Introducing
Prezi AI.
Your new presentation assistant.
Refine, enhance, and tailor your content, source relevant images, and edit visuals quicker than ever before.
Trending searches
Loading…
Evaluating Findings
237
Transcript
Evaluating Findings
Ensuring Evidence is Relevant
Ensuring Evidence is Relevant
- Not all evidence provided of an attack is actually part of the cause.
- A user connecting a random USB to a computer might be the cause of a malware infection, but it may not.
- Similarly, something may be flagged as malware, but it may be a false positive.
- You should carefully consider the evidence before deciding if it is relevant to the attack and make your conclusions and recommendations.
Evaluation of the Findings
Evaluation of the Findings
- When evaluating your findings you should consider whether or not the findings:
- Provide Evidence of a Crime and/or an Incident - Was there actually an incident at all? Does the evidence support this?
- Show the System has been Externally/Internally Compromised - How was the system compromised? Was it an internal or external attack?
- Strong Support One Possible Cause - There may be multiple possible explanations. Does the evidence back one cause more than any other?
Making Recommendations
Making Recommendations
- We need to make recommendations to prevent security incidents from reoccurring.
- This will involve advising for improvements in three possible areas:
- The Content of Cyber Security Documentation – Do our policies and agreements actually miss key procedures that should be followed?
- Adherence of Cyber Security Documentation – Are employees following procedures and how can we ensure they do in future?
- Security Protection Measures – Are there any physical/hardware/software protection measures missing that would improve the business security?
Choose a template
Learn more about creating dynamic, engaging presentations with Prezi