Page 1377 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1377
Summary
Information security professionals must be familiar with the
investigation process. This involves gathering and analyzing the
evidence required to conduct an investigation. Security professionals
should be familiar with the major categories of evidence, including
real evidence, documentary evidence, and testimonial evidence.
Electronic evidence is often gathered through the analysis of
hardware, software, storage media, and networks. It is essential to
gather evidence using appropriate procedures that do not alter the
original evidence and preserve the chain of custody.
Computer crimes are grouped into several major categories, and the
crimes in each category share common motivations and desired
results. Understanding what an attacker is after can help in properly
securing a system.
For example, military and intelligence attacks are launched to acquire
secret information that could not be obtained legally. Business attacks
are similar except that they target civilian systems. Other types of
attacks include financial attacks (phone phreaking is an example of a
financial attack) and terrorist attacks (which, in the context of
computer crimes, are attacks designed to disrupt normal life). Finally,
there are grudge attacks, the purpose of which is to cause damage by
destroying data or using information to embarrass an organization or
person, and thrill attacks, launched by inexperienced crackers to
compromise or disable a system. Although generally not sophisticated,
thrill attacks can be annoying and costly.
The set of rules that govern your personal behavior is a code of ethics.
There are several codes of ethics, from general to specific in nature,
2
that security professionals can use to guide them. The (ISC) makes
the acceptance of its Code of Ethics a requirement for certification.
