all right now, moving on to the category of forensics. Forensics is different than incident response. Although there's a lot of overlap. Forensic takes responding to an incident a step further because now what we're assuming is we're collecting evidence
in such a way that we're able to admit it into a court of law.
So the primary purpose, really a forensics, if you will, is gathering evidence in such a way that we can get a prosecution, a successful prosecution of a crime. So we think about forensics in relation to network activity,
UH, evidence collection on particular systems, or as a result of what's happening with certain applications.
And once again, the key is preparation and training ahead of time. There would not be one single person responsible for for forensics. We would generally classify them into different teams. Teams that work with specific systems or the network is a hole.
How we respond to data breaches needs to be documented. Um, you know, things like privacy having a well written policy in place, how we protect our data, how it's it's encrypted, whether it's encrypted at rest, encrypted in transit across the network.
that information. Um,
what steps are required? You know, things as basic is requiring our users toe log off of the system rather than just walking away. That effects the privacy of my data, and that's an important piece. So we need a well defined policy.
Another idea with protecting our data is called minimization.
If I don't store it, you can't compromise. It is kind of the idea. They're so minimizing the amount of information we keep. The more information I keep, the more I have to. I have to protect from a legal perspective.
For instance, if you think about personally identifiable information is often referred to his P I information, that's any information that can lead someone to contact you. Your phone number, your address. Your Social Security number is considered to be P II and sometimes, like as uh, maybe a bank,
I might ask you the last four of your Social Security number.
Well, the reason I asked you for the last four of your social is that's all life store, because I don't have the same requirements for how I have to protect the last four digits of your Social Security number. I don't have the same requirements that I would have our storing your entire Social Security number.
So let me choose a very small amount that I can still use for security purposes
without having to be liable for that information. A minimizing what we store because what I store. If I don't store it, I can't lose it. I can't be susceptible to a compromise.
And then, of course, we have mitigation strategies and response strategies in place, ultimately with the goal of recovery.