Collection” Please respond to the following:
As a security administrator, if you believe that
suspicious activity may be taking place, explain at what point you become
concerned about the chain of custody for potential evidence.
Describe the approach necessary to ensure that all
evidence is gathered properly and that the chain of custody has been
maintained. Then, evaluate which step in the outlined approach is the most
likely to be skipped or not executed properly.
Dilemma” Please respond to the following:
As an employee, you receive an email that was
misdirected. The content of the email implies that the sender of the email
is involved in criminal behavior involving your company. Explain how you
would you go about communicating this email, and to whom you would report
to. Speculate the implications of simply ignoring the email and determine
how this might impact the process of investigating security incidents.
Interpret this situation from a security point of view
and outline the process you would follow in collecting evidence while
investigating this case.