Prohibited Content, Privacy, Licensing, & Policy Concepts | CompTIA A+ 220-1002 | 4.6

In this video you will learn about incident response, licensing/DRM/EULAs, & regulated data.

Prohibited Content

As it directly relates to the process of incident response, prohibited content and activity can be defined as follows:

  • Any content stored on a company-owned or company-managed computer, mobile device, or network that is contrary to organizational policy.
  • Any activity performed or received by a company-owned or company-managed computer, mobile device, or networks that is contrary to organizational policy.

Incident Response

An incident is an event that could lead to loss of, or disruption to, an organization’s operations, services or functions. Incident response is a term describing the activities of an organization to identify, analyze, and correct hazards to prevent a future re-occurence.

First Response

The first step of the incident response process is identifying exactly what happened to determine if the incident needs to be troubleshooted at your level or escalated to a higher level to handle the incident. The next step is to report the incident through the proper channels followed by taking steps to ensure that the data/device is preserved. Preserving the data or device could mean actions like making backups of the computer’s image or simply leaving the device as-is and waiting for a computer forensics expert to examine the machine & collect evidence.

Documentation

Thorough documentation is your friend. It is important that you record any and all details related to the incident, even if you have to write the information down on a piece of paper or snap pictures. Documentation should include any processes, procedures, and user training that might be necessary to avoid a similar incident in the future.

Chain of Custody

Chain of custody, in legal contexts, is the chronological documentation or paper trail that records the sequence of custody, control, transfer, analysis, and disposition of materials, including physical or electronic evidence. The chain of custody should be initiated at the start of any investigation & should include the tracking of evidence/documentation process, who has custody of the evidence at any given time, & the verification that the evidence has not been modified or tampered with.

Licensing

A software license is a legal instrument (usually by way of contract law, with or without printed materials) governing the use or redistribution of software.

Software licenses that you need to become familiar with are:

  • Digital Rights Management (DRM)
  • End-User License Agreements (EULAs)
  • Open source vs. commercial licenses
  • Personal license vs. enterprise licenses

DRM

Digital rights management is an access control technology for restricting the use of proprietary hardware and copyrighted works. DRM technologies try to control the use, modification, and distribution of copyrighted works (such as software and multimedia content), as well as systems within devices that enforce these policies. In layman’s terms, DRM limits the end user’s rights to copy, transfer, or use software or digital media. An example of DRM is the limits on the number of systems that can use an application at the same time, such as Adobe Creative Cloud or Microsoft Office 365.

EULA

An end-user license agreement is a legal contract entered into between a software developer or vendor and the user of the software, often where the software has been purchased by the user from an intermediary such as a retailer. A EULA specifies in detail the rights and restrictions which apply to the use of the software.

Open Source & Commercial Licenses

Open source software is a type of computer software in which source code is released under a license in which the copyright holder grants the rights to use, study, change, and distribute the software to anyone and for any purpose, too include being sold. However, open source licenses require that the sellers of open source software not limit the rights of purchasers to use, change, or share the software.  The Linux operating system is an example of open source software that is available in a variety of system distributions (known as “distros”).

Commercial software is a computer software that is produced for sale or that serves commercial purposes. Most commercial software other than open source can be called β€œclosed software”. Microsoft Windows, Apple macOS, & Adobe Creative Cloud are examples of commercial software. Unlike an open source license, commercial licenses do not cover source code (the instructions used to make the software) & limit how licenses can use object code (the program).

Personal vs. Enterprise Licenses

A personal license is an option for private individuals who purchase a software license with their own funds, & solely for their own use. Personal licenses are not be purchased, refunded or in any way financed by companies. Essentially, these licenses limit the use of the software to one or a very small number of computers in the same household.

An enterprise license usually permits unlimited use of a product or system throughout an enterprise, although some limitations and restrictions may apply. An enterprise license eliminates the need to register a software program every time it is installed on a new device or used by a new person in the enterprise. Enterprise licenses differ from personal software licenses by:

  • Includes management and security features designed for the enterprise.
  • Different rules for software upgrades than personal-licensed software.
  • May be licensed per seat, per device, per processor, or in other ways.
  • Some personal software licenses, such as for Microsoft Office Home & Student, are specifically restricted from being used in business.

Regulated Data

Regulated data is data that requires specific privacy and security safeguards as mandated by federal, state, local law, and/or organization policy or agreement. Four types of data are regulated and must be protected by network administrators:

  • PII:  Personally identifiable information is any information relating to an identifiable person such as: name, address, driver’s license number, social security number, etc.
  • PCI:  Payment Card Industry standard is an information security standard for organizations that handle branded credit cards from the major card schemes to protect credit card holders’ data such as: card numbers, address, & credit information.
  • GDPR:  General Data Protection Regulation is a regulation in EU (European Union) law on data protection & privacy to include protecting data such as: health, biometrics, genetic information, and criminal history.
  • PHI:  Protected health information under the US law is any information about health status, provision of health care, or payment for health care that is created or collected by a Covered Entity, and can be linked to a specific individual.

Any organization that holds or uses this type of information has responsibility for protecting it from identity thieves.