Ken 7 Windows Limited has decided to form a computer security incident response team (CSIRT). When making any security-related changes, they know the first step is to modify the security policy. As a security administrator, you have been assigned the responsibility of developing a CSIRT policy that addresses incident evidence collection and handling. This policy will guide CSIRT team members in developing procedures on proper techniques in handling evidence. The goal is to ensure all evidence collected during investigations is valid and admissible in court. You will write a policy to ensure all evidence is collected and handled in a secure and efficient manner. All procedures and guidelines will be designed to fulfill the policy you create. Answer the following questions for collecting and handling evidence: 1. What are the main concerns when collecting evidence? 2. What precautions are necessary to preserve evidence state? 3. How do you ensure evidence remains in its initial state? 4. What information and procedures are necessary to ensure evidence is admissible in court? Format: Microsoft Word Font: Times New Roman, 12-Point, Double-Space Citation Style: APA Style with 3 references Length: 2–3 pages

Developing a comprehensive computer security incident response team (CSIRT) policy that addresses incident evidence collection and handling is crucial for organizations like Ken 7 Windows Limited. This policy serves as a guide for CSIRT members on the proper techniques and procedures for collecting and handling evidence. The overarching goal of this policy is to ensure that all evidence collected during investigations is valid and admissible in court. In order to achieve this goal, several key concerns and precautions must be taken into consideration.

The main concerns when collecting evidence revolve around maintaining the integrity, authenticity, and confidentiality of the collected evidence. Integrity refers to ensuring that the evidence remains unchanged and unaltered throughout the collection and handling process. Authenticity involves establishing the trustworthiness and validity of the evidence, ensuring that it is not tampered with or fabricated. Lastly, confidentiality focuses on protecting sensitive information contained within the evidence from unauthorized access or disclosure.

To preserve the state of evidence, several precautions are necessary. First and foremost, it is crucial to ensure that the evidence is collected in a manner that minimizes the risk of corruption or alteration. This can be achieved by using trusted tools and techniques for data acquisition, such as creating cryptographic hashes of the evidence at each step of the collection process. Additionally, it is important to document the chain of custody, including the individuals involved in the collection and handling of the evidence, to maintain its integrity and establish its admissibility in court.

To ensure that evidence remains in its initial state, it is essential to establish strict controls and safeguards throughout the handling process. This includes minimizing physical access to the evidence, ensuring that it is stored in a secure location, and implementing appropriate authentication and access control mechanisms. It is also important to establish a clear and well-documented process for documenting any changes or modifications made to the evidence, ensuring transparency and accountability.

In order for evidence to be admissible in court, it is crucial to follow specific information and procedures. Firstly, all evidence collected must be properly documented, including details such as the date and time of the collection, the location where it was found, and the individuals present during the collection. This documentation should be done using standardized forms or templates to ensure consistency and completeness.

Furthermore, it is important to adhere to legal and regulatory requirements when collecting and handling evidence. This includes respecting any applicable laws pertaining to privacy, data protection, and chain of custody. In addition, it is important to establish a clear process for handling and transferring evidence, including maintaining proper documentation of any transfers or handovers to maintain its admissibility in court.

In conclusion, developing a CSIRT policy that addresses incident evidence collection and handling is crucial for organizations like Ken 7 Windows Limited. By considering the main concerns when collecting evidence, taking necessary precautions to preserve evidence state, ensuring that evidence remains in its initial state, and following appropriate information and procedures to ensure evidence is admissible in court, a robust policy can be established. This policy will provide guidance to CSIRT team members, ensuring that evidence is collected and handled in a secure and efficient manner.

Need your ASSIGNMENT done? Use our paper writing service to score better and meet your deadline.


Click Here to Make an Order Click Here to Hire a Writer