List four of the items that the EBK specifies for the implementation function.

What will be an ideal response?

---

1. Assist in collecting and preserving evidence in accordance with established procedures, plans, policies, and best practices
2. Perform forensic analysis on networks and computer systems, and make recommendations for remediation
3. Apply and maintain intrusion detection systems; intrusion prevention systems; network mapping software; and monitoring and logging systems; and analyze results to protect, detect, and correct information security-related vulnerabilities and events
4. Follow proper chain of custody best practices in accordance with standards, procedures, directives, policies, regulations, and laws (statutes)
5. Collect and retain audit data to support technical analysis relating to misuse, penetration, reconstruction, or other investigations
6. Provide audit data to appropriate law enforcement or other investigating agencies, to include corporate security elements
7. Assess and extract relevant pieces of information from collected data
8. Report complete and accurate findings, and result of the analysis of digital evidence, to appropriate resources
9. Coordinate dissemination of forensic analysis findings to appropriate resources
10. Provide training as appropriate on using forensic analysis equipment, technologies, and procedures, such as the installation of forensic hardware and software components
11. Advise on the suitability of standard operating environment's (SOE) baseline standard for forensic analysis
12. Coordinate applicable legal and regulatory compliance requirements
13. Coordinate, interface, and work under the direction of appropriate corporate entities