Tip:
Highlight text to annotate it
X
Unfortunately in today's computer networks, you may
find yourself in a position of identifying people that may
not be doing appropriate things based on
your company policies.
Or in some cases, they may be doing things that
are actually illegal.
And in those situations, you may be tasked with both
identifying and resolving these types of issues.
One of the first things is identifying the problem to
begin with.
And that will be the first response to the issue.
You may have logs that are identifying the inappropriate
use on the network.
You may be seeing this information in person on
someone's desktop, or there may be data that you can
monitor going over the network that identifies the
inappropriate use.
When these types of circumstances arise, it's your
responsibility to gather all of this information and
protect it.
You want to get logs that you might have.
You want to go to all your different data sources and
gather as much information as possible relating to that
particular event.
At that point, you're reporting
to the proper channels.
This isn't something that you'll handle on your own.
You'll almost always be required to involve many
different parts of the organization.
And you need to make sure you are able to do that as quickly
as possible.
Without having a documented security policy, it's almost
impossible to know what might be deemed appropriate and what
might be deemed inappropriate.
So you want to make sure that you document
every part of that.
And usually, it's your security department that's
handling putting together the exact security policies for
your organization.
The documentation also has to be made available.
It's no good unless people are able to read and understand
exactly what's expected of them when they're using the
network at your organization.
And, of course, these things are in constant change.
Security policies never stay the same.
So you want to be sure, of course, that it is being
updated constantly, there is a process in place, and that
everybody has access to exactly that information.
Because you're the one who has access to the data, you're
also going to be expected to keep all of that data safe.
You'll have a chain of custody from the moment you grab that
information all the way until you're finished using that
information.
So you want to make sure that whatever you do with it,
you're able to make sure that it is not changed.
It's not modified in any way, and that only certain people
have access to those details.
You'll also want to be sure that you document everybody
who has access to that data.
Not only will you have a backup of that information,
but you want to put methods in place so that that information
is not tampered with.
You don't want people either deleting information
accidentally or on purpose.
And it's very common to take hashes of information so that
you can compare the data the day you got it verses looking
at the data three months later.
Documentation is really the key.
All of these logs and the data that you're gathering is going
to make the determination on whether this was inappropriate
or not inappropriate.
And, therefore, you not only need to collect the data but
store it somewhere safe.
Make sure that no one can get access to that information or
tamper with any of that data.
It's very common to make digital signatures and hashes
of everything so that when you look at this data later, you
can verify that it is exactly the data that you
gathered on day one.