Summary | The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program

Usually, a security department's staff is not trained to conduct high-technology investigations where technical evidence and forensic expertise are needed as an integral part of solving the crime. The ISSO and staff are in the best position to support the Security Department or an outside law enforcement agency in conducting their investigations. An agreement should be worked out between the Director of Security and the ISSO as to who has what authority for investigations relevant to violations of corporate policies as well as those that would also be a criminal offense.

Corporations must have current policies detailing when an outside law enforcement agency should be called and when a matter identified as a violation of law, criminal or civil, should be investigated internally. It is absolutely mandatory that such decision not be made by the ISSO, but by executive management supported by the Legal staff, Public Relations staff, and Human Resources staff. If a law enforcement agency is contacted, the corporation must be prepared for usually many months of support to the investigative agency as well as bad publicity.

High-technology crime investigations and NCIs are based on basic investigative techniques and answering the questions of who, how, where, when, why, and what.

High-technology criminals are beginning to install more sophisticated security systems, including encryption systems. Such devices will require very sophisticated devices and expertise to access them. Some have focused on methods of destroying evidence if law enforcement or investigators tamper with the system.

The challenges to high-technology crime investigators and computer forensics specialists are many and quickly increasing. Only through constant training will investigators and ISSO staff members have any hope at all of keeping up with these changes, including searching media for evidence.

Keys to successful searches: know the technology, have a plan, use common sense, and use a specialist who is an expert in the technology and accompanying software to be searched.