A plus 1002 Sub-objective 4.6 – Dumps4shared

A plus 1002 Sub-objective 4.6

A plus 1002 Sub-objective 4.6 – Explain the processes for addressing prohibited content/ activity, and privacy, licensing, and policy concepts.

Click here if you want to go back to the A+ 220-1002 Core 2 Table of Content.

Welcome to ExamNotes by Dumps4shared! In this installment, we will examine Objective 4.6 Explain the processes for addressing prohibited content/activity and privacy, licensing, and policy concepts. We will discuss the issues and procedures surrounding the use of data that is in violation of corporate policies.

Click here for the A+ Practice Test Bundle for A+ Exams 220-1001 & 220-1002

Incident Response

In some cases, violations may be innocent transgressions
attributed to the employee’s misinterpretation of the rules. For others,
violations may be flagrant with legal implications. In either case and regardless
of how one became aware of the violation, it is important to adhere to company
policy in order to ensure proper handling of the situation.

It may be tempting to err on the side of leniency for some
matters. However, this is NOT your decision to make. In the worst case, failure
to report incidents could make you an accomplice. Every company has slight
terminology variations as to what is and is not acceptable use. The fundamental
principles will be the same. For example, every company will have an Acceptable
Use Policy (AUP) that is part of the employment agreement and is also freely
available for employee review. Read it completely and follow it to the letter.

First
response

For any case where you believe there has been a legal infraction
or poor judgment, the incident should be reported as defined by corporate
policy. There is no situation where you would confront the employee directly. Confronting
the employee provides time for the employee to cover up the transgression and
opens the door for unauthorized parties who are not involved in the process to
overhear your discussion. Keep your discussion within the authorized channels.
Your handling of matters involving data breaches will likely be scrutinized by
the legal team, making it important that you follow company guidelines to the
letter. Take clear notes regarding reporting and the actions you take.

Identify

An incident may be identified through personal observation or
through the routine observation of network logs. Log files will uncover
unauthorized personnel accessing restricted data. Immediately document this
behavior and bring it to proper individual(s) for escalation.

Report
through proper channels

Always report strictly to the appropriate parties as indicated
by your organizational Security Policy. The process you follow and the manner
in which you report will be closely scrutinized. Be clear, accurate, and
complete in your reporting.

Data/device
preservation

In cases where there is evidence of foul play or corporate
espionage, the preservation of data is of paramount importance. A forensic team
should be involved in order to securely handle, store, and validate any digital
media. Network logs and MRU lists showing recently accessed documents will
solidify your case. Obtain the services of a forensic expert before you handle
anything. The slightest change could render the evidence inadmissible.

Use of
documentation/documentation changes

Company policies are subject to change in order to keep pace
with the evolving corporate environment. While these policies are easily accessible
by employees, all employees should be notified when a change is made and given
instructions on how to view the updated documentation. For a lengthy document,
the exact change should be explicitly stated in order to prevent employees from
overlooking it.

Chain
of custody

Whenever evidence is necessary to create or support a case, all
records and physical support need to be carefully preserved. This is
accomplished using a form called a Chain of Custody. The Chain of Custody is
designed to allow anyone who comes in contact with the evidence the ability to
record the date/time they come into possession, the actions taken, the release
date/time, and the party it was remanded to. Fill this form out completely
because any mistakes or gaps will render the evidence inadmissible. Sign for
everything you take in possession and obtain signatures from those you transfer
possession to. Any gaps in this process can be interpreted as a point of
evidence corruption.

Tracking of evidence/documenting process

The documentation surrounding the handling of evidence is
crucial in any legal matter and will be subsequently reviewed for completeness
and accuracy. You and all parties concerned in the handling of physical and
digital evidence should be prepared to present accurate, irrefutable records proving
time/date received and what actions were performed. The Chain of Custody and
the Due Care taken for these materials while in your possession are both
incredibly important. Forensics experts should be involved immediately as their
skill set includes the storage and preservation of volatile digital data. They
are capable of recovering the most volatile data such as system RAM as well as
preserving the integrity of storage media by making workable original copies.

Licensing / DRM / EULA

A common infraction involving midsized to large corporations is
caused by employees misunderstanding or disregarding software licensing. While
organizations make every effort to avoid copyright infringement, there are
cases where a careless employee may feel that a special graphics program or a piece
of music will enhance their presentation. The legality of this practice may
come into question, causing financial hardship for the company.  

It falls to the user to carefully read the End User License
Agreement (EULA) before accepting it. The EULA contains clauses regarding the
acceptable use of the product and the ramifications of misuse among other
legally binding matters.

In practice, very few users actually read the agreement and
simply accept it. Blind acceptance is a liability.

Lastly, Digital Rights Management (DRM) protects artists from
having their works used in unauthorized manners. The DRM is digitally embedded
in the media and is aggressively enforced.

What navigating Licensing, DRM & EULA can feel like

Open
source vs. commercial license

Software can be generally classified in two groups: open source
and closed source or commercial license.

For open source (freeware) software, the source code is freely
available and can be modified by subsequent developers providing that any
derivative works remain freely available and there are no fees for its use.
This software is developed by and for a community that values the betterment of
the product over financial reward. The Linux and Android operating systems are
great examples of this philosophy.

Closed source software is commercial for-profit programming that
charges for the use of its programs. Closed source code is closely guarded and
not available. Obviously, use of this programming will be controlled by various
licenses as you will see below.

Personal
license vs. enterprise licenses

When using commercial software, the license is purchased based
on the intended use. Personal use is defined as a single user installing the
product on personal devices in their home. In the corporate environment, products
are usually covered under an enterprise site license that grants use to all
employees. If the software is particularly expensive or if use is confined to a
small group or department, a per-seat license may be more cost effective. This
license limits the installations to a predetermined number of users.

Regulated data

The types of data described below are regulated by the
government and are considered regulated data. Often a healthcare provider will
employ a compliance officer to ensure that all regulations policies and laws
are adhered to. For your test preparation, note the following information.

PII

Personally Identifiable Information (PII) is the information
about a person that would be considered confidential. This includes a person’s full
name, complete address, credit card numbers, date of birth, social security
number, and their health records. Entities that store this information are
subject to strict legally binding guidelines regarding the confidential storage
and dissemination of this information. PII is a high-value target for hackers
who can use this data to create identities, accessing and depleting all assets,
or even falsely creating new lines of credit. Lists containing this information
are easily attainable on the black market.

Don’t release this information without careful consideration.
Something as simple as a job application contains enough information for
someone to deplete an individual’s assets and ruin their credit.

PCI

The Payment Card Industry (PCI) has defined standards to
safeguard credit card information during transmission and storage (where
applicable). Major credit card companies comply with these standards as do the
vendors and retailers receiving the data. Fraud is prevalent and is prevented by
many implemented standards. A vendor may contact the card owner when a
suspicious transaction is attempted.

PHI

Protected health information (PHI) refers to data regarding an
individual’s personal health record. This information is protected by the
government through the Health Insurance Portability and Accountability Act
(HIPAA) which imposes strict penalties for security breaches. Hospitals,
medical practices, medical personnel, and other entities must comply with HIPAA
regulations. Consent will be asked if health information needs to be disclosed.

GDPR

The European Union (EU) has implemented the General Data
Protection Regulation (GDPR) which provides more control over the collection,
sharing, and storage of personal information. It covers data that can uniquely
identify an individual such as their genetic and biometric information, their
name, and their address (physical and IP). The GDPR includes a provision that
the individual be contacted if their information is breached.

Follow corporate end-user policies and security best
practices

Every corporation has security policies regarding the handling of personal and corporate data. Be knowledgeable of these policies and follow them to the letter. Guidelines will also exist covering the handling of PII in certain situations. Treat these as absolute rules with no room for personal interpretation. Your job and someone’s financial well-being can both suffer irreparable damage.

Click here for the A+ Practice Test Bundle for A+ Exams 220-1001 & 220-1002

That’s all for Objective 220-1002 4.6! You are very close to the end. Keep up the good work! Good Luck on the test!

Pass Your IT Certification Exams With Free Real Exam Dumps and Questions

Full Version 220-1002 Dumps