BS EN ISO/IEC 27043:2016

What is ISO/IEC 27043 - Security techniques - Incident investigation principles and processes about?  

ISO/IEC 27043 provides guidelines based on idealized models for common incident investigation processes across various incident investigation scenarios involving digital evidence. This includes processes from pre-incident preparation through investigation closure, as well as any general advice and caveats on such processes. The guidelines describe processes and principles applicable to various kinds of investigations, including, but not limited to, unauthorized access, data corruption, system crashes, or corporate breaches of information security, as well as any other digital investigation. 

In summary, ISO/IEC 27043 provides a general overview of all incident investigation principles and processes without prescribing particular details within each of the investigation principles and processes covered in this International Standard. Many other relevant International Standards, where referenced in this International Standard, provide more detailed content of specific investigation principles and processes.  

Who is ISO/IEC 27043 - Security techniques - Incident investigation principles and processes for? 

ISO/IEC 27043 on security techniques - Incident investigation principles and processes is useful for: 

• Security systems handling department 
• Investigation agencies 
• Risk mitigation department 
• Information technology industry 

Why should you use ISO/IEC 27043 - Security techniques - Incident investigation principles and processes? 

A harmonized investigation process model is needed in criminal and civil prosecution settings, as well as in other environments, such as corporate breaches of information security and recovery of digital information from a defective storage device. The provided guidelines in ISO/IEC 27043 give succinct guidance on the exact process to be followed during any kind of digital investigation in such a way that, if challenged, no doubt should exist as to the adequacy of the investigation process followed during such an investigation 

ISO/IEC 27043 is intended to complement other standards and documents which provide guidance on the investigation of, and preparation to, investigate information security incidents. It is not an in-depth guide, but it is a guide that provides a rather wide overview of the entire incident investigation process. This guide also lays down certain fundamental principles which are intended to ensure that tools, techniques, and methods can be selected appropriately and shown to be fit for purpose should the need arise. 

ISO/IEC 27043 also intends to inform decision-makers that need to determine the reliability of digital evidence presented to them. It is applicable to organizations needing to protect, analyze, and present potential digital evidence. It is relevant to policy-making bodies that create and evaluate procedures relating to digital evidence, often as part of a larger body of evidence.