55 lines
1.2 KiB
Markdown
55 lines
1.2 KiB
Markdown
# OPS-6: Policy, Privacy, and Licensing
|
|
|
|
Status: not started
|
|
|
|
Domain:
|
|
- 4.0 Operational Procedures
|
|
|
|
Objective alignment:
|
|
- 4.6 Policy, privacy, licensing, and incident handling
|
|
|
|
## What You Need To Know
|
|
|
|
Policies tell technicians what they are allowed to do and what must be protected.
|
|
|
|
Incident response concepts:
|
|
- Chain of custody
|
|
- Informing management or law enforcement when required
|
|
- Drive copies for integrity and preservation
|
|
- Documentation
|
|
- Order of volatility
|
|
|
|
Policy and privacy concepts:
|
|
- Valid licenses
|
|
- DRM
|
|
- EULA
|
|
- Perpetual licensing
|
|
- Personal vs. corporate licensing
|
|
- Open-source licensing
|
|
- NDA and MNDA
|
|
- Regulated data
|
|
- Data retention
|
|
- Acceptable use policy
|
|
- Compliance
|
|
- Splash screens and login banners
|
|
|
|
## Memory Trick
|
|
|
|
Use **C-D-P-L**:
|
|
|
|
- **C**hain of custody
|
|
- **D**ata privacy
|
|
- **P**olicies
|
|
- **L**icensing
|
|
|
|
Shortcut:
|
|
- **Policy decides what you can touch, copy, disclose, and install.**
|
|
|
|
## Exam Clues
|
|
|
|
- Chain of custody tracks evidence handling.
|
|
- Order of volatility means collect the most temporary evidence first.
|
|
- EULAs define software use terms.
|
|
- Open-source does not mean no license.
|
|
- Regulated data may require special handling and retention.
|
|
|