The Governance of Corporate Forensics Using COBIT, NIST and Increased Automated Forensic Approaches

Today, the ability to investigate internal matters such as policy violations, regulatory compliance, and employee separation has become important in order for corporations to manage risk. The degree of information security threats evolving on a daily basis has increasingly raised concerns for enterprise organizations. These threats include but are not limited to fraud, insider threat and intellectual property (IP) theft. These have increased the demand for organizations to implement corporate forensics as a deterrent to illegitimate acts or for linking perpetrators to their illegitimate acts. This explains why forensic practices are expanding from the traditional role in law enforcement and becoming an essential part of business processes. However, most organizations may not be maximizing the benefits of corporate forensic capabilities because of lack of corporate forensic governance best practices, needed to ensure organizations prepare their operating environment for digital forensic investigation. Corporate forensic governance will help ensure that digital evidence is obtained in an efficient and effective way with minimal interruption to the business. This paper presents a corporate forensic governance framework intended to enhance forensic readiness, governance, and management, and increase the use of automated forensic techniques and in-house forensically sound practices in large organizations that have a need for these practices.