Forensic readiness
It is vital to conduct an investigation after a cyber attack. There are many possible scenarios in which the extent to which your systems and data have been compromised, and what needs to be done to recover, are not immediately clear. Not only do you want to minimise the damage, but you also and above all want to ensure the security of your organisation and get back to business as quickly as possible. This means setting up your incident readiness so you can act effectively and immediately. One part of this is forensic readiness, being prepared to conduct or commission a digital forensic investigation the moment it is needed. This publication explains what you can do yourself and what external support you can call upon.
|
Intended audience: This publication is intended for organisations that want to professionalise their forensic readiness. Such organisations already devote a lot of attention to their resilience, but there is always a risk that you will be hit by an incident and want to minimise its impact. An organisation with optimum forensic readiness complies with the intent of the NIS2 Directive. |