Insider laws and regulations
If a company wants to implement technological solutions designed to help detect and investigate insider threats, explicit roles and regulations should exist within the company to regulate the monitoring, detection, investigation, and prosecution processes. These resources will depend on the organizational structure, who to report to, to be part of the investigation, etc.
Conducting private investigations in organizations are possible. However, organizations should make sure to transfer the investigation to a public investigation if they realize that, based on the nature of the crime, they should step out of the case.
For companies’ sanctions and violations, policies and regulations should be in place first that guide employees to the proper usage of computing resources, the Internet, information privacy, etc. Employees should be trained and educated on how to avoid any liabilities based on improper actions.
Auditing and loggings mechanisms can be used to search for evidences. Investigation teams should have the technical skills and the knowledge related to laws and regulations that make themcapable of searching for, collecting properly handling and using digital evidences.
Due to the evolutionary nature of computing environments, digital related laws evolved and continue to evolve rapidly. How much valid and credible a digital evidence can be? Can we trust a web log that traces a phishing attack to a certain user? Those are examples of open legal issues and concerns when it comes to digital investigations in general.