Skip to main content

Conducting Investigations

Updated Jan 30, 2024 ·

Investigations in Cybersecurity

Cybersecurity investigations help organizations identify problems, gather evidence, and resolve incidents. They can be divided into four main types:

  • Administrative Investigations
  • Criminal Investigations
  • Civil Investigations
  • Regulatory Investigations

These types provide a clear framework for handling different cybersecurity and organizational issues effectively.

Administrative Investigations

These are internal investigations that focus on operational and employee-related issues within an organization.

  • Resolve operational problems like slow networks or system errors
  • Perform root cause analysis to identify underlying issues
  • Address HR matters, including performance or policy violations
  • Use lower evidence standards as legal action is usually not involved

Administrative investigations help maintain smooth operations and ensure accountability within the organization.

Motive, Opportunity, Means

These three factors help identify potential suspects and understand incidents.

  • Motive: Why someone might commit the act
  • Opportunity: The chance or access to perform the act
  • Means: Tools or methods used to carry out the act

Criminal Investigations

These investigations are conducted by law enforcement to address violations of criminal law.

  • Focus on evidence that can lead to criminal charges
  • Penalties may include fines or jail time
  • Follow the "beyond a reasonable doubt" standard
  • Aim to gather strong evidence of guilt

Criminal investigations are high-stakes and require strict adherence to legal procedures.

info

Beyond a Reasonable Doubt: Evidence must be convincing enough that no reasonable person would doubt the defendant’s guilt.

Civil Investigations

Civil investigations handle non-criminal disputes between parties.

  • Initiated by individuals, businesses, or government entities
  • Examples include contract disputes, employment issues, or IP infringements
  • Use the "preponderance of the evidence" standard
  • Typically do not involve jail time

Civil investigations help resolve disputes and enforce legal agreements without criminal penalties.

info

Preponderance of the Evidence: One side’s evidence is more convincing and likely true than the other side’s.

Regulatory Investigations

Government agencies or compliance bodies conduct regulatory investigations to enforce administrative laws and standards.

  • Can be civil or criminal depending on the case
  • Evidence standards vary with the type of investigation
  • Organizations may also follow industry regulations (e.g., PCI DSS)

Regulatory investigations ensure that organizations comply with laws and industry standards, protecting both the organization and the public.

Interviews in Investigations

Interviews are key for gathering information during any investigation.

  • Conducted voluntarily to collect facts
  • Different from interrogations, which are formal and used by law enforcement
  • Cybersecurity professionals focus on interviews to gather actionable intelligence

Interviews provide essential insights, and help investigators understand incidents and make informed decisions.