Investigation Types
Unlock the complete study guide + 1,040 practice questions across 16 full exams.
Bundled into the existing Certified Information Systems Security Professional premium course — no separate purchase.
Included in this chapter:
- The five investigation types and why the type is decided first
- Standards of proof and chain of custody by type
- Exam-pattern recognition
The five investigation types: who runs it, the proof standard, and what is at stake
| Dimension | Administrative | Civil | Criminal | Regulatory / Industry-standards |
|---|---|---|---|---|
| Who initiates | The organization itself | A private plaintiff | Government / prosecutor | Oversight agency or contractual framework (e.g. PCI DSS) |
| Standard of proof | Internal management judgment (lowest) | Preponderance of the evidence (>50%) | Beyond a reasonable doubt (highest) | Agency- or framework-defined (often administrative/civil-level) |
| Typical outcome | Discipline, termination, policy change | Monetary damages or injunctive relief | Fines, probation, imprisonment | Penalties, sanctions, fines, loss of standing |
| Evidence / process rigor | Acceptable-use policy and consent banners | Discovery / e-discovery between parties | Warrant, search-and-seizure rules, strict chain of custody | The body's prescribed procedures and reporting deadlines |
Decision tree
Cheat sheet
Unlock with Premium — includes all practice exams and the complete study guide.