Computer security incident response team (CSIRT):Write a policy to ensure all evidence is collected and handled in a secure and efficient manner.
Computer security incident response team (CSIRT)
Ken 7 Windows Limited has decided to form a computer security incident response team (CSIRT). When making any security-related changes, they know the first step is to modify the security policy. As a security administrator, you have been assigned the responsibility of developing a CSIRT policy that addresses incident evidence collection and handling. This policy will guide CSIRT team members in developing procedures on proper techniques in handling evidence. The goal is to ensure all evidence collected during investigations is valid and admissible in court.
You will write a policy to ensure all evidence is collected and handled in a secure and efficient manner. All procedures and guidelines will be designed to fulfill the policy you create.
Answer the following questions for collecting and handling evidence:
1. What are the main concerns when collecting evidence?
2. What precautions are necessary to preserve evidence state?
3. How do you ensure evidence remains in its initial state?
4. What information and procedures are necessary to ensure evidence is admissible in court?