CYFOR Blog

A Forensic Readiness Plan is a key component of a business’s information risk management strategy.

CYFOR has implemented a Forensic Readiness Plan and training for numerous FTSE 250 and AIM listed companies. When we speak to heads of information risk or technology, they commonly recognise the benefits of implementing a forensic readiness plan, but they ask us what legal and regulatory precedence has been set so that they can further justify their investment.

IT staff, for instance, often recognise that a good forensic readiness plan (written by an experienced computer forensic professional) can ensure an organisation’s ability to respond effectively in the event of an incident and can reduce the impact of a data breach. However, to aid their business case, they ask that we help them to justify the plan to their own senior management.

Forensic readiness is a key component of information risk management

The HMG Security Policy Framework stipulates that its own departments and partners should have forensic readiness plans in place. Clearly the UK government has identified that there are considerable benefits to adopting a forensic readiness plan.

Section 404 of The Sarbanes-Oxley Act 2002 also stipulates an onus on corporations dealing within and with the United States of America to perform annual controls over financial reporting, which necessitates a forensic readiness plan.

A forensic readiness plan will maximise a company’s potential to use digital evidence whilst minimising the cost of an investigation. The directive reflects the high level of importance placed upon minimising the impacts of information security incidents and safeguarding the interests of a company.

The Financial Service Authority’s Decision Procedure and Penalties Manual set out the circumstances in which financial penalties or public censure may be imposed on a business. The FSA will consider several factors that include the duration and frequency of a data breach. By implementing a forensic readiness plan both can be minimised.

Digital forensics provides a means to help prevent and manage the impact of important business risks

It can support a legal defence; it can verify and may show that due care was taken in a particular transaction or process and may be important for internal disciplinary actions. By not preparing your staff and having sufficient procedures in place you risk losing data, credibility and business.

Forward planning through adopting a forensic readiness plan can bring many benefits to your organisation:

• Maintaining proportionality of litigation and investigative costs
• Increasing the speed at which digital evidence can be produced
• Acting as a deterrent to computer misuse
• Reducing the occurrences of digital technology abuse
• Assisting with internal security awareness training

Case Study | Security Breach Avoidance

CYFOR received a call via our 24/7 emergency line for an immediate response to a potentially serious security breach for a leading corporation. A laptop had been stolen from the corporate which contained unencrypted data of a sensitive nature, including login details. The laptop was recovered in due course, however, any breach of sensitive corporate data needed to be established.

This was potentially a disastrous situation for the corporate and preparations were made to contact third parties to inform them of a security breach. CYFOR dispatched two digital forensic investigators onsite in response to this incident.

A forensic image of the laptop was created in order to preserve the data and establish whether or not anyone had logged onto the device. CYFOR’s experts were also able to investigate whether the sensitive data contained on the laptop had been copied to any external media.

Working through the night, our digital forensic investigators were able to achieve a positive result for the client and establish that a data breach had not occurred. Thus preventing the corporate from unnecessarily contacting third parties and causing reputational damage. This situation could have been avoided if there had been an established forensic readiness plan in place.