Explain the four general tasks that may play a role in recovering from security incidents.

CH5R1: Explain the four general tasks that may play a role in recovering from security incidents.

CH5R2: Describe the basic requirements evidence must meet to be used in legal proceedings.

CH5R3: List and explain the three general categories of legal systems used in the world. Give an example of each.

CH5R6: Does an employer in the United States have an unconditional right to search employee desks or lockers on company premises? Why or why not? Is there a way by which the employer can legally perform such searches?

CH5R7: Describe the three steps an investigator performs when collecting forensic evidence.

CH5R8: Is it better to perform a clean “shut-down” or simply pull the plug when collecting a computer as evidence?

CH5R9: Explain how an investigator can examine a hard drive and still convince a court that the examination is based on the information residing on the drive when the suspect last had possession of it.

CH5R15: What is Moore’s Law?

CH6R1: Explain the difference between authentication and authorization.

CH6R2: Describe the general steps taken during the authentication process.

CH6R3: Identify and describe the three basic authentication factors.

CH6R12: Why might it improve security to make users change passwords periodically? What problems arise when passwords are changed periodically?

CH6R17: Describe some biases that cause passwords to be more vulnerable to attack than they might be if they were completely random.

CH6R25: Explain how biometric systems are vulnerable to the five generic attacks on authentication systems.

CH7R2: Outline the symmetric encryption process and explain the components involved in the process.

CH7R3: What is cryptanalysis? Give an example of a cryptanalytic problem.

CH7R4: Describe how a simple substitution cipher works, like the Caesar cipher.

CH7R5: Describe the components of a digital stream cipher.