Cybercrime: Incident Response and Digital Forensics By Robert Schperberg 218 pages; $40-55 Information Systems Audit and Control Association

In this excerpt of Chapter 2 from ISACA's Cybercrime: Incident Response and Digital Forensics, author Robert Schperberg looks at the benefits of instituting an incident response process.

Today, global organizations rely on the Internet, VPNs, WANs and LANs to conduct their day-to-day business. Many global organizations rely on e-commerce to produce revenue.

Skeptics ask: Why the need for the elaborate processes, and why spend money on building a program that does not contribute to the bottom line? The answer to this question is provided by a sample of activities that take place in the cyberenvironment, reinforcing the need to create a cyber-response program to investigate cyberattacks and cyberfraud, and conduct digital forensics evidence recovery and analysis.

In 2005, one in five enterprises is expected to experience a serious Internet security incident targeting information and intellectual property, Gartner analysts predict. Of all future attacks, nearly one in three will be financially or politically motivated, according to Richard Hunter, a Gartner vice president and research director. Cybercriminals are taking advantage of users, enterprises and unsecured systems to usher in high-profit, low-overhead crimes.

More information Download Chapter 2, Business drivers for creating an incident response process and conducting digital forensics investigations Learn more about incident response in our resource center Read more book excerpts, chapters and reviews What's on your bookshelf? Share your favorite infosec titles with the editor

Incident response is a vital part of any successful IT program. It is frequently overlooked until a major security breach occurs, resulting in untold amounts of unnecessary time and money spent, not to mention the stress associated with responding to a crisis. Potential risks that could occur as a result of any cybercrime incident include:

• Threat to human life
• Financial loss
• Exposure to legal liability
• Loss of customer confidence
• Damage to organizational reputation
• Loss and unauthorized modification of data
• Threat to national security

A solid incident response program can save an organization a substantial amount of money and a significant degree of embarrassment. The following are generally cited as business drivers of implementing security programs to combat cybercrime, thus enabling executive management to improve the ROI of implementing incident response programs and use digital forensics: