Page 1349 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1349
Investigations
Every information security professional will, at one time or another,
encounter a security incident that requires an investigation. In many
cases, this investigation will be a brief, informal determination that the
matter is not serious enough to warrant further action or the
involvement of law enforcement authorities. However, in some cases,
the threat posed or damage done will be severe enough to require a
more formal inquiry. When this occurs, investigators must be careful
to ensure that proper procedures are followed. Failure to abide by the
correct procedures may violate the civil rights of those individual(s)
being investigated and could result in a failed prosecution or even
legal action against the investigator.
Investigation Types
Security practitioners may find themselves conducting investigations
for a wide variety of reasons. Some of these investigations involve law
enforcement and must follow rigorous standards designed to produce
evidence that will be admissible in court. Other investigations support
internal business processes and require much less rigor.
Administrative Investigations
Administrative investigations are internal investigations that examine
either operational issues or a violation of the organization’s policies.
They may be conducted as part of a technical troubleshooting effort or
in support of other administrative processes, such as Human
Resources disciplinary procedures.
Operational investigations examine issues related to the organization’s
computing infrastructure and have the primary goal of resolving
operational issues. For example, an information technology (IT) team
noticing performance issues on their web servers may conduct an
operational investigation designed to determine the cause of the
performance problems.
