1、December 2016 English price group 8No part of this translation may be reproduced without prior permission ofDIN Deutsches Institut fr Normung e. V., Berlin. Beuth Verlag GmbH, 10772 Berlin, Germany,has the exclusive right of sale for German Standards (DIN-Normen).ICS 35.080!%“2599158www.din.deDIN EN
2、 ISO/IEC 30121Information technology Governance of digital forensic risk framework (ISO/IEC 30121:2015);English version EN ISO/IEC 30121:2016,English translation of DIN EN ISO/IEC 30121:2016-12Informationstechnik Leitfaden fr die Betriebsfhrung digitaler Forensik (ISO/IEC 30121:2015);Englische Fassu
3、ng EN ISO/IEC 30121:2016,Englische bersetzung von DIN EN ISO/IEC 30121:2016-12Technologies de linformation Gouvernance du cadre de risque forensique numrique (ISO/IEC 30121:2015);Version anglaise EN ISO/IEC 30121:2016,Traduction anglaise de DIN EN ISO/IEC 30121:2016-12www.beuth.deDocument comprises
4、13 pagesDTranslation by DIN-Sprachendienst.In case of doubt, the German-language original shall be considered authoritative.01.17 DIN EN ISO/IEC 30121:2016-12 2 A comma is used as the decimal marker. National foreword ISO/IEC 30121:2015 has been prepared by Technical Committee ISO/IEC JTC 1, Subcomm
5、ittee SC 40 “IT Service Management and IT Governance”. Based on a decision of CEN/BT, ISO/IEC 30121:2015 has been submitted to the Unique Acceptance Procedure (UAP) and taken over as EN ISO/IEC 30121:2016 without any modification. The responsible German body involved in its preparation was DIN-Norme
6、nausschuss Informationstechnik und Anwendungen (DIN Standards Committee Information Technology and selected IT Applications), Working Committee NA 043-01-40 AA IT-Servicemanagement und IT-Betriebsfhrung. EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN ISO/IEC 30121 August 2016 ICS 35.080 Englis
7、h Version Information technology - Governance of digital forensic risk framework (ISO/IEC 30121:2015) Technologies de linformation - Gouvernance du cadre de risque forensique numrique (ISO/IEC 30121:2015) Informationstechnik - Leitfaden fr die Betriebsfhrung digitaler Forensik(ISO/IEC30121:2015) Thi
8、s European Standard was approved by CEN on 19 June 2016. CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographic
9、al references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN and CENELEC member. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the res
10、ponsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions. CEN and CENELEC members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Fi
11、nland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZA
12、TION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2016 CEN and CENELEC All rights of exploitation in any form and by any means reserved worldwide for CEN and CENELEC national Members. Ref. No. EN ISO/IEC 30121:2016 E C
13、ontents PageEuropean foreword .3Introduction 51 Scope . 62 Normative references 63 Terms and definitions . 64 Principles . 74.1 Responsibility 74.2 Strategy 74.3 Acquisition 74.4 Performance 74.5 Conformance . 74.6 Human behaviour . 75 The framework . 75.1 Stakeholder mandate. 75.2 Establishment 75.
14、3 Evaluate . 75.4 Direct . 85.5 Monitor 86 Processes 86.1 Archival strategy 86.2 Discovery strategy 86.3 Disclosure strategy 86.4 Digital forensic capability strategy 86.5 Risk compliance strategy . 87 Metrics .97.1 General . 97.2 Key goal indicators 97.3 Key performance indicators 97.4 Key business
15、 indicators . 9Annex A (informative) International Standard overview 10Bibliography . 11DIN EN ISO/IEC 30121:2016-12 EN ISO/IEC 30121:2016 (E)2Foreword .4European foreword The text of ISO/IEC 30121:2015 has been prepared by Technical Committee ISO/IEC JTC 1 “Information technology” of the Internatio
16、nal Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) and has been taken over as EN ISO/IEC 30121:2016. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by
17、 February 2017, and conflicting national standards shall be withdrawn at the latest by February 2017. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such
18、 patent rights. According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedo
19、nia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. Endorsement notice The text of ISO/IEC 30121:2015 has been approved by
20、CEN as EN ISO/IEC 30121:2016 without any modification. DIN EN ISO/IEC 30121:2016-12 EN ISO/IEC 30121:2016 (E) 3 ForewordISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National
21、 bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Ot
22、her international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.The procedures used to develop this document and those intended
23、 for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/
24、directives).Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document wi
25、ll be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents).Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.For an explanation on the meaning of ISO specific terms and express
26、ions related to conformity assessment, as well as information about ISOs adherence to the WTO principles in the Technical Barriers to Trade (TBT), see the following URL: Foreword Supplementary information.The committee responsible for this document is ISO/IEC JTC 1, Information technology, Subcommit
27、tee SC 40, IT Service Management and IT Governance.DIN EN ISO/IEC 30121:2016-12 EN ISO/IEC 30121:2016 (E)4 IntroductionOrganizations of any kind face both internal and external factors and influences that can lead to the occurrence of legal actions and placement of demands on the Information Technol
28、ogy (IT) and related Information Systems (IS) to disclose digital evidence. The occurrence of legal action may be the result of an uncertain, unplanned, or unexpected event or it may occur as a planned course of action against employees, competitors, or service suppliers. Whether a risk is significa
29、nt or not will depend on the level of risk and the organizations risk attitude. Its risk attitude will be reflected in its risk criteria. Because it is almost certain that digital evidence will be discovered and, therefore, be subject to legal disclosure, organizations should plan and develop capabi
30、lity to deal with such legal actions before they occur.This International Standard is about the prudent strategic preparation for digital investigation of an organization. Forensic readiness assures that an organization has made the appropriate and relevant strategic preparation for accepting potent
31、ial events of an evidential nature. Actions may occur as the result of inevitable security breaches, fraud, and reputation assertion. In every situation, IT should be strategically deployed to maximise the effectiveness of evidential availability, accessibility, and cost efficiency.The responsibilit
32、y of the Governing body is to provide strategic direction in all matters of relevance to the organization. The Governing body is informed by principles of best practice that provide general guidance on matters of certainty and compliance. These principles may come from legal mandates, standards, or
33、social and cultural imperatives. In this International Standard, the principles come from ISO/IEC 38500 for the guidance of best practice for the governance of IT (Clause 4).Principles require implementation. The tasks of governance are to evaluate proposals and plans, to monitor performance and con
34、formance, and to direct strategy and policies. The stakeholders of an organization may provide the mandate for governance and the Governing body has the ultimate ownership of risk. A framework for the governance of digital forensic risk is established by the owners of risk taking appropriate actions
35、 to assure the strategic direction of the organization. Hence, the strategic objective is to implement the principles and to assure adequate preparation for digital investigation (Clause 5).The framework requires strategic processes to deliver direction to executives and top managers. The strategic
36、processes are selected to assure adequate scope and are principally archival, discovery, disclosure, capability, and risk criteria compliance (Clause 6).The goals derived from the principles are measureable through Key Goal Indicators (KGIs), the strategic objectives derived from the strategies are
37、measurable through the Key Performance Indicators (KPIs), and the variation between the KGIs and the KPIs measures is an indication of the organizations business performance (KBIs) (Clause 7).This International Standard should be used in conjunction with the vocabulary contained in ISO Guide 73:2009
38、; ISO/IEC 35802, Information technology Governance of IT framework and model; and ISO/IEC 38500, Information technology Governance of IT for the organization.DIN EN ISO/IEC 30121:2016-12 EN ISO/IEC 30121:2016 (E) 5 1 ScopeThis International Standard provides a framework for Governing bodies of organ
39、izations (including owners, board members, directors, partners, senior executives, or similar) on the best way to prepare an organization for digital investigations before they occur. This International Standard applies to the development of strategic processes (and decisions) relating to the retent
40、ion, availability, access, and cost effectiveness of digital evidence disclosure. This International Standard is applicable to all types and sizes of organizations.2 Normative referencesThe following documents, in whole or in part, are normatively referenced in this document and are indispensable fo
41、r its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.ISO/IEC 38500, Information technology Governance of IT for the organizationISO Guide 73:2009, Risk management Vocabulary3
42、Terms and definitionsFor the purposes of this document, the terms and definitions given in ISO/IEC 38500, ISO Guide 73:2009, and the following apply.3.1digital evidenceinformation or data stored or transmitted in binary form that may be relied upon as evidenceSOURCE: ISO/IEC 27037:2012, 3.53.2Govern
43、ing bodyperson or group of people who are accountable to stakeholders for the performance and conformance of the organizationSOURCE: ISO/IEC TR 38502:2014, 2.93.3digital forensicsscientific tasks, techniques, and practices used in the investigation of stored or transmitted binary information or data
44、 for legal purposes3.4strategic riskeffect of uncertainty on goalsDIN EN ISO/IEC 30121:2016-12 EN ISO/IEC 30121:2016 (E)6 4 Principles4.1 ResponsibilityIndividuals and groups within the organization understand and accept their responsibilities in respect of both supply of, and demand for digital evi
45、dence. Those with responsibility for investigations also have the skill, independence and authority to perform those actions.4.2 StrategyThe organizations strategy development takes into account the current and future retention, availability, access to and cost effectiveness of digital evidence; the
46、 strategic plans for evidential capability satisfy the current and ongoing needs of the organization.4.3 AcquisitionIT asset acquisitions are made to support the organizations strategies, on the basis of appropriate and ongoing analysis, with clear and transparent decision making. There is appropria
47、te balance between benefits, opportunities, costs, and risks, in both the short term and the long term.4.4 PerformanceIT is fit for purpose in supporting the organization, providing the services, levels of service and service quality required to meet current and future organization digital evidence
48、requirements.4.5 ConformanceIT assets comply with all mandatory legislation and regulations. Policies and practices are clearly defined, implemented and enforced in accordance with the organizations risk criteria.4.6 Human behaviourDigital forensic policies, practices and decisions demonstrate respect for human behaviour, including the current and evolving needs of all the people in the organizations processes.5 The framework5.1 Stakeholder mandateTh
