Question 1380 - CISM Certified Information Security Manager

When collecting evidence for forensic analysis, it is important to:

A. ensure the assignment of qualified personnel.
B. request the IT department do an image copy.
C. disconnect from the network and isolate the affected devices.
D. ensure law enforcement personnel are present before the forensic analysis commences.

Correct Answer: A

Explanation:

Explanation:
Without the initial assignment of forensic expertise, the required levels of evidence may not be preserved. In choice B. the IT department is unlikely to have that level of expertise and should, thus, be prevented from taking action. Choice C may be a subsequent necessity that comes after choice A. Choice D, notifying law enforcement, will likely occur after the forensic analysis has been completed.

CISM Certified Information Security Manager

Tag: Question 1380

CISM Certified Information Security Manager – Question1380