ISMS role in the improvement of digital forensics related process in SOC's

TL;DR

Implementing an ISO 27001:2013-compliant ISMS enhances digital forensics processes in SOCs by providing standardized procedures, credibility, and support for legal actions, especially in cloud and non-cloud environments.

Contribution

This paper explores the role of certified ISMS in improving digital forensics processes within SOCs, addressing standardization and credibility issues.

Findings

Certified ISMS increases credibility of forensic evidence

Standardization helps in cloud and non-cloud digital forensics

ISMS implementation supports legal prosecution processes

Abstract

Organizations concerned about digital or computer forensics capability which establishes procedures and records to support a prosecution for computer crimes could benefit from implementing an ISO 27001: 2013-compliant (ISMS Information Security Management System). A certified ISMS adds credibility to information gathered in a digital forensics investigation; certification shows that the organization has an outsider which verifies that the correct procedures are in place and being followed. A certified ISMS is a valuable tool either when prosecuting an intruder or when a customer or other stakeholder seeks damages against the organization. SOC (Security Operation Center) as an organization or a security unit which handles a large volume of information requires a management complement, where ISMS would be a good choice. This idea will help finding solutions for problems related to digital forensics for non-cloud and cloud digital forensics, including Problems associated with the absence of standardization amongst different CSPs (Cloud service providers).