How can you justify a Forensic Readiness Plan?
3rd February 2012
CYFOR has recently been implementing forensic readiness plans (and training) for a number of FTSE 250 and AIM listed companies.
When we speak to heads of information risk or technology, they commonly recognise the benefits of implementing a plan but they ask us what legal and regulatory presidence have been set so that they can further justify their investment.
IS and IT staff, for instance, often recognise that a good forensic readiness plan (written by an experienced computer forensic professional) can ensure an organisation’s ability to respond in the event of an incident and can reduce the impact of a data breach, however, to aid their business case, they ask that we help them to justify the plan to their own managers.
Forensic readiness is a key component of information risk management.
The HMG Security Policy Framework (v.7.0) stipulates that its own departments and partners should have forensic readiness plans in place. Clearly the UK government has identified that there are considerable benefits to adopting a forensic readiness plan.
Section 404 of The Sarbanes-Oxley Act 2002 also stipulates an onus on corporations dealing within and with the United States of America to perform annual controls over financial reporting, which necessitates forensic readiness planning.
A forensic readiness plan will maximise a company’s potential to use digital evidence whilst minimising the cost of an investigation. The directive reflects the high level of importance placed upon minimising the impacts of information security incidents and safeguarding the interests of a company.
The Financial Service Authority’s Decision Procedure and Penalties Manual sets out the circumstances in which financial penalties or public censure may be imposed on a business. The FSA will consider a number of factors that include duration and frequency of a breach. By implementing a forensic readiness plan both can be minimised.
Digital forensics provides a means to help prevent and manage the impact of important business risks.
It can support a legal defence, it can verify and may show that due care was taken in a particular transaction or process, and may be important for internal disciplinary actions. By not preparing your staff and having sufficient procedures in place you risk losing data, credibility and business.