CISM - Incident Management - Section 4.8
Investigate and evaluate information security incidents in accordance with legal and regulatory requirements.
Investigate information security incidents using digital forensics techniques and evidence preservation procedures that maintain a documented chain of custody. Recognise how legal requirements and regulatory obligations shape the scope, documentation standards, and permissible evidence-handling methods during an investigation.
Digital forensicsEvidence preservationChain of custodyLegal requirements
More in this domain
Back to all Incident Management objectives, or the CISM cert hub.
Examworthy is not affiliated with or endorsed by ISACA. Original, blueprint-aligned practice material only.