UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

ITU-T X.1216

Requirements for collection and preservation of cybersecurity incident evidence

active, Most Current
Buy Now
Organization: ITU-T
Publication Date: 1 September 2020
Status: active
Page Count: 16
scope:

This Recommendation describes a general procedure for cybersecurity incident response and investigation. It also analyses sources of cybersecurity incident evidence and specifies capability requirements for tools used for collection and preservation of such evidence in an investigative process. This Recommendation also specifies reliability assurance requirements for these tools as guidelines to developers who design tools for such purpose.

This Recommendation does not include privacy issues and regulations related to gathering cybersecurity incident data, legal proceedings, disciplinary procedures and other related actions in handling potential cybersecurity incident evidence. These elements are considered outside the scope of "collection and preservation".

Document History

ITU-T X.1216
September 1, 2020
Requirements for collection and preservation of cybersecurity incident evidence
This Recommendation describes a general procedure for cybersecurity incident response and investigation. It also analyses sources of cybersecurity incident evidence and specifies capability...

References

This document references:
ISO/IEC 27035-3 - Information technology — Information security incident management — Part 3: Guidelines for ICT incident response operations
Published by ISO on September 1, 2020
This document gives guidelines for information security incident response in ICT security operations. This document does this by firstly covering the operational aspects in ICT security operations...
This document references:
ISO/IEC 27037 - Information technology - Security techniques - Guidelines for identification, collection, acquisition, and preservation of digital evidence
Published by ISO on October 15, 2012
This International Standard provides guidelines for specific activities in handling digital evidence, which are identification, collection, acquisition and preservation of digital evidence that may...
This document references:
ISO/IEC 27041 - Information technology - Security techniques - Guidance on assuring suitability and adequacy of incident investigative method
Published by ISO on June 15, 2015
This International Standard provides guidance on mechanisms for ensuring that methods and processes used in the investigation of information security incidents are "fit for purpose". It encapsulates...
This document references:
ISO/IEC 27042 - Information technology - Security techniques - Guidelines for the analysis and interpretation of digital evidence
Published by ISO on June 15, 2015
This International Standard provides guidance on the analysis and interpretation of digital evidence in a manner which addresses issues of continuity, validity, reproducibility, and repeatability. It...
This document references:
ISO/IEC 27043 - Information technology - Security techniques - Incident investigation principles and processes
Published by ISO on March 1, 2015
This International Standard provides guidelines based on idealized models for common incident investigation processes across various incident investigation scenarios involving digital evidence. This...
View Less
View All
Advertisement