Limited-time offer
Lock in 2024 prices now for ISO 27001 toolkits, course exams, and software!
This offer is valid until December 19, 2024.

Expert Advice Community

Guest

Practice for collection of evidence

  Quote
Guest
Guest user Created:   May 29, 2019 Last commented:   May 29, 2019

Practice for collection of evidence

I have a question about the method for incident management (paragraph 3.7 Collection of evidence). The rules for identification, collection and preservation of evidence - is there any template? (Couldn’t find one). If not would you mind sending me some information about the content of this document? We don’t know how to make the rules.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 29, 2019

Answer:

ISO 27001 does not prescribe specific rules for evidence collection, and this is not a commonly used procedure, so we do not have an specific template, but these are good references you can look for to develop rules to your organization:
- SANS Digital Forensics and Incident Response Blog: https://digital-forensics.sans.org/blog/2009/09/12/best-practices-in-digital-evidence-collection/
- NIST Guide to Integrating Forensic Techniques into Incident Response: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-86.pdf

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 29, 2019

May 29, 2019

Suggested Topics