K-FFRaaS: A Generic Model for Financial Forensic Readiness as a Service in Korea

While Korean financial companies are currently providing electronic financial services by establishing the high-level information technology and security system in accordance with the Electronic Financial Supervision Regulations (EFSR), they are rarely equipped with digital forensic readiness (DFR) to maximize the capability to collect critical digital evidence (DE). So, there is a limit to identifying the root cause of financial incidents and securing admissible DE. In this paper, we present Financial Forensic Readiness as a Service in Korea (K-FFRaaS), as DFR of financial companies to acquire an admissible DE. Based on ISO/IEC 27043:2015 international standard, K-FFRaaS consists of 3 main processes groups, namely: Planning processes group, Implementation processes group, and Assessment processes group. The purpose of planning processes group is to prepare the organization to be forensically ready before potential incidents happen. The main task of implementation processes group is to carry out the processes defined in the planning processes group. The goal of assessment processes group is to evaluate whether the result of the implementation processes group is consistent with the objective of K-FFRaaS. The contribution of this research is to present that financial companies can adopt the systematic management procedure for identifying causes of incidents, storing potential DE, and presenting scientific evidence to a court of law through K-FFRaaS.