From Uncertainty to Prosecution: Enhancing Cyber Resilience through Forensic Readiness
Keywords:
Criminal investigation, Cybercrime, Cybersecurity framework, Cyber resilience, Forensic readiness, Law enforcement, InvestigationAbstract
Organizations relying on digital services must acknowledge that their systems will fail at some point, and if they have not been victims of cybercrime yet, they will be. Cyber resilience is an approach that prepares to withstand and recover from system failures and incidents. To recover from a system failure, the incident's root cause must be understood to mitigate it properly. Thus, there is a need to investigate the incident. An investigation is also essential to hold individuals accountable for malicious incidents in a court of law. The cost of an investigation and the evidential value of digital evidence can depend on how forensically ready an organization is. This apparent connection between cyber resilience and forensic readiness made us question these concepts' interconnection. We conducted a focused literature review and examined relevant legislation, standards, and frameworks to identify the connection between cyber resilience and forensic readiness. Our research shows that the need to determine the root cause of an incident to mitigate it properly is central and that frameworks do not sufficiently address holding individuals responsible for malicious incidents accountable in a court of law. Our main contribution is to show how forensic readiness is a crucial component of cyber resilience and how a systematic investigation is central to incident response. We also propose introducing redress as a core function in the NIST Cybersecurity Framework as a first step to ensure criminals are held accountable for their actions.
Downloads
Downloads
Published
Versions
- 2024-11-27 (3)
- 2024-11-26 (2)
- 2024-11-24 (1)