Security Incident Investigations Within Financial Institutions – Part 1 of 2 of this article provides a general overview of the security investigation process, how it fits within the incident response process, the required preparation process and the relationship between this process and security intelligence activities. The general model of incident response comprises six steps: Preparation, Identification, Containment, Eradication and Recovery. The investigation process should be present (at least partially) in each of the six steps. Financial institutions face difficult decisions while handling security incidents, mainly because of regulatory requirements.”]