ImageVerifierCode 换一换
格式:PDF , 页数:46 ,大小:3.02MB ,
资源ID:727104      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-727104.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(EN ISO IEC 27043-2016 en Information technology - Security techniques - Incident investigation principles and processes《信息技术-安全技术事故调查的原则与程序(ISO IEC 27043 2015)》.pdf)为本站会员(ownview251)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

EN ISO IEC 27043-2016 en Information technology - Security techniques - Incident investigation principles and processes《信息技术-安全技术事故调查的原则与程序(ISO IEC 27043 2015)》.pdf

1、BS EN ISO/IEC 27043:2016Information technology Security techniques Incidentinvestigation principles andprocesses (ISO/IEC 27043:2015)BSI Standards PublicationWB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06BS EN ISO/IEC 27043:2016 BRITISH STANDARDNational forewordThis British Standard is the

2、 UK implementation of The UK participation in its preparation was entrusted by TechnicalCommittee IST/33, IT - Security techniques, to SubcommitteeA list of organizations represented on this subcommittee can beobtained on request to its secretary.This publication does not purport to include all the

3、necessaryprovisions of a contract. Users are responsible for its correctapplication. The British Standards Institution 2016. Published by BSI StandardsLimited 2016ISBN 978 0 580 92355 5ICS 35.040Compliance with a British Standard cannot confer immunity fromlegal obligations.This British Standard was

4、 published under the authority of theStandards Policy and Strategy Committee on 31 March 2015.Amendments/corrigenda issued since publicationDate Text affected30 September 2016 This corrigendum renumbersBS EN ISO/IEC 27043:2016BS ISO/IEC 27043:2015 asIST/33/4, Security Controls and Services.EN ISO/IE

5、C 27043:2016. It is identical to ISO/IEC 27043:2015.It supersedes BS ISO/IEC 27043:2015 which is withdrawn.EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN ISO/IEC 27043 August 2016 ICS 35.040 English Version Information technology - Security techniques - Incident investigation principles and pr

6、ocesses (ISO/IEC 27043:2015) Technologies de linformation - Techniques de scurit - Principes dinvestigation numrique et les processus (ISO/IEC 27043:2015) Informationstechnik - IT-Sicherheitsverfahren - Grundstze und Prozesse fr die Untersuchung von Vorfllen (ISO/IEC 27043:2015) This European Standa

7、rd was approved by CEN on 19 June 2016. CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references con

8、cerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN and CENELEC member. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a

9、CEN and CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions. CEN and CENELEC members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yug

10、oslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPE

11、N DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2016 CEN and CENELEC All rights of exploitation in any form and by any means reserved worldwide for CEN and CENELEC national Members. Ref. No. EN ISO/IEC 27043:2016 E EN ISO/IEC 27043:2

12、016 (E) European foreword The text of ISO/IEC 27043:2015 has been prepared by Technical Committee ISO/IEC JTC 1 “Information technology” of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) and has been taken over as EN ISO/IEC 27043:201

13、6. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by February 2017, and conflicting national standards shall be withdrawn at the latest by February 2017. Attention is drawn to the possibility that s

14、ome of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following countries are bound to im

15、plement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Roman

16、ia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. Endorsement notice The text of ISO/IEC 27043:2015 has been approved by CEN as EN ISO/IEC 27043:2016 without any modification. BS EN ISO/IEC 27043:2016ISO/IEC 27043:2015(E)Foreword vIntroduction vi1 Scope . 12 Normativ

17、e references 13 Terms and definitions . 14 Symbols and abbreviated terms . 35 Digital investigations . 45.1 General principles 45.2 Legal principles 46 Digital investigation processes 56.1 General overview of the processes 56.2 Classes of digital investigation processes 57 Readiness processes . 77.1

18、 Overview of the readiness processes 77.2 Scenario definition process 97.3 Identification of potential digital evidence sources process . 97.4 Planning pre-incident gathering, storage, and handling of data representing potential digital evidence process . 117.5 Planning pre-incident analysis of data

19、 representing potential digital evidence process 117.6 Planning incident detection process . 117.7 Defining system architecture process 117.8 Implementing system architecture process 127.9 Implementing pre-incident gathering, storage, and handling of data representing potential digital evidence proc

20、ess . 127.10 Implementing pre-incident analysis of data representing potential digital evidence process 127.11 Implementing incident detection process 127.12 Assessment of implementation process 137.13 Implementation of assessment results process 138 Initialization processes 138.1 Overview of initia

21、lization processes . 138.2 Incident detection process . 148.3 First response process. 158.4 Planning process 158.5 Preparation process. 159 Acquisitive processes 169.1 Overview of acquisitive processes 169.2 Potential digital evidence identification process .169.3 Potential digital evidence collecti

22、on process .179.4 Potential digital evidence acquisition process .179.5 Potential digital evidence transportation process 179.6 Potential digital evidence storage and preservation process 1710 Investigative processes .1810.1 Overview of investigative processes . 1810.2 Potential digital evidence acq

23、uisition process .1910.3 Potential digital evidence examination and analysis process .1910.4 Digital evidence interpretation process . 1910.5 Reporting process . 1910.6 Presentation process 2010.7 Investigation closure process 20 ISO/IEC 2015 All rights reserved iiiBS EN ISO/IEC 27043:2016ISO/IEC 27

24、043:2015(E)11 Concurrent processes .2011.1 Overview of the concurrent processes 2011.2 Obtaining authorization process 2111.3 Documentation process 2111.4 Managing information flow process 2111.5 Preserving chain of custody process . 2111.6 Preserving digital evidence process 2211.7 Interaction with

25、 physical investigation process2212 Digital investigation process model schema 22Annex A (informative) Digital investigation processes: motivation for harmonization 24Bibliography .28iv ISO/IEC 2015 All rights reservedBS EN ISO/IEC 27043:2016ISO/IEC 27043:2015(E)ForewordISO (the International Organi

26、zation for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the resp

27、ective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of informat

28、ion technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different

29、types of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall n

30、ot be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).Any trade name used in this document is in

31、formation given for the convenience of users and does not constitute an endorsement.For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISOs adherence to the WTO principles in the Technical Barriers to Trade (TBT), se

32、e the following URL: Foreword Supplementary information.The committee responsible for this document is ISO/IEC JTC 1, Information technology, Subcommittee SC 27, Security techniques. ISO/IEC 2015 All rights reserved vBS EN ISO/IEC 27043:2016ISO/IEC 27043:2015(E)IntroductionAbout this International S

33、tandardThis International Standard provides guidelines that encapsulate idealized models for common investigation processes across various investigation scenarios. This includes processes from pre-incident preparation up to and including returning evidence for storage or dissemination, as well as ge

34、neral advice and caveats on processes and appropriate identification, collection, acquisition, preservation, analysis, interpretation, and presentation of evidence. A basic principle of digital investigations is repeatability, where a suitably skilled investigator has to be able to obtain the same r

35、esult as another similarly skilled investigator, working under similar conditions. This principle is exceptionally important to any general investigation. Guidelines for many investigation processes have been provided to ensure that there is clarity and transparency in obtaining the produced result

36、for each particular process. The motivation to provide guidelines for incident investigation principles and processes follows.Established guidelines covering incident investigation principles and processes would expedite investigations because they would provide a common order of the events that an

37、investigation entails. Using established guidelines allows smooth transition from one event to another during an investigation. Such guidelines would also allow proper training of inexperienced investigators. The guidelines, furthermore, aim to assure flexibility within an investigation due to the f

38、act that many different types of digital investigations are possible. Harmonized incident investigation principles and processes are specified and indications are provided of how the investigation processes can be customized in different investigation scenarios.A harmonized investigation process mod

39、el is needed in criminal and civil prosecution settings, as well as in other environments, such as corporate breaches of information security and recovery of digital information from a defective storage device. The provided guidelines give succinct guidance on the exact process to be followed during

40、 any kind of digital investigation in such a way that, if challenged, no doubt should exist as to the adequacy of the investigation process followed during such an investigation.Any digital investigation requires a high level of expertise. Those involved in the investigation have to be competent, pr

41、oficient in the processes used, and they have to use validated processes (see ISO/IEC 27041) which are compatible with the relevant policies and/or laws in applicable jurisdictions.Where the need arises to assign a process to a person, that person will take the responsibility for the process. Theref

42、ore, a strong correlation between a process responsibility and a persons input will determine the exact investigation process required according to the harmonized investigation processes provided as guidelines in this International Standard.This International Standard is structured by following a to

43、p-down approach. This means that the investigation principles and processes are first presented on a high (abstract) level before they are refined with more details. For example, a high-level overview of the investigation principles and processes are provided and presented in figures as “black boxes

44、” at first, where after each of the high-level processes are divided into more fine-grained (atomic) processes. Therefore, a less abstract and more detailed view of all the investigation principles and processes are presented near the end of this International Standard as shown in Figure 8.This Inte

45、rnational Standard is intended to complement other standards and documents which provide guidance on the investigation of, and preparation to, investigate information security incidents. It is not an in-depth guide, but it is a guide that provides a rather wide overview of the entire incident invest

46、igation process. This guide also lays down certain fundamental principles which are intended to ensure that tools, techniques, and methods can be selected appropriately and shown to be fit for purpose should the need arise.Relationship to other standardsThis International Standard is intended to com

47、plement other standards and documents which give guidance on the investigation of, and preparation to investigate, information security incidents. It is not a vi ISO/IEC 2015 All rights reservedBS EN ISO/IEC 27043:2016ISO/IEC 27043:2015(E)comprehensive guide, but lays down certain fundamental princi

48、ples which are intended to ensure that tools, techniques, and methods can be selected appropriately and shown to be fit for purpose should the need arise.This International Standard also intends to inform decision-makers that need to determine the reliability of digital evidence presented to them. I

49、t is applicable to organizations needing to protect, analyse, and present potential digital evidence. It is relevant to policy-making bodies that create and evaluate procedures relating to digital evidence, often as part of a larger body of evidence.This International Standard describes part of a comprehensive investigative process which includes, but is not limited to, the following topic areas: incident management, including preparation and planning for investigations; handling of digital evidence; use of, and issues caused by, redaction; intrus

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1