This lesson will help CISSP candidates to quickly understand and memorize the investigation methods presented in Domain 7, Security Operations.
This video is current and presented as part of the common body of knowledge (CBK) update that was done in April of 2018.
The best way to memorize the Investigative techniques is to write, copy, and say the phrase, “AIME at the target.”
A is for automated capture. It’s called automated because normal processes within the business, such as system audit logs, CCTV, and ledgers are automatically gathered, captured, and preserved within the normal day-to-day operations of the business.
The I stands for interviews, which should be recorded with an audio device if it’s legal to do so. Interviews should not be done alone, you should always have someone to help take notes, and to ensure that due process is being followed. You also need to ensure that you preserve the subject’s rights.
The M stands for Manual capture: this is the manual investigative process that’s followed, for example by private or police investigators taking photos, copying stuff, conducting video surveillance and legal wiretapping. The E is for external request: this is where the investigator would ask for information from third party entity, such as a government agency, health insurance company, etc.