Show:
E Discovery
Cloud Computing
Data Handling, Transfer & Storage
Privacy
More E Discovery
100
What people are responsible for preserving data needed for litigation?
What is we all are or more specifically anyone named by legal as relating to the case.
100
The great thing about cloud computing vendors is that all the risk can be transferred to them because they will be handling the bulk of the work. True or False?
What is False. Some risks can be transferred, but not all.
100
If data moves from one country to another, no privacy concerns need to be considered unless a third party vendor is the one facilitating the transfer. If Nielsen is handling the transfer, it can be completed securely with no additional analysis. True or False?
What is False. Any time data with certain classifications moves across a border, this can trigger specific privacy laws and needs evaluation.
100
A Data Controller can be: • an individual •an organization • an other corporate and unincorporated bodies of persons or all of the above.
What is all of the above.
100
What team lets Security know a legal case has been started? DAILY DOUBLE: Who notifies Security that a litigation matter has been closed?
What is Legal. Who is Legal.
200
How long does data have to be retained for a case?
What is until the case is closed
200
What company coined the word 'cloud computing'? DAILY DOUBLE: What city were they based in?
What is Compaq, based in Houston, TX.
200
Vendors that store Nielsen information will be required by contract to know and adhere to all regulatory requirements. True or False?
What is False. Many vendors will be required to adhere to certain laws or regulations, but they may not know what data is being stored, so they cannot be required to adhere to everything.
200
This war caused the employee privacy laws in most European countries.
What is WWII.
200
Mailboxes put on hold for litigation are under what type of hold?
What is Lit Hold.
300
This form shows who handled a piece of physical evidence like a laptop.
What is a Chain of Custody.
300
There are three types of clouds, name them.
What is public, private and hybrid.
300
What contract term MUST be included in a multi-tenancy storage provider contract? -Indemnity -List of stricter controls or -The ability to terminate the contract?
What is a list of stricter controls should be included in the contract (per policy).
300
This process gives managers access to a departed employee's mailbox
What is Access Request.
300
One member of each of these teams need to approve employee mailbox access
What is Security and Legal Privacy.
400
What type of litigation is the most common at Nielsen?
What is wrongful termination.
400
A malicious insider can do great damage if they are able to get into a cloud computing environment. What is something we do to ensure this does not occur? -We do a pen test or VA scan on each vendor to evaluate their security stance. -We require a Nielsen attorney to sign off on each vendor after a security vetting. -We can ask questions during the vendor evaluation process and add contract terms if necessary.
What is we can ask questions during the vendor evaluation process and add contract terms if necessary.
400
When we are finished with a vendor, how should they handle the data deletion? -Requiring deletion to a NIST standard -Requiring destruction to a NIST standard, -Requiring deletion terms that will be comparable with the level of risk in the contract and with the data.
What is requiring deletion terms that will be comparable with the level of risk in the contract and with the data.
400
What type of Information is protected by the Data Protection Act?
What is it regulates the use of “personal data”.
400
This tool creates mailbox PST files from mailboxes on hold
What is the O365 compliance center.
500
When a Security Team Investigator needs to access a employee mailbox who do they need to contact first?
What is a Legal Team member that specializes in Privacy for the country in question.
500
If a cloud provider's services will be subtracted out, this will automatically bar them from being a vendor of Nielsen's. True or False?
What is False. While the risks are greater, we can compensate for this usually by adding more requirements into the contract.
500
If we are investigating a breach, how do we ensure we have access to a cloud provider's environment? (choose two) -Require cloud provider and vendor to sign contract -Require VPN access into cloud environment -Hold the vendor and cloud provider personally liable for damages.
What is require cloud provider and vendor to sign contract.
500
What is the definition of a Data Controller?
What is a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.
500
These 2 tools are used to search forensic images
What are EnCase or FTK.