Which of the following needs to be documented to preserve evidences for presentation in court?
A.
Separation of duties
B.
Account lockout policy
C.
Incident response policy
D.
Chain of custody
Explanation:
A chain of custody should be documented to preserve evidences for presentation in court.
A chain of custody is a documentation that shows who has collected and accessed each piece of
evidence. The documentation must be meticulously prepared including the minutest details (such as
the date, time, location, and the verified identity of every person handling the evidence) so that the
documentation is verifiable. It includes the time of accessing the evidence and the valid reason for
doing so. A chain of custody must be maintained for all evidences in order to maintain the validity of
the evidences.
Answer option A is incorrect. Separation of duties is the concept and a part of an organization’s
policy of having more than one person required to complete a task. It implements an appropriate
level of checks and balances upon the activities of individuals. With the concept of SoD, business
critical duties can be categorized into four types of functions: authorization, custody, record keeping,
and reconciliation. In a perfect system, no person should handle more than one type of function.
Separation of duties helps reduce the potential damage from the actions of one person. As an
organization’s policy it also helps to prevent collusion.
Answer option C is incorrect. Incident response policy is a document that defines an incident and
helps people to respond appropriately to that incident. It provides information about people who
are responsible for handling security incidents and how they can be contacted. The incident
response policy also provides instructions to deal with documenting and disseminating incidentrelated information.
Answer option B is incorrect. Account Lockout policy locks out a user after a specified number of
failed logon attempts. It prevents potential intruders from repeatedly trying different passwords to
guess the correct password for accessing a user account.
The following are policies under Account Lockout:
1.Account Lockout duration
2.Account Lockout threshold
3.Reset Account Lockout counter after
“http://en.wikipedia.org/wiki/Chain_of_custody”