Select Page

Learning Goal: I’m working on a cyber security question and need an explanation and answer to help me learn.
Assignment Instructions:
Using Word or a Word-compatible word processor, submit the following deliverables. For written responses, each answer should be 350-400 words (2-3 nice paragraphs/about a page) at a minimum, well-written, and cover the topic fully. Use a standard 12-point font (Calibri preferred), double-space, and use 1” margins all around. If you use information found outside of the text in your answer (this is highly encouraged), cite your source(s). Make sure to number your answers appropriately. If you are skipping an answer, number as usual and note “No Answer” or “Question skipped.”
Assignment Overall Scenario:
Assume you are an entry-level security administrator working for Always Fresh. Always Fresh Foods Inc. is a food distributor with a central headquarters and main warehouse in Colorado, as well as two regional warehouses in Nevada and Virginia. The company runs Microsoft Windows 2019 on its servers and Microsoft Windows 10 on its workstations. There are 2 database servers, 4 application servers, 2 web servers, and 25 workstation computers in the headquarters offices and main warehouse. The network uses workgroups, and users are created locally on each computer. Employees from the regional warehouses connect to the Colorado network via a virtual private network (VPN) connection. Due to a recent security breach, Always Fresh wants to increase the overall security of its network and systems. They have chosen to use a solid multilayered defense to reduce the likelihood that an attacker will successfully compromise the company’s information security. Multiple layers of defense throughout the IT infrastructure makes the process of compromising any protected resource or data more difficult than any single security control. In this way, Always Fresh protects its business by protecting its information.
After the recent security breach, Always Fresh decided to form a computer security incident
response team (CSIRT). As a security administrator, you have been assigned the responsibility of
developing a CSIRT policy that addresses incident evidence collection and handling. The goal is
to ensure all evidence collected during investigations is valid and admissible in court.
Consider the following questions for collecting and handling evidence:
1. What are the main concerns when collecting evidence?
2. What precautions are necessary to preserve evidence state?
3. How do you ensure evidence remains in its initial state?
4. What information and procedures are necessary to ensure evidence is admissible in
Create a policy that ensures all evidence is collected and handled in a secure and efficient
manner. Remember, you are writing a policy, not procedures. Focus on the high-level tasks, not
the individual steps.
Address the following in your policy:
• Description of information required for items of evidence
• Documentation required in addition to item details (personnel, description of
circumstances, and so on)
• Description of measures required to preserve initial evidence integrity
• Description of measures required to preserve ongoing evidence integrity
• Controls necessary to maintain evidence integrity in storage
• Documentation required to demonstrate evidence integrity