2.01-Review Organizational Processes and Conduct a site survey
Task understand Legal authorities and regulatory constraints, including privacy and civil liberties obligations¶
Conditions¶
Standards¶
The IR Team should gather information from the mission owner (and Network owner) about its domain, organizational processes, method of patch configuration management, privilege rights, training, cross-domain transfers, use of removable devices etc., prior to the site survey. The CPT needs to receive, for example, a complete list of all workstations, servers, services, required applications, and trust requirements of the Domain(s) supported. Equally as important, the CPT needs to know the required services needed to run within the Domain and where these services can run. (Example: a Domain Controller can run several rolls and services such as DHCP, DNS, and Active Directory.) It is important to remember that there may be workstations that reside in workgroups not jointed to the domain. A site survey is recommended, even though the mission owner theoretically can provide all information remotely. The site survey helps to establish the working relationships with the mission owner and can also result in the identifcation of devices and connections not previously disclosed.