RCR 038: Evidence Collection - CISSP Study and Training!May 27, 2019
Shon Gerber from ShonGerber.com provides you the information and knowledge you need to prepare and pass the CISSP Exam while providing the tools you need to enhance your cybersecurity career. Shon utilizes his expansive knowledge while providing superior training from his years of training people in cybersecurity.
In this episode, Shon will talk about the following:
· CISSP / Cybersecurity Integration – CISSP Recognized
· CISSP Training – Evidence Collection
· CISSP Exam Question – Maintaining Files for Extended Periods / Degradation of Digital Media
Want to find Shon Gerber / Reduce Cyber Risk elsewhere on the internet?
welcome to reduce cyber risk Podcast May 27th 2019 episode 38 welcome to reduce cyber risk podcast where we provide you the training and tools you need to pass the cissp exam while enhancing your cybersecurity career hi my name is Sean Gerber and I'm your host of this action-packed informative podcast join me each week cuz I provide the information you need to grow your cybersecurity knowledge so that you're better prepared to pass the cissp exam all right he all the Sean Gerber gives reduce cyber risk and hope you have a wonderful week this week got some great things planned for you in the cissp training World pretty excited about what's going on in the world today it's can't complain I'm hearing wonderful Kansas and then the Kansas life is good except for we got like 8 gazillion gallons of water constantly raining on us on a daily basis typically in Kansas wheat second route and we get little bits of it but we've gotten so much rain that it is some serious flooding so other than that turn my basement recording this 38 so let's get started the cissp today we typically talk about reduce cyber risk we have three aspects that we get into and it's the cissp cyber security integration cissp training and the exam question today we're going to talk about the cissp certification being recognized globally and buy some big keep aspect around some awards we're also going to get into evidence collection on the cissp training aspect and we're going to get into the maintaining files for extended periods and degradation of digital media as a relates to the cissp exam questions in a recent article that came out by SC media they would recognize is c squared as ass Industries best professional certification program of 2019 so this is pretty cool and the fact that it's integrating the cissp certification and how important it is within the cybersecurity community as well. The ASC awards are considered the big daddy dog Awards out there and they are highly looked upon as industry standards as far as from a testimonial stamp letter from a judging standpoint I should say but basically ends up happening is the judging is done through testimonials industry assessment and additional research they have multiple awards they're giving out to people and one of those Wars is the trust award which is like the best authentication technology and they also have another trust a war that's around best business continuity Disaster Recovery Solutions that is various awards that are set up in Aesop education best business continuity disaster recovery and so on and so forth well the cissp fell under the professional Wars which is the best professional certification program answer this is really a big deal in the fact that it came up as one of the top certification programs out there so if you're studying for your cissp know full well that this is an industry leader as a relay certifications and you guys know that right you wouldn't be taking the test if you didn't understand that around the cissp because of the advancements in cybersecurity training and certification so as we know that this way I know to send April 2018 they made some changes to the CIS C Square made to the cissp training manual and what they did was they made changes based on recent technology changes where the industry's going iot all of those aspects that a Freon from 2 years ago they might be spending the last time it was almost three years ago with the last changed it so much has changed in that. Of time that they had to make changes in April 2018 so again it's really cool that the is c squared is staying on top of that and making changes based on those needs so they also talked about in this article and it came it was in SC magazine as well as in ISC squares blog but it talk about the and the annotated income earning potential for a cissp does the average with an individual with a cissp training is 109000 US dollars a year ear that's pretty substantial that's the average so stretch the imagination so I can see that changes geographic location based on the engine and there's lots of nuances to the interesting part about that though is that it's a hundred and 9,000 for having that certification so you got to really ask yourself I mean you get a four-year degree I know people that spend hundreds of thousands of dollars on a four-year college degree and so you just got to ask that's that is an incredible aspect it's $109,000 is the average salary on the monster.com if you have cissp annotated there's over 9000 job openings just for that kind of certification incredible in there saying you know that the sea is are the thousand job postings with cissp in the job that are requirements that's incredible so you're in a great field you're in a great certification study it's it's awesome it's really really good the other thing they amputated is that the cissp is a big influencer with women in cybersecurity as well so I think that's a great Testament to the certification there's one thing I've noticed being in the IT world is there's not a lot of women in the IT world but I've noticed a lot more of the managerial types or the executive positions it's a great way for women to get into this space so I think it's a cool cool aspect around that so it's a really good on point that was taken on the article some other notable tidbits was that it was a top certification to in 2018 they said his round 17% recommended as a top certification is the cissp 1 closed right behind ccsp which is the certified Cloud security professional which wasn't round 15% so you can see the cissp and the cloud Security Professionals are some really big certifications that are highly recommended so if you're working on your cissp or you got that done iCloud Security Professionals well and that's kind of something, I use as a goal for myself here in the next couple years to focus on that now the upwork skills index they basically rank the cissp as one of the hottest job skills in the US Labor Market okay so that let me get I didn't quite understand this when I read it but it's basically a company that allows you to contract out various capabilities and I've done some stuff on upwork it's a really great tool but would they labeled it as their skills index is that the cissp is that in the hottest Market is one of the hottest job skills to have in the entire us labor market and that's huge the entire us obviously you listen to podcast and your stuff cissp you get it the fact that this is a great certification to have so you know that's that's what's amazing about it and you'll be able to help with reduce cyber risk on my goals to help you with that so we've got skills we've got things on are on the site at reduce cyber risk that will help you with studying for your cissp but the cool part about overdue Severus does as well is to provide you that back in training that just went once you get to cissp and you get that certification we also provide you the skills you need to be successful in the cybersecurity space as a cybersecurity leader and as an executive with in this world so it's it's pretty amazing what you can get with just having that small I mean I say small but having that certification there's also an article on CNBC about two companies your work forces and their teeth turning people into what they wanted into basically learning different aspect and the key part about this I thought was really really amazing is that i c squared does this as well through their professional development Institute called PDI if you are a cybersecurity professional and you are and a member of icy squared a you can have access to their Professional Court development and it's about 30 + courses from gdpr to devsecops you-name-it they've got it and I think it's really important on my wife and I took a little vacation just a little one off but we got done with graduation for my two children that are going off to college and it was an extremely stressful time well we actually ended up going to a bed and breakfast not too far away from us and Marion Kansas little tiny little town in the middle of nowhere but it was awesome little bit AVP for local community college in Kansas City and what they're doing which I think is really cool is they are offering training for underprivileged individuals that are down in the inner city of Kansas City and it's really cool because the fact of in Kansas City there's a population that has to get they basically are they called The Working Poor or they're working two and three job been there done that got the t-shirt and working two and three jobs and trying to basically get by while they're creating training and Automation and other aspects that when they come walking out of this training they can make 40 $50,000 a year what the reason I say all that is because nations of the world has changed where you don't necessarily need a we make some really significant income and there's a lot of opportunities out there for you to learn and get knowledge around Cypress special in cybersecurity to be able to take those skills and work for a company and make some really good money to help you and your family looks really cool I thought I was really my hats off to them and it's a community college in Kansas City Missouri actually Kansas City Kansas but I can't remember the name of it saved my life but it's a really cool idea and so this is what is C square is also similar through their PTI program alright let's roll into my training I got set up for the cissp training we're going to focus on domain 7 of security operations and this is a round evidence collection collection and handling there's some key aspects of and the proper collection of evidence is challenging should only be accomplished with professional technicians at that have been trained in this space the reason I say that is if you goof this up you can run the situation where evidence could be spoiled and could not be useful as a relates to legal action so improper handling of evidence will jeopardize your legal case so it's important that you do this well and you do it very very well honestly it's best to work with a copy of the evidence and not the original documentation or not the original log you don't want to run the risk of messing up your evidence to the point where you can't even use the data anymore and so you should always deal with a copy otherwise if you start messing with the original what could end up happening is is now you go to go to court and they realize you know what this isn't going to work because you have messed with this data and the evidence and now we're in a situation where it won't fly in in a court of law so just be careful around that you also need to have them stand the identification and extraction of the data how to do it properly how to do it from a chain of custody stamp on how to ensure that the data is not is not mess with and it is consistent and solid for your case is also deals with Magnetic media Optical media and memory as well it's just very important that you understand how to get the data out of these individual systems and that's why a third party that does this for a living is extremely important to probably bring them online when you're dealing with trying to collect your evidence within from an event that may have occurred deal with network analysis really depends on the prior knowledge of the event and you need to understand the logs where these come from your in our intrusion prevention system is your flow logs are firewalls all these different laws that are out there and available to you you need to make sure that you have these properly brought in your in analyzing them in a proper way and then you also understand the software analysis rounded I'll looking for back doors logic bombs are other vulnerabilities that may be out there for you within your company so it's important that you analyze these and you look for all of those situations that may affect your company are you may need to review the log files of a application for a better picture and it's important that you get into the application specifically as well but that comes down to understanding what are the different software different software that's in your environment you need to really understand where did the accident potentially the event actually occurred what systems are affected and this to do as include to the Asian now ideally applications will have logs not all applications due new application in many cases didn't have that so it's important that you understand your environment to be able to get the application logs that you can file these in the event that there's an incident you also need to look at your Hardware in embedded device analysis this deals with computers phones tablets you name it and you may have to require expert Consultants do with necessary expertise to help you in that I know of third parties at bring in very specific software to help with analyzing specific phones and iPads and other mobile type devices special you're starting to encryption that becomes a very challenging aspect to be able to understand what is in those systems and how how is the data in there being structured so it's important that you bring on third-party there really is I would not try this yourself especially if you're in the event that you are dealing with an actual incident again I'm not a lawyer don't just take it for what it's worth but I would highly recommend action Yuri really have to have that in help you with your legal moves you also need to have a strong relationship with your legal counsel the Fizz should and should be established prior to doing any of this in and especially before an incident you should have a strong relationship with legal and you also should build a relationship with law enforcement and I recommend that you contact and talk to your legal and your compliance folks around before you contact law enforcement and this should be done before you have an incident the reason I say that is that there's maybe particular ways and I'm not saying don't contact law enforcement not saying that at all but you need to contact your CEO or your main leaders within your company to make sure that the communication that you provide to law enforcement is accurate and to-the-point you need to make sure that they have given some level of conversation around that and you may not as a security person even be the person that would communicate with law enforcement and maybe someone within your legal branch that would deal with that but you need to reach out to clean the council before you have an incentive to understand who is responsible for conducting and talking to law enforcement you may already had this relationship I don't know but it's something to research and understand these introductions are very valuable and important especially after an event would occur techniques of key point about this is that you need to really conductor computers investigations you need a team to do this and I get I can't stress enough bringing in a third party unless you have specifically spelled that out within our Weiser or I should say are our enemies what's your roles responsibilities and expectations of someone within your organization they have that if you had that capability great but ideally a third-party can really help you with these techniques in these investigations are you need to operate under an incident response policy and it's highly recommended that you have a policy in place and you follow that policy as release the incidence Rules of Engagement should be properly to find a when do you bring in law enforcement when do you bring when do you contact legal so on and so forth all of that stuff should be done how do you question employees can you question employees all of those are we should be Define before you have to deal with an investigation big ass but you need to consider as it relates to one the cissp test and two focusing on protecting your company Azure Gathering evidence there are three options as voluntary surrender subpoena and search warrant under voluntary surrender this is will provide evidence based on a request of people will volunteer to give you the information for your comfort or for whatever the investigation is that may or may not happen just depends a subpoena would be a court order by law enforcement would say we need this information and then therefore they must provide sufficient notice as you're getting within the various governments with the Chinese that you you need to keep some of these log data for a. Of time so maybe 30 days so maybe six months but you need to give be aware of that because law enforcement may come to you and say we need this information and you need to be able to provide it saying it I don't have it well is not a good answer is it also wasn't raised to search warrant this is limited only in situations where evidence is needed immediately the judge may say I need this is credible evidence and I'm worried about it being destroyed or lost they then we'll we'll go ahead and issue a search warrant at that point in time again these are based on us laws and your laws May differ based on the country here in but said this is typically how the evidence is gathered rolling the cissp exam questions and a couple of questions I kind of started off with a little bit different avenue focusing on legal requirements and then also on more less the hardware or / the media requirements that the physical devices themselves and when the first question is going to be is what is the highest potential risk for keeping a log files from your computer and network devices within your environment so basically why do you keep them second one is compact disk otherwise known as CDs and DVDs dative date of video discs do not degrade over time and are considered a safe for long-term storage of data to those other two questions focused on log files and storing them and also for what is the protection of the DVDs and CDs will come back and be addressing what is the highest potential risk for keeping log files from computer network devices within your environment so number a orange number a letter A let her be consume large amounts of storage c letter C continuous increasing storage cost none of the above all right so that's question one question compact discs and DVDs are otherwise known as data video disc do not degrade over time and are considered safe for long-term storage of data or false let's find out okay so you're dealing with the log files and maintain Loft violin within your environment there are lots of reasons not to keep log files too long and they're the really what it comes down to is that the log files themselves need to be kept for a. Of time to help you from a breach environment but the longer you keep these log files they do take up storage are they meant the cost of extra storage is going downstairs not really going up but they do take up storage and that doesn't increase cost and for keeping log files even though they are flat files which word means are very small the cost doesn't continue to climb and doesn't cost a lot of money so you really need to understand what is the important and should you be keeping those files and how long should you be keeping those files also regulatory requirements that may force you to keep them anywhere from 3090 maybe even six months education at large it's a hundred eighty days you may have to keep them for that. Of time but keeping them longer than that honestly is just wasteful unless you have some sort of requirement that you have to do that the best explanation which is always the way these work on the cissp exam is it subject to Legal discovery so now you're dealing with the the various aspects around your log files if you keep log files for a. Of time they can be reliable for legal discovery which means if you get sued you can have to turn those things over now is that a bad thing maybe maybe not however having a log files on file that are just sitting out there all kinds of things can go bad with this so I say that also from a security guy who says you need to have log files because without the Lowe files it's really hard to catch the bad guy but you need to make sure that you have a proper plan in place on how to deal with those specific files you don't want to keep him too long but you want to keep him well enough so it's like the answer it depends 2 as a relates to CDs and DVDs be false is the answer why is that well CDs and DVDs will degrade over time and they are not a good storage media for long periods of time which reminds me I've got some DVDs sitting in a safety deposit box which should probably turn to dust right now so that's interesting part about DVDs and CDs so the scenario is basically comes down to is you got a bunch of CDs that are sitting in your box in your office and they're got all kinds of date on it right and you think about if I just keep these Rascals for the next 5,000 years they'll be just fine nothing's going to happen interesting study for me I was not aware of all as I knew they degraded but I didn't really realize to what extent that you created and why did he created CD like you're basically your data CD in the past he's used to have a lot more data on now people just put the stuff on DVDs with a C compact disc is basically got at the lacquer and aluminum and plastic all wrapped into one sounds quite tasty. Not really but basically what it is it's an aluminum sheet and lacquer that is a protective coating on the front of it in this reflected aspect when the laser reads it is what ends up having to the kickback with that data is right so that one's and syrup what does lacquer this front face of this on this plastic disc this laughter is very soft and it also will Road overtime and not a road by water stamp point but what it does is it reacts to oxygen sulfur and scratching and when you scratch these DVDs you now breakthrough that lacquer finish and when you break through that finish aluminum will oxidize really really quickly and it's just one of those things work it'll actually end up making your CD worthless at over a very quick. Of time I got this from Wikipedia is that each type of optical disk has different suspect suspect the subtlety greige kitchen susceptibility then that until therefore they will range in the effects of from these different outside environment this made of gold are less vulnerable but they're also way more and having a gold disc as far as music artists not far DVD how do you get signs and they called disc rot they'll what will happen is what time goes on these things will start to show their their age and then they will have holes and several pin prick holes that will sit inside that you can actually look right through the the CD itself so those are considering considerations for you as you're looking at CDs and whether not you should keep the data on there for a long. Of time DVDs these are different structure The Inn at themselves and they have a plastic disc over the reflective layer instead of lacquer so these things will last longer now again same thing that it will vary from company to company and from DVD to DVD but you need to look at that and be considering which is the best option for you and if you are put yourself on CDs don't consider long-term solution still so that the big Point around that is is that DVDs are probably better than CDs but you should consider other storage options when you're dealing with anything of worth any value for you alright so here's the links i c squared training guide SC magazine we got some great stuff there about the awards are us that cssp is getting a c squared information security certifications training as well get him to talk about the stuff that we've given you on the cissp training and then finally Wikipedia all right hope you have a great day check me out online there for you and I hope to catch you on the flip side thanks so much for joining me today on my podcast if you like what you heard please leave a review and iTunes is I would greatly appreciate your feedback also check out my cissp videos that are on YouTube just search for Sean at Shon Gerber and you'll find out is the exam Lashley head over to reduce cyber risk and look at the Cornucopia of free cissp materials available do all my email subscribers thanks again for listening
Stay connected with news and updates!
Join our mailing list to receive the latest news and updates from our team.
Don't worry, your information will not be shared.
We hate SPAM. We will never sell your information, for any reason.