Page 1364 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1364
evidence collected, and the final results of the investigation. The
degree of formality behind this report will vary based upon the
organization’s policy and procedures, as well as the nature of the
investigation.
Preparing formal documentation is very important because it lays the
foundation for escalation and potential legal action. You may not know
when an investigation begins (or even after it concludes) that it will be
the subject of legal action, but you should prepare for that eventuality.
Even internal investigations into administrative matters may become
part of an employment dispute or other legal action.
It’s a good idea to establish a relationship with your corporate legal
personnel and the appropriate law enforcement agencies. Find out
who the appropriate law enforcement contacts are for your
organization and talk with them. When the time comes to report an
incident, your efforts at establishing a prior working relationship will
pay off. You will spend far less time in introductions and explanations
if you already know the person with whom you are talking. It is a good
idea to identify, in advance, a single point of contact in your
organization that will act as your liaison with law enforcement. This
provides two benefits. First, it ensures that law enforcement hears a
single perspective from your organization and knows the “go-to”
person for updates. Second, it allows the predesignated contact to
develop working relationships with law enforcement personnel.
One great way to establish technical contacts with law
enforcement is to participate in the FBI’s InfraGard program.
InfraGard exists in most major metropolitan areas in the United
States and provides a forum for law enforcement and business
security professionals to share information in a closed
environment. For more information, visit www.infragard.org.
