Understanding Requirements for Investigation Types
Understanding Requirements for Investigation Types

This course is the first of 4 modules of Domain 7 of the CISSP, covering Security Operations.

Learning Objectives

The objectives of this course are to provide you with the ability to:

  • Understand and support investigations
  • Understand requirements for investigation types
  • Conduct logging and monitoring activities
  • Secure the provisioning of resources through configuration management
  • Understand and apply foundational security operations concepts

Intended Audience

This course is designed for those looking to take the most in-demand information security professional certification currently available, the CISSP.


Any experience relating to information security would be advantageous, but not essential.  All topics discussed are thoroughly explained and presented in a way allowing the information to be absorbed by everyone, regardless of experience within the security field.


If you have thoughts or suggestions for this course, please contact Cloud Academy at


Moving on to Section Two, we're going to look at a brief section on understanding the requirements for investigation types. So here we're going to look at an introduction to the legal regime that may come into play and the types of investigations that we'll be faced with. It shouldn't come as any surprise that countries differ very widely in the level of forensic importance that this type of evidence has, the level of skill that may be available within the country to do this kind of examination and whether or not the legal regime in that particular country even allows it to be an evidentiary article that can be presented in a court.

We will find that it goes all the way from very sophisticated, as might be expected in first world countries, to other countries where computers are no more complex than fax machines and mobile devices. One of our main goals in such conditions that vary so widely is to understand clearly and assign responsibility with equal clarity because it may be that it's very ambiguous, in fact, it may not be defined at all. And this can put a very real constraint around the value of the forensic analyses and information that we can provide through these processes.

The types of investigations that we're going to conduct will typically fall into one or another of three general categories. We have the operational, probably the most common of the three. These are investigations that are conducted at a purely internal kind of a basis. What we're looking for is we're looking for solutions to problems that have arisen, possibly employee misbehavior, and we're trying to do the basics to get us to a root cause analysis to find out what has gone wrong or what the misbehavior is. We have, of course, criminal, looking for various forms of crimes that have been committed such as human trafficking, arms trafficking, drug trafficking and the like. We have, of course, civil. These are typically governed in the US by the Federal Rules of Civil Procedure. And a civil action typically involves two parties, one of whom is claiming some form of harm that has been done to them by the opposing party.

About the Author
Learning Paths

Mr. Leo has been in Information System for 38 years, and an Information Security professional for over 36 years.  He has worked internationally as a Systems Analyst/Engineer, and as a Security and Privacy Consultant.  His past employers include IBM, St. Luke’s Episcopal Hospital, Computer Sciences Corporation, and Rockwell International.  A NASA contractor for 22 years, from 1998 to 2002 he was Director of Security Engineering and Chief Security Architect for Mission Control at the Johnson Space Center.  From 2002 to 2006 Mr. Leo was the Director of Information Systems, and Chief Information Security Officer for the Managed Care Division of the University of Texas Medical Branch in Galveston, Texas.


Upon attaining his CISSP license in 1997, Mr. Leo joined ISC2 (a professional role) as Chairman of the Curriculum Development Committee, and served in this role until 2004.   During this time, he formulated and directed the effort that produced what became and remains the standard curriculum used to train CISSP candidates worldwide.  He has maintained his professional standards as a professional educator and has since trained and certified nearly 8500 CISSP candidates since 1998, and nearly 2500 in HIPAA compliance certification since 2004.  Mr. leo is an ISC2 Certified Instructor.