Page 36 - Security+ (635 notes by Nikkhah)
P. 36
604- The system is shut down normally.
605- Photographs of the existing system setup are taken before moving.
606- Each piece of hardware is unplugged and tagged.
607- Appropriate safety procedures are followed when handling hardware.
608- Smaller pieces of hardware are placed inside antistatic plastic bags.
609- Equipment is kept away from strong EMI and RFI.
Collection of evidence
610- Collection of evidence is the process of identifying, locating, and processing evidence.
611- Appropriate documentation is made.
612- The crime scene is secured and unauthorized entry is prohibited.
613- The evidence is identified and secured.
614- The investigation team examines the evidence and takes steps for collection.
615- Evidence is collected from audit logs, screen displays, and recovered data files.
Education and training
616- Educating and training users helps to create a safe and secure working environment.
617- Users must know available methods to communicate to their peers, their supervisors,
management, and employees in other departments.
618- Users should be made aware of rules, regulations, and security issues when working on
computers.
619- Online resources help educate, train, and keep users informed.
Risk identification
620- A risk is the possibility of incurring some loss due to unexpected situations.
621- Riskidentification is the process of identifying assets, risks, threats, and vulnerabilities in a
system.
622- Organizations need to take steps to identify all types of assets and make an evaluation.
623- After identifying assets, the type and severity of risks associated with each type of asset
should be identified and assessed.
624- The likelihood of occurrence of a risk within one year is called the Annual
www.hrnikkhah.com by : Hamid Reza Nikkhah Page 34
