PM Response Readiness Plan Template

2/24/22, 12:26 PM Response Readiness Plan Template
https://leocontent.umgc.edu/content/umuc/tgs/dfc/dfc640/2221/course-resource-list/response-readiness-plan.html?ou=622268 1/2
Response Readiness Plan Template
Use this template for Step 2.
Required Components of Report
Title Page
Table of Contents
Overview
Include references
Forensic Response Readiness Plan
Define the business scenarios that require digital evidence.
Define the purpose of an evidence collection capability; this is the first step in
forensic readiness. The rationale is to look at the risk and potential impact on
the business from the various types of crimes and disputes. What is the threat
to the business, and what parts are vulnerable? Specifically, address the
following:
reducing the impact of computer-related crime
dealing effectively with court orders to release data
demonstrating compliance with regulatory or legal constraints
Identify available sources and different types of potential evidence. The
purpose of this step is to scope the available evidence from across the range of
systems and applications in use. Some basic questions need to be asked about
possible evidence sources, including these:
Where is data generated?
What format is it in?
For how long is it stored?
Course Resource
2/24/22, 12:26 PM Response Readiness Plan Template
https://leocontent.umgc.edu/content/umuc/tgs/dfc/dfc640/2221/course-resource-list/response-readiness-plan.html?ou=622268 2/2
How is it currently controlled, secured, and managed?
Who has access to the data?
Is it archived? If so, where and for how long?
Determine the evidence collection requirement.
Decide which of the possible evidence sources identified in Step 2 can help
deal with the crimes and disputes identified in Step 1, and whether further
ways to gather evidence are required. This is the evidence collection
requirement. The purpose of this step is to produce an evidence requirement
statement, so that those responsible for managing the business risk can
communicate with those running and monitoring information systems through
an agreed requirement for evidence.
Establish a capability for securely gathering legally admissible evidence to meet
the requirement.
Evaluate evidence collection and how the organization will handle the
following two questions:
Can the evidence be gathered without interfering with business
processes?
Can the evidence be gathered legally?
Establish a policy for secure storage and handling of potential evidence.
Ensure monitoring and auditing is targeted to detect and deter major incidents.
Specify circumstances when escalation to a full formal investigation (which
may use digital evidence) is required.
Recommend the training that is needed to help users understand their role in
the digital evidence process and the legal sensitivities of evidence.
Conclusion
© 2022 University of Maryland Global Campus
All links to external sites were verified at the time of publication. UMGC is not responsible for the validity or integrity
of information located at external sites.