1 hour 4 minutes
in this course, we covered a lot of topics, such as methods for naming both cases and evidence related to them
recovered. Why it's important to choose a naming convention that results in unique, easily understood and scalable names for cases and evidence. We also talked about the benefits off naming evidence in such a way as to also record metadata for that evidence in the evidence name.
We talked about JANA custody why this is required for enterprise security and how it is useful during legal proceedings, especially in cases that end up in court. We talked about the things that need to be recorded within a chain of custody,
how that chain of custody can affect the integrity of the evidence you collect and the negative effects that can occur if you have an incomplete chain of custody.
We covered evidence examination forms and the minimum record keeping requirements related to those forms.
We covered also what needs to be contained within those forms, who should record that information and what to do with the forms Once an enterprise security case has completed or has finalized,
we talked about contemporaneous notes who should take notes, why they're important and what they should contain. At a minimum,
we talked about a suggested structure of the story in case evidence and data. We talked about why that structure is important, especially in multi function teams we talked about and covered different methods off data storage, such as internal to a forensic system talked about now as devices for network tax storage.
We also talked about cloud storage and the benefits and challenges that brings to our industry.
We talked about encryption off physical storage media so that if the hard drive or a laptop is lost, we don't end up in a nasty situation.
Part of the course talked about data retention specifically as it relates to enterprise security case management,
as well as the risks associated with retaining data for long periods of time and the stories requirements related to data retention.
On the back of that, we talked about data destruction processes,
how to securely erase data and when to raise that data.
We also discussed the importance of backing out case data timeframes four data backup. We talked about the differences between full, incremental and differential backups, as well as the storage media and requirements that are related to back up.
We talked about as well. The factors which might affect the priority and severity often incident. We contrasted and compared impact versus urgency as it relates to events and incidents. We also talked about incident priority matrices and how to determine what priority or severity level. A particular incident should be classed as
recovered defining deadlines in relation to incident severity, which included a discussion about SLS or service level agreements. And we covered how to report on those s always after incidents have been completed.
We discussed how to define an escalation workflow within your organization and to stakeholders who must be involved at each level off case management. Finally, we discussed the CIA triad and the principle of least privilege, and we also discussed separation of duties.
So I hope that this course was useful to you.
I hope that there was a lot that you were able to learn and glean from the course,
and I hope that you're able to take this knowledge back to your organization and implement new policies and procedures and guidelines again. If you have any questions or any queries, feel free to follow up with me and connect on LinkedIn. Otherwise, thank you for watching
Enterprise Security Case Management
In this online course about Enterprise Security Case Management, you will learn about tools and techniques which help cybersecurity practitioners manage evidence and related case data to preserve their integrity.