The scouting motto "be prepared" saved Maldives president Maumoon Abdul Gayoom from assassination in 2008 when a local Boy Scout stepped in to foil his attacker. Being prepared for a security incident affecting computer systems may not produce such dramatic results, but it will enable an organisation to maximise its potential to use digital evidence while minimising the costs of an investigation, writes Raj Samani, vice-president for communications, ISSA UK.
The importance of such a state of readiness is recognised through various regulatory requirements. The minimum mandatory measures to protect information across central government state that all government departments must have a forensic readiness policy. A similar requirement also applies to private sector organisations that adhere to the PCI-DSS standard. Requirement A.1.4 demands "processes to provide for timely forensic investigation in the event of a compromise to any hosted merchant or service provider".
Despite such obligations, the practicality of having workable plans appears lost on many organisations. Recent research by KPMG found that many legal departments have significant concerns about how to handle data when called upon to do so for litigation or regulatory response. Nearly two in five respondents admitted it would be difficult to retrieve relevant data in the event of a regulatory investigation or major litigation. Additional concerns included the extent to which companies' legal and IT departments communicate with each other. With the growing trend to use outsourced service providers, the prospect of another stakeholder external to the organisation represents significant challenges to the effectiveness of any response to an incident, particularly to organisations that fail to communicate effectively between their internal departments.
To read more think tank articles
This was first published in April 2010