Chapter 9: Legal, Regulations, Compliance, and Investigations - Investigations

A lot of the time, the person that is done wrong in a computer crime is not even aware of it. There is a difference between an event and an incident concerning incident management. Events can be documented and observed. An incident is many of these negative events that hurt a company. The study guide makes a point to mention that most companies do not even have an incident management program. They just have a response process. The study guide goes even further stating that companies need to have an incident management process, because there is no sense in having a plan if you do not even know the bad things thats are going on. The definition of investigation from a computer security standpoint is pretty standard. You collect data, and analyze it to find out how bad the incident was/is and figure out how the incident happened.