Manchester: 0161 797 8123

London: 0207 438 2045

Manchester: 0161 797 8123

London: 0207 438 2045

Blog

News, events, media, seminars and more

How can you justify a Forensic Readiness Plan?

CYFOR has recently been implementing forensic readiness plans (and training) for a number of FTSE 250 and AIM listed companies.

When we speak to heads of information risk or technology, they commonly recognise the benefits of implementing a plan but they ask us what legal and regulatory presidence have been set so that they can further justify their investment.

IS and IT staff, for instance, often recognise that a good forensic readiness plan (written by an experienced computer forensic professional)  can ensure an organisation’s ability to respond in the event of an incident and can reduce the impact of a data breach, however, to aid their business case, they ask that we help them to justify the plan to their own managers.

Forensic readiness is a key component of information risk management.

The HMG Security Policy Framework (v.7.0) stipulates that its own departments and partners should have forensic readiness plans in place.  Clearly the UK government has identified that there are considerable benefits to adopting a forensic readiness plan.

Section 404 of The Sarbanes-Oxley Act 2002 also stipulates an onus on corporations dealing within and with the United States of America to perform annual controls over financial reporting, which necessitates forensic readiness planning.

A forensic readiness plan will maximise a company’s potential to use digital evidence whilst minimising the cost of an investigation. The directive reflects the high level of importance placed upon minimising the impacts of information security incidents and safeguarding the interests of a company.

The Financial Service Authority’s Decision Procedure and Penalties Manual sets out the circumstances in which financial penalties or public censure may be imposed on a business.  The FSA will consider a number of factors that include duration and frequency of a breach.  By implementing a forensic readiness plan both can be minimised.

Digital forensics provides a means to help prevent and manage the impact of important business risks.

It can support a legal defence, it can verify and may show that due care was taken in a particular transaction or process, and may be important for internal disciplinary actions.   By not preparing your staff and having sufficient procedures in place you risk losing data, credibility and business.

Back to all Posts

Call us today and speak with a Forensic Specialist

London: 0207 438 2045

Manchester: 0161 797 8123

Feel free to send us an enquiry

  • This field is for validation purposes and should be left unchanged.

After submitting an enquiry, a member of our team will be in touch with you as soon as possible

Your information will only be used to contact you, and is lawfully in accordance with the Data Protection Act 1998.