Understand Requirements for Investigation Types
Investigations and incident management must often be conducted simultaneously in a well-coordinated and controlled manner to ensure that the initial actions of either activity don’t destroy evidence or cause further damage to the organization’s assets. In this part of this tutorial, we’ll take a look at requirements for investigation types to help you understand the different aspects of requirements for investigation types.
Investigation methods will differ based on the investigating the incident. For example, it is clear that if the financial software of the organization publishes incorrectly, the way it is researched will be different from the type of research that will be done after the hacking of the organization’s website.
Each type of investigation has special considerations:
- Administrative: An administrative investigation, is non-criminal investigations related to misconduct or actions of an employee. Therefore, the collection and handling of evidence, documentation, and reporting are not as critical as with other types of investigations.
- Criminal: A criminal investigation deals with an allegation of criminal misconduct and violation of federal, state or local criminal codes. These investigations require adherence to proper evidence collection. So, In the process of doing this type of investigation, the focus is on gathering information and evidence; Evidence that can be presented to the court.
- Civil: A civil investigation helps uncover and assemble the information needed for a civil trial. What violations or incidents are being investigated and tried in a civil court? Usually events or violations that are related to the civil and legal rights of individuals and institutions, But a murder case or a theft of information and assets is not submitted to a civil court. For instance, if one person sues another for damages caused in a domestic accident, then the case will likely be tried in a civil trial.
- Regulatory: These investigations often take the form of external, mandatory audits, and are focused on evaluating security controls and compliance. The board must ensure that reasonable compliance and information and reporting systems are in place, so that if something does go wrong, it will be handled appropriately. A regulatory investigation is conducted by a regulating body, such as the Securities and Exchange Commission (SEC) against an organization suspected of a violation.
- Electronic Discovery: or eDiscovery. This is the gathering of electronic data such as email, instant messaging and social media data for an investigation which could be an administration, criminal, civil or regulatory. The primary purpose in this type of investigation is to preserve the original data and metadata related the required information.
Go CISSP’s Home