News, events, media, seminars and more
When we speak to heads of information risk or technology, they commonly recognise the benefits of implementing a plan but they ask us what legal and regulatory presidence have been set so that they can further justify their investment.
IS and IT staff, for instance, often recognise that a good forensic readiness plan (written by an experienced computer forensic professional) can ensure an organisation’s ability to respond in the event of an incident and can reduce the impact of a data breach, however, to aid their business case, they ask that we help them to justify the plan to their own managers.
The HMG Security Policy Framework (v.7.0) stipulates that its own departments and partners should have forensic readiness plans in place. Clearly the UK government has identified that there are considerable benefits to adopting a forensic readiness plan.
A forensic readiness plan will maximise a company’s potential to use digital evidence whilst minimising the cost of an investigation. The directive reflects the high level of importance placed upon minimising the impacts of information security incidents and safeguarding the interests of a company.
The Financial Service Authority’s Decision Procedure and Penalties Manual sets out the circumstances in which financial penalties or public censure may be imposed on a business. The FSA will consider a number of factors that include duration and frequency of a breach. By implementing a forensic readiness plan both can be minimised.
It can support a legal defence, it can verify and may show that due care was taken in a particular transaction or process, and may be important for internal disciplinary actions. By not preparing your staff and having sufficient procedures in place you risk losing data, credibility and business.
London: 0207 438 2045
Manchester: 0161 797 8123