Computer forensic standards are being introduced for IT professionals to ensure systems are created with benchmarks to support evidentiary requirements.
The standards, which would apply to all enterprise IT systems, are being jointly developed by Standards Australia and the Attorney General’s department and plans are under way to have them introduced by March 2003.
A committee has been established and includes the Australian Communications Authority (ACA), Defense Signals Directorate, Australian Security Investment Commission, Australian Prudential and Regulatory Authority, the Australian Federal Police, Telstra, Optus and OzEmail.
A U.K. standard is already in place but committee chair, Ajoy Ghosh, principal consultant at 90east, said Australia cannot simply follow the U.K. because Australian business has to fit its own local regulatory environment.
“Rather than reacting to hacking attacks, business has to have a proactive approach by including in systems the necessary requirements for protection, especially if they are submitting contracts online,” he said.
With Federal Government support, Ghosh said the standards could become mandatory for IT professionals to implement and the ACA can ensure they are followed by ISPs .