Investigation: systematic or formal process of inquiring into or researching, and examining facts or materials associated with a matter.
Source: ISO/IEC 27035-3:2020 Information technology — Information security incident management — Part 3: Guidelines for ICT incident response operations
Evidence: Grounds for belief or disbelief; data on which to base proof or to establish truth or falsehood.
Note 1: Evidence can be objective or subjective. Evidence is obtained through measurement, the results of analyses, experience, and the observation of behavior over time.
Note 2: The security perspective places focus on credible evidence used to obtain assurance, substantiate trustworthiness, and assess risk.
Source: NIST SP 800-160 Vol. 1
Evidence: information supporting the occurrence of an event or action.
Note 1 to entry: Evidence does not necessarily prove the truth or existence of something but can contribute to the establishment of such a proof.
Source: ISO/IEC 13888-1:2020 Information security — Non-repudiation — Part 1: General
Forensics: The practice of gathering, retaining, and analyzing computer-related data for investigative purposes in a manner that maintains the integrity of the data.
Source: CNSSI 4009-2015
Digital forensics: In its strictest connotation, the application of computer science and investigative procedures involving the examination of digital evidence – following proper search authority, chain of custody, validation with mathematics, use of validated tools, repeatability, reporting, and possibly expert testimony.
Source: CNSSI 4009-2015 from DoDD 5505.13E
Forensic science: The use or application of scientific knowledge to a point of law, especially as it applies to the investigation of crime
Source: NISTIR 8006 from SWDGE v2.0
Forensic copy: An accurate bit-for-bit reproduction of the information contained on an electronic device or associated media, whose validity and integrity has been verified using an accepted algorithm.
Source: CNSSI 4009-2015 from NIST SP 800-72
- 調查(investigation): 為深入了解特定人,事,物等事實, 所採行之正式而系統化的探詢, 查驗及研究.
- 證據(evidence): 可以支持或證明某一事件、行動或判定事實真假之資訊.
- 鑑識(forensics): 為法律檢調之目的所採行之證據採集, 保存及分析等作為.
I added two arrows to connect the dots:
- the arrow from security controls to engineering suggests security controls are implemented in engineering projects.
- the arrow from engineering to security operations to depict the one-time engineering investment turning into sustainable/persistent value creation.
~ Jessica, CISM, 暫時通過CISSP考試
~ 王建翔 (Dennis Wang), CISSP, MCSE
這是一個講求結果、成敗論英雄的世界。專案成敗有客觀的定義，也有主觀的感受。客觀的範圍、時間、成本目標可量化，質化的專案目的(purpose) 及需要(needs) 難衡量。專案客觀達標，但主觀感受未被滿足，可能也會變成無效努力。專案分做事(management)跟作人(leadership) 二個部分，各有不同的方法(approach)及風格(style).
Service-oriented architecture (SOA) can be fulfilled by web services or Microservices. The web services approach leads to the SOA, while the microservices architecture is an extension to the SOA. Enterprise application integration (EAI) based on SOA typically implements a shared enterprise service bus (ESB) for enterprise applications to exchange messages. Microservices are hosted in one or more containers collaborating under the orchestration of Google Kubernetes (K8S), Docker Swarm, or Apache Mesos.Continue reading