Collect evidence from the incident scene., CC ID: 02236
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
An incident monitoring and management process to address the identification and classification of incidents, reporting, escalation, preservation of evidence, the investigation process (Critical components of information security 1) 2) k., Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
Establishing the capability to investigate information security incidents through various modes like forensics, evidence collection and preservation, log analysis, interviewing, etc. (Critical components of information security 10) (ii) d., Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
Digital evidence is similar to any other form of legal proof - it needs to withstand challenges to its integrity, its handling must be carefully tracked and documented, and it must be suitably authenticated by concerned personnel as per legal requirements. Since the evidence resides on or is generat… (Critical components of information security 1) 5), Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
information security investigation, including preservation of evidence and forensic analysis; and (16(h)., APRA Prudential Practice Guide CPG 234 Information Security, June 2019)
monitoring and incident management to address the identification and classification of incidents, reporting and escalation guidelines, preservation of evidence and the investigation process; (¶ 27(e), APRA Prudential Practice Guide 234: Management of security risk in information and information technology, May 2013)
In the event a follow-up action concerning a person or organization after an information security incident requires legal action, proper forensic procedures, including chain of custody, shall be required for the preservation and presentation of evidence to support potential legal action subject to t… (SEF-04, Cloud Controls Matrix, v3.0)
Forensic analysis may need to be established by a third party in order to be acceptable by a legal authority. (§ 3.4.5, ISO 12931:2012, Performance Criteria for Authentication Solutions Used to Combat Counterfeiting of Material Goods, First Edition)
Principle: Firms should establish policies and procedures, as well as roles and responsibilities for escalating and responding to cybersecurity incidents. Effective practices for incident response include: - preparation of incident responses for those types of incidents to which the firm is most lik… (Incident Response Planning, Report on Cybersecurity Practices)
Under SaaS, the CSP must perform the capture, preserve, and protect functions in conjunction with their CSSP. The CSP will then share their results with the Mission Owner's organization performing MCD Actions. (Section 6.5.4.2 ¶ 6, Department of Defense Cloud Computing Security Requirements Guide, Version 1, Release 3)
Forensics (e.g., analysis of potentially compromised systems). (App A Objective 8.1.b, FFIEC Information Technology Examination Handbook - Information Security, September 2016)
Provide technical assistance on digital evidence matters to appropriate personnel. (T0212, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
Process exfiltrated data for analysis and/or dissemination to customers. (T0774, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
Perform real-time forensic analysis (e.g., using Helix in conjunction with LiveView). (T0172, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)â, July 7, 2020)
Review forensic images and other data sources (e.g., volatile data) for recovery of potentially relevant information. (T0532, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)â, July 7, 2020)
Process exfiltrated data for analysis and/or dissemination to customers. (T0774, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)â, July 7, 2020)