The influence of written information security policy on forensic data collection: A case study

The purpose of the study was to document the experience individuals had with written information security policy as it related to collecting forensic data as evidence. The study evaluated the experiences of three specific groups of individuals, through the lens of their unique perspectives, with written information security policy as a result of an incident involving their computing resources. Many of the findings followed earlier research that provided insight on why each of the findings was important and how individuals were affected by their experiences in applying written information security policy. The overall theme focused on the importance of clear communication and understanding of the intent, or why the policy was in place and the importance of an individual's first actions in responding to a suspected incident. Findings provided insight that awareness may be improved by focusing on the intent of the policy rather than just the policy itself.