In this chapter the reader will gain an understanding of the important aspects of incident investigation and how the forensic evidence may be preserved. They will learn about the basic concepts of and uses of cryptography.


We have already mentioned that, even in organisations with very effective governance, there will be occasions on which it is necessary to investigate activity and use forensic techniques to discover and preserve evidence for later use. Some of this has already been described in previous chapters and the reader will be referred back to that material where appropriate. It is advisable to read the section on ‘Security incident management’ in Chapter 3 if you have not already ...

Get Information Security Management Principles - Second edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.