Should information security policies include incident-handling procedures for computer crimes?
Yes. A principal purpose of documented incident-handling procedures is to establish steps that further the preservation of potential evidence for later use by law enforcement. As with any crime, the proper collection of evidence is important, and poor incident response can result in the loss of evidence. Incident-handling procedures will expedite the response to the incident. These procedures should establish critical personnel during and after the incident and identify the stage at which law enforcement should be contacted. Generally, law enforcement should be contacted as early as practicable after a security breach has been identified as a possible crime. Finally, incident-handling procedures may also protect your organization from the loss of an insurance claim or a subsequent lawsuit. Some insurance companies may require an immediate notification to law enforcement, or have procedures for computer crime incidents in place. Appropriate procedures may make a difference in the validi