In the course of responding 10 an information security incident, the BEST way to treat evidence for possible legal action is defined by:

In the course of responding 10 an information security incident, the BEST way to treat evidence for
possible legal action is defined by:

In the course of responding 10 an information security incident, the BEST way to treat evidence for
possible legal action is defined by:

A.
international standards.

B.
local regulations.

C.
generally accepted best practices.

D.
organizational security policies.

Explanation:

Legal follow-up will most likely be performed locally where the incident took place; therefore, it is
critical that the procedure of treating evidence is in compliance with local regulations. In certain
countries, there are strict regulations on what information can be collected. When evidence
collected is not in compliance with local regulations, it may not be admissible in court. There are

no common regulations to treat computer evidence that are accepted internationally. Generally
accepted best practices such as a common chain-of-custody concept may have different
implementation in different countries, and thus may not be a good assurance that evidence will be
admissible. Local regulations always take precedence over organizational security policies.



Leave a Reply 0

Your email address will not be published. Required fields are marked *