Checklist of ISO/IEC 27001-A.16.1.7 Collection of evidence

Introduction:

Digital evidence is crucial in any incident response process, particularly in cases of cybercrime. 

It can be used to identify and prosecute criminals, as well as improve an organization’s overall security posture. 

Therefore, A.16.1.7 of ISO 27001 requires organizations to have defined processes for collecting digital forensic evidence. 

In this article, we will explore the importance of digital evidence collection, the criteria for assessing the competency of in-house collection processes, and the legal requirements associated with this process.

Sample Checklist:

  • Does the organization have defined processes for collecting digital forensic evidence?
  • Are there trained and competent personnel responsible for digital evidence collection?
  • Are there suitable tools and techniques for digital evidence collection?
  • Is chain-of-evidence rigorously maintained?
  • Is digital evidence secured in storage?
  • Is analysis performed on forensically-sound copies using forensic-grade tools and techniques?
  • Who decides to undertake forensics, and on what authority and basis?
  • How are jurisdictional issues handled?
  • How are differing forensic standards handled
  • How are associated legal requirements, such as seizure, storage, analysis, and presentation of evidence, handled?

Conclusion:

Organizations must have defined processes for collecting digital forensic evidence to improve their overall security posture and protect themselves against cybercrime. 

It is important to assess the competency of in-house collection processes to ensure that trained and competent personnel are responsible for digital evidence collection, suitable tools and techniques are used, and chain-of-evidence is rigorously maintained. 

Organizations must also comply with jurisdictional issues, differing forensic standards, and associated legal requirements, such as seizure, storage, analysis, and presentation of evidence. 

See also  Checklist of ISO/IEC 27001-A.7.2.2 Information security awareness, education and training

By following the requirements of A.16.1.7 of ISO 27001, organizations can effectively collect and utilize digital evidence to improve their security posture and protect themselves against cybercrime.

Leave a comment

Your email address will not be published. Required fields are marked *