DS/EN ISO/IEC 27041:2016

Information technology - Security techniques - Guidance on assuring suitability and adequacy of incident investigative method

This International Standard provides guidance on mechanisms for ensuring that methods and processes*used in the investigation of information security incidents are ôfit for purposeö. It encapsulates best*practice on defining requirements, describing methods, and providing evidence that implementations of*methods can be shown to satisfy requirements. It includes consideration of how vendor and third-party*testing can be used to assist this assurance process.*This document aims to*û provide guidance on the capture and analysis of functional and non-functional requirements*relating to an Information Security (IS) incident investigation,*û give guidance on the use of validation as a means of assuring suitability of processes involved in the*investigation,*û provide guidance on assessing the levels of validation required and the evidence required from a*validation exercise,*û give guidance on how external testing and documentation can be incorporated in the validation*process.