Evidence Integrity – It is vital that the evidence’s integrity cannot be questioned. We do this with hashes; any forensics is done on copies and never the originals. We make a bit level copy of the original, hash it, and the copy should match. We do another hash after the forensics, and that should be the same as the prior two.

Discovery (planning): Finding the vulnerabilities, design the attacks.

One-Time Pad: Cryptographic algorithm where plaintext is combined with a random key. It is the only existing mathematically unbreakable encryption. While it is unbreakable it is also very impractical. It has ONE use per pad; they should never be reused. Characters on the pad have to be truly random. The pads are kept secure.

Multifactor authentication uses authentication from more than one factor (something you know, are or have). Passwords and usernames are not multifactor, they are both knowledge factors.

The CIA (Confidentiality, Integrity, Availability) Triad: Confidentiality - We keep our data and secrets secret. Integrity - We ensure the data has not been altered. Availability - We ensure authorized people can access the data they need, when they need to.

Static testing - Passively testing the code, it is not running. This is walkthroughs, syntax checking, and code reviews. Looks at the raw source code itself looking for evidence of known insecure practices, functions, libraries, or other characteristics having been used in the source code.

Unstructured audits: Internal auditors to improve our security and find flaws, often done before an external audit.

Digital forensics should always be done on bit level copies of the original, never the original.

Disaster: Our entire facility is unusable for 24 hours or longer. If we are geographically diverse and redundant we can mitigate this a lot. Yes, a snowstorm can be a disaster.

MAC - (Mandatory Access Control) is system-enforced access control based on a subject’s clearance and an object’s labels.