Skip to main content

Conducting Investigations

Updated Jan 30, 2024 ·

Investigations in Cybersecurity

Understanding the various types of investigations helps information security professionals effectively contribute to their respective roles within these processes. There are four main types of investigations that often involve cybersecurity professionals:

  • Administrative Investigations
  • Criminal Investigations
  • Civil Investigations
  • Regulatory Investigations

Administrative Investigations

These internal investigations focus on operational issues within an organization.

  • Resolve operational issues like slow servers or network congestion.
  • Include root cause analysis to identify underlying problems.
  • Address human resources matters, such as employee performance.
  • Have lower evidence standards since they are not linked to legal actions.

Criminal Investigations

Conducted by law enforcement agencies, these investigations address violations of criminal law.

  • Involve high stakes, potentially leading to criminal charges.
  • Penalties may include fines or possible jail time.
  • Use the "beyond a reasonable doubt" standard for evidence.
  • Focus on gathering substantial evidence of guilt.

Beyond a Reasonable Doubt: It means the evidence must be so convincing that there is no reasonable doubt in a juror's mind about the defendant's guilt.

Civil Investigations

These investigations deal with non-criminal disputes between parties.

  • Can be initiated by government, businesses, or individuals.
  • Examples: Contract disputes, employment law violations, intellectual property infringement
  • Utilize the "preponderance of the evidence" standard.
  • Do not risk jail time, resulting in lower evidence standards.

Preponderance of the Evidence: It means that one side's evidence is more convincing than the other's, showing that something is more likely true than not.

Regulatory Investigations

These are initiated by government agencies to check for potential violations of administrative law.

  • Can be civil or criminal based on the case type.
  • Use appropriate evidence standards as per the investigation nature.
  • Non-governmental organizations may also enforce compliance (e.g., PCI DSS).

Interviews in Investigations

Interviews are an essential tool in investigations to gather valuable information.

  • Conducted voluntarily to extract pertinent information.
  • Distinguish between interviews and interrogations (the latter reserved for law enforcement).
  • Cybersecurity analysts should focus on interviews.