Page 1378 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1378
Exam Essentials
Know the definition of computer crime. Computer crime is a
crime (or violation of a law or regulation) that is directed against, or
directly involves, a computer.
Be able to list and explain the six categories of computer
crimes. Computer crimes are grouped into six categories: military
and intelligence attack, business attack, financial attack, terrorist
attack, grudge attack, and thrill attack. Be able to explain the motive of
each type of attack.
Know the importance of collecting evidence. As soon you
discover an incident, you must begin to collect evidence and as much
information about the incident as possible. The evidence can be used
in a subsequent legal action or in finding the identity of the attacker.
Evidence can also assist you in determining the extent of damage.
Understand the eDiscovery process. Organizations that believe
they will be the target of a lawsuit have a duty to preserve digital
evidence in a process known as electronic discovery, or eDiscovery.
The eDiscovery process includes information governance,
identification, preservation, collection, processing, review, analysis,
production, and presentation activities.
Know how to investigate intrusions and how to gather
sufficient information from the equipment, software, and
data. You must have possession of equipment, software, or data to
analyze it and use it as evidence. You must acquire the evidence
without modifying it or allowing anyone else to modify it.
Know the three basic alternatives for confiscating evidence
and when each one is appropriate. First, the person who owns
the evidence could voluntarily surrender it. Second, a subpoena could
be used to compel the subject to surrender the evidence. Third, a
search warrant is most useful when you need to confiscate evidence
without giving the subject an opportunity to alter it.
Know the importance of retaining investigatory data. Because
