Saturday, March 20, 2010

ISO standards and computer forensics

by Simon Biles

Simon Biles
About the Author

Simon Biles is a founder of Thinking Security Ltd., an Information Security and Risk Management consultancy firm based near Oxford in the UK.

Forensics and Information Security make for strange bedfellows - they sit on the opposite sides of the same coin, and although I have a strong belief that a fundamental knowledge of one is almost a prerequisite for success in the other, they don't half make each other's lives difficult!

I'm privileged to have been asked to write here, on a regular basis no less (!), and I'm very conscious that I'm writing from that opposite side - the one that makes sure that information doesn't leave the secure systems that it's been put on. Full disclosure is a fine concept, but it needs to be executed with a little finesse, so I'll try to be careful.

In any case, this month I'm on safe ground - no encryption, plausible deniability or anonymous browsing - today we are going to talk about ISO Standards. OK, anybody still reading? Fine, I accept that it's not the world's most exciting or sexy subject, however in the UK at least, it is something that has become very much more important as there are moves to enforce compliance with ISO 17025 for forensic labs. The ISO relates to the "General requirements for the competence of testing and calibration laboratories", and is, like so many other ISO standards, a specific extension of ISO 9001, the Quality Management standard. (Personally, I think that all labs should comply with the Information Security Standard ISO 27001 - with all of the critical, confidential and important data kicking around - it seems logical to me, not to mention more personally relevant.)

The standard has been taken on board by the Forensic Science Regulator, Andrew Rennison (http://police.homeoffice.gov.uk/operational-policing/forensic-science-regulator/index.html) who has been working on ensuring that UK labs do meet certain basic standards. He's taken care to engage well with the Digital Forensics community, taking advice from a Specialist Group made up of significant digital forensics leaders in the UK and also engaging with the wider community in the form of workshops and conferences. At the moment there is a tender out for the development of a framework interpreting ISO 17025 as it applies to specific subject areas - and, although digital forensics isn't explicitly mentioned - with crimes related to computers being measured in the millions, it will have to be...

Read more

3 comments:

Si said...

It's worth following this FF Forum Topic too :

http://www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=5114

Business Servers said...

ISO is the best way to judge the quality of any product.

ISO Training Online said...

ISO training enables employees to improve productivity and make the business grow. The benefits of getting a ISO certification is that employees can improve by being productive and the products and services will improve.