Incidents and Ethics
Resenha: Incidents and Ethics. Pesquise 861.000+ trabalhos acadêmicosPor: wooper • 1/6/2013 • Resenha • 504 Palavras (3 Páginas) • 468 Visualizações
732 Chapter 18 Incidents and Ethics
network send their log records to a centralized log server that is locked down against attack
and does not allow for the modifi cation of data. This technique provides protection from
post - incident log fi le cleansing. Administrators also often use digital signatures to prove
that log fi les were not tampered with after initial capture. For more on digital signatures,
see Chapter 10, “ PKI and Cryptographic Applications. ”
Another important forensic technique is to preserve the original evidence. Remember
that the very conduct of your investigation may alter the evidence you are evaluating.
Therefore, it ’ s always best to work with a copy of the actual evidence whenever possible.
For example, when conducting an investigation into the contents of a hard drive, make an
image of that drive, seal the original drive in an evidence bag, and then use the disk image
for your investigation.
As with every aspect of security planning, there is no single solution. Get familiar with
your system, and take the steps that make the most sense for your organization to protect it.
Reporting Incidents
When should you report an incident? To whom should you report it? These questions are
often diffi cult to answer. Your security policy should contain guidelines on answering both
questions. There is a fundamental problem with reporting incidents. If you report every
incident, you run the very real risk of being viewed as a noisemaker. When you have a
serious incident, you may be ignored. Also, reporting an unimportant incident could give
the impression that your organization is more vulnerable than is the case. This can have a
serious detrimental effect on organizations that must maintain strict security. For example,
daily incidents at your bank would probably not instill additional confi dence in their
security practices.
On the other hand, escalation and legal action become more diffi cult if you do not
report an incident soon after discovery. If you delay notifying authorities of a serious
incident, you will probably have to answer questions about your motivation for delaying.
Even an innocent person could look as if they were trying to hide something by not
reporting an incident in a timely manner.
As with most security topics, the answer is not an easy one. In fact, you are compelled
by
...