they may include:
-
To ensure that all applicable logs and evidence are preserved
-
To obtain the information needed to justify a subpoena to obtain information from an ISP
-
To narrow the list of suspects
-
To understand how the intruder is entering the system
-
To discover why the intruder has chose the system(s) in question
-
To build a detailed case file on...
Copyright Sygress Publishing, Inc. 2003 under license agreement with Books24x7
