This preview shows page 1. Sign up to view the full content.
Unformatted text preview: documentation, with the goal of continual improvement. Instituting a formal process for the
briefing will provide the team with the ability to start collecting data that can be
used to track its performance metrics. ch10.indd 886 12/4/2009 11:39:11 AM All-in-1 / CISSP All-in-One Exam Guide, 5th Ed. / Harris / 160217-8 Chapter 10: Legal, Regulations, Compliance, and Investigations 887
Cops or No Cops?
Management needs to make the decision as to whether law enforcement should
be called in to handle the security breach. The following are some of the issues to
understand if law enforcement is brought in:
• Company loses control over investigation once law enforcement is
• Secrecy of compromise is not promised; it could become part of public
• Effects on reputation need to be considered (the ramifications of this
information reaching customers, shareholders, and so on).
• Evidence will be collected and may not be available for a long period of
time. It may take a year or so to get into court.
Other issues to think through when a company is developing incident response
procedures include deciding how the incident will be explained to the press, customers,
and shareholders. This could require the collaboration of the public relations department, management, human resources (if employees are involved), the IT department,
and the legal department. A cybercrime may have legal ramifications that are not immediately apparent and must be handled delicately. The company should decide how
it will report the matter to outsiders, to ensure that the situation is not perceived in a
totally different light. Computer Forensics and Proper Collection of Evidence
I just spilled coffee on our only evidence.
Response: Case closed. Let’s all go home.
Forensics is a science and an art that requires specialized techniques for the recovery,
authentication, and analysis of electronic data for the purposes of a criminal act. It is
the coming together of computer science, information te...
View Full Document
This note was uploaded on 06/01/2013 for the course NET 125 taught by Professor Hurst during the Fall '12 term at Wake Tech.
- Fall '12