10. law invest & ethics

Law, Investigations and Law, Investigations and EthicsEthics

ObjectivesObjectives

To review To review computer crime laws and regulationscomputer crime laws and regulations; ; investigative investigative measures and techniquesmeasures and techniques used to determine if a crime has used to determine if a crime has been committed and methods to gather evidence; and the been committed and methods to gather evidence; and the ethical constraintsethical constraints that provide a code of conduct for the that provide a code of conduct for the security professional.security professional.

To review the To review the methods for determining if a computer crime methods for determining if a computer crime has been committedhas been committed; the ; the lawslaws that would be applicable for the that would be applicable for the crime; laws prohibiting specific types of computer crime; crime; laws prohibiting specific types of computer crime; methods to gather and preserve methods to gather and preserve evidenceevidence of a computer of a computer crime, crime, investigative methods and techniquesinvestigative methods and techniques; and ways in ; and ways in which which RFC 1087RFC 1087 and the and the (ISC)(ISC)22 Code of Ethics Code of Ethics can be applied can be applied to resolve ethical dilemmas.to resolve ethical dilemmas.

Law Investigation and EthicsLaw Investigation and Ethics

LawsLaws Security incidents Recognition skills Response skills Technical skills Investigations Incident handling Code of Ethics

Major categories of computer crime Computer assisted crime - Criminal activities that

are not unique to computers but merely use computers as tools to assist the criminal endeavor (e.g., fraud, child pornography)

Computer specific or targeted crime - Crimes directed at computers, networks, and the information stored on these systems (e.g., denial of service, sniffers, attacking passwords)

Computer is incidental - The computer is incidental to the criminal activity (e.g., customer lists for traffickers)

LawsLawsCriminal Law - Individual conduct violating government laws enacted for the protection of the public

Unauthorized accessExceeding authorized accessIntellectual property theft or misuse of informationPornographyTheft of computing servicesForgery using a computerProperty theft (e.g., computer hardware and chips)Invasion of privacyDenial-of-servicesComputer fraudReleasing viruses and other malicious codeSabotage (i.e., data alteration or malicious destruction)Extortion by computerEmbezzlement using a computerEspionage involving computersTerrorism involving computersIdentity theft

Laws Cont…Laws Cont… Civil Law (Tort)

Wrong against an individual or business, typically resulting in damage or loss to that individual or business

There is no jail sentence under the civil law system

Administrative Law (Regulatory law) Establishes the standards of performance and

conduct for organizations conducting business in various industries

Violations of these laws can result in financial penalties or imprisonment

Proprietary Rights & ObligationsProprietary Rights & Obligations

Legal Forms of ProtectionLegal Forms of Protection Trade Secrets: Trade Secrets: Information that Provides a Competitive Information that Provides a Competitive

Advantage.Advantage. Protect Ideas. Protect Ideas. Copyrights: Copyrights: Right of an Author to Prevent Use or Copying Right of an Author to Prevent Use or Copying

Works of the Author. Protect Expression of Ideas. Works of the Author. Protect Expression of Ideas. Patents: Patents: Protect Results of Science, Technology & Protect Results of Science, Technology &

EngineeringEngineering Business NeedsBusiness Needs

Protect Developed SoftwareProtect Developed Software Contractual AgreementsContractual Agreements Define Trade Secrets for EmployeesDefine Trade Secrets for Employees

Proprietary Rights & Obligations Cont…Proprietary Rights & Obligations Cont…

Security Techniques to Protect Trade SecretsSecurity Techniques to Protect Trade Secrets Numbering CopiesNumbering Copies Logging Document IssuanceLogging Document Issuance Checking Files & WorkstationsChecking Files & Workstations Secure StorageSecure Storage Controlled DistributionControlled Distribution Limitations on CopyingLimitations on Copying

Contractual Commitments to Protect Proprietary RightsContractual Commitments to Protect Proprietary Rights Licensing Agreements with VendorsLicensing Agreements with Vendors Liability for ComplianceLiability for Compliance

Proprietary Rights & Obligations Cont…Proprietary Rights & Obligations Cont…

Enforcement EffortsEnforcement Efforts Software Protection Association (SPA)Software Protection Association (SPA) Federation Against Software Theft (FAST)Federation Against Software Theft (FAST) Business Software Alliance (BSA)Business Software Alliance (BSA)

Personal ComputersPersonal Computers Establish User AccountabilityEstablish User Accountability Policy Development and CirculationPolicy Development and Circulation Purging of Proprietary SoftwarePurging of Proprietary Software

Protection for Computer ObjectsProtection for Computer Objects

Hardware - PatentsHardware - Patents FirmwareFirmware

Patents for Physical DevicesPatents for Physical Devices Trade Secret Protection for CodeTrade Secret Protection for Code

Object Code Software - CopyrightsObject Code Software - Copyrights Source Code Software - Trade SecretsSource Code Software - Trade Secrets Documentation - CopyrightsDocumentation - Copyrights

Management ProblemsManagement Problems

Corporate RecordkeepingCorporate Recordkeeping Accuracy of Computer Records: Potential Use in CourtAccuracy of Computer Records: Potential Use in Court IRS Rules: Inadequate Controls May Impact Audit FindingsIRS Rules: Inadequate Controls May Impact Audit Findings

Labor and Management RelationsLabor and Management Relations Collective Bargaining: Collective Bargaining: Disciplinary Actions, Workplace RulesDisciplinary Actions, Workplace Rules Work StoppageWork Stoppage Limitations on Background InvestigationsLimitations on Background Investigations Limitations on Drug and Polygraph TestingLimitations on Drug and Polygraph Testing Disgruntled EmployeesDisgruntled Employees Non-Disclosure RequirementsNon-Disclosure Requirements Immigration LawsImmigration Laws Establishment and Enforcement of Security RulesEstablishment and Enforcement of Security Rules

Management Problems Cont…Management Problems Cont…

Data Communications: Data Communications: Disclosure thru -Disclosure thru - Eavesdropping and InterceptionEavesdropping and Interception Loss of Confidential InformationLoss of Confidential Information

OutsourcingOutsourcing Contract ReviewContract Review Review of Contractor’s CapabilitiesReview of Contractor’s Capabilities Impact of DownsizingImpact of Downsizing Contractor Use of Proprietary SoftwareContractor Use of Proprietary Software

Management Problems Cont…Management Problems Cont… Personal InjuryPersonal Injury

Employee SafetyEmployee Safety Carpal Tunnel SyndromeCarpal Tunnel Syndrome Radiation InjuryRadiation Injury

Insurance Against Legal LiabilityInsurance Against Legal Liability Requirements for Security PrecautionsRequirements for Security Precautions Right to Inspect PremisesRight to Inspect Premises Cooperation with Insurance CompanyCooperation with Insurance Company

Legal LiabilityLegal Liability Due Care - Due Care - Minimum and Customary Practice of Responsible Minimum and Customary Practice of Responsible

Protection of AssetsProtection of Assets Due Diligence - Due Diligence - The Prudent Management and Execution of Due The Prudent Management and Execution of Due

CareCare Programming Errors - Programming Errors - Reasonable Precautions for -Reasonable Precautions for -

Loss of a ProgramLoss of a Program Unauthorized RevisionsUnauthorized Revisions Availability of Backup VersionsAvailability of Backup Versions

Product LiabilityProduct Liability Liability for Database Inaccuracies: Due to Security BreachesLiability for Database Inaccuracies: Due to Security Breaches European Union: No Limits on Personal Liability for Personal European Union: No Limits on Personal Liability for Personal

InjuryInjury

Legal Liability Cont…Legal Liability Cont…

DefamationDefamation Libel Due to Inaccuracy of DataLibel Due to Inaccuracy of Data Unauthorized Release of Confidential InformationUnauthorized Release of Confidential Information Alteration of Visual ImagesAlteration of Visual Images

Foreign Corrupt Practices ActForeign Corrupt Practices Act Mandate for Security Controls or Cost/Benefit AnalysisMandate for Security Controls or Cost/Benefit Analysis Potential SEC LitigationPotential SEC Litigation


Failure to Observe StandardsFailure to Observe Standards FIPS Pubs and CSL BulletinsFIPS Pubs and CSL Bulletins Failure to Comply Used in LitigationFailure to Comply Used in Litigation

Personal LiabilityPersonal Liability Action or Inaction was Proximate CauseAction or Inaction was Proximate Cause Financial Responsibility to PlaintiffFinancial Responsibility to Plaintiff Joint and Several LiabilityJoint and Several Liability


Federal Sentencing GuidelinesFederal Sentencing Guidelines Chapter 8 Added 1991Chapter 8 Added 1991 Applicable to OrganizationsApplicable to Organizations Violations of Federal LawViolations of Federal Law Specifies Levels of FinesSpecifies Levels of Fines Mitigation of Fines Through Implementation of Mitigation of Fines Through Implementation of

PrecautionsPrecautions

Privacy & Other Personal RightsPrivacy & Other Personal Rights

The Federal Privacy ActThe Federal Privacy Act Government Files Open to Public Unless SpecifiedGovernment Files Open to Public Unless Specified Act Applies to Executive Branch OnlyAct Applies to Executive Branch Only ““Record” = Information about an IndividualRecord” = Information about an Individual Must be Need to Maintain RecordsMust be Need to Maintain Records Disclosure Prohibited without ConsentDisclosure Prohibited without Consent Requirements on Government AgenciesRequirements on Government Agencies

Record DisclosuresRecord Disclosures Public Notice of Existence of RecordsPublic Notice of Existence of Records Ensure Security & Confidentiality of RecordsEnsure Security & Confidentiality of Records

Privacy and Other Personal Rights Cont…Privacy and Other Personal Rights Cont…

State Acts and RegulationsState Acts and Regulations Fair Information Practices Acts: Define Information that Fair Information Practices Acts: Define Information that

Can be CollectedCan be Collected Uniform Information Practices Code - National Conference Uniform Information Practices Code - National Conference

of Commissioners on Uniform State Laws: Recommended of Commissioners on Uniform State Laws: Recommended ModelModel

Statutes Regulating Information Maintained by Private Statutes Regulating Information Maintained by Private Organizations: e.g..., Health Care, InsuranceOrganizations: e.g..., Health Care, Insurance


Other Employee RightsOther Employee Rights Electronic Mail: Expectations of PrivacyElectronic Mail: Expectations of Privacy Drug Testing: Limited to Sensitive Positions OnlyDrug Testing: Limited to Sensitive Positions Only Freedom From Hostile Work EnvironmentFreedom From Hostile Work Environment

International PrivacyInternational Privacy European Statutes Cover Both Government and Private European Statutes Cover Both Government and Private

Corporate RecordsCorporate Records Application Primarily to Computerized Data BanksApplication Primarily to Computerized Data Banks Strict Rules on DisclosureStrict Rules on Disclosure Prohibitions of Transfer of Information Across National Prohibitions of Transfer of Information Across National

BoundariesBoundaries


Management ResponsibilitiesManagement Responsibilities Regular Review with Legal DepartmentRegular Review with Legal Department Consider all JurisdictionsConsider all Jurisdictions Prepare Policies for CompliancePrepare Policies for Compliance Enforce PoliciesEnforce Policies Document EnforcementDocument Enforcement

Computer Crime LawsComputer Crime Laws FederalFederal

Computer Fraud and Abuse Act (Title 18, U.S. Computer Fraud and Abuse Act (Title 18, U.S. Code, 1030)Code, 1030)

*Accessing Federal Interest Computer (FIC) to acquire national *Accessing Federal Interest Computer (FIC) to acquire national defense informationdefense information

Accessing an FIC to obtain financial informationAccessing an FIC to obtain financial information Accessing an FIC to deny the use of the computerAccessing an FIC to deny the use of the computer *Accessing an FIC to affect a fraud*Accessing an FIC to affect a fraud *Damaging or denying use of an FIC thru transmission of code, *Damaging or denying use of an FIC thru transmission of code,

program, information or commandprogram, information or command Furthering a fraud by trafficking in passwordsFurthering a fraud by trafficking in passwords

Economic Espionage Act of 1996: Economic Espionage Act of 1996: Obtaining trade Obtaining trade secrets to benefit a foreign entitysecrets to benefit a foreign entity

Electronic Funds Transfer Act: Electronic Funds Transfer Act: Covers use, transport, Covers use, transport, sell, receive or furnish counterfeit, altered, lost, stolen, or sell, receive or furnish counterfeit, altered, lost, stolen, or fraudulently obtained debit instruments in interstate or foreign fraudulently obtained debit instruments in interstate or foreign commerce.commerce.

Federal Computer Crime Laws Cont…Federal Computer Crime Laws Cont…

Child Pornography Prevention Act of 1996 (CPPA): Child Pornography Prevention Act of 1996 (CPPA): Prohibits use of computer technology to produce child pornography.Prohibits use of computer technology to produce child pornography.

Computer Security Act of 1987: Computer Security Act of 1987: Requires Federal Executive Requires Federal Executive agencies to Establish Computer Security Programs.agencies to Establish Computer Security Programs.

Electronic Communications Privacy Act (ECPA): Electronic Communications Privacy Act (ECPA): Prohibits unauthorized interception or retrieval of electronic Prohibits unauthorized interception or retrieval of electronic communicationscommunications

Fair Credit Reporting Act: Fair Credit Reporting Act: Governs types of data that Governs types of data that companies may be collected on private citizens & how it may be used.companies may be collected on private citizens & how it may be used.

Foreign Corrupt Practices Act: Foreign Corrupt Practices Act: Covers improper foreign Covers improper foreign operations, but applies to all companies registered with the SEC, and operations, but applies to all companies registered with the SEC, and requires companies to institute security programs.requires companies to institute security programs.

Freedom of Information Act: Freedom of Information Act: Permits public access to Permits public access to information collected by the Federal Executive Branch.information collected by the Federal Executive Branch.

Computer Laws Cont…Computer Laws Cont…

International LawsInternational Laws Lack of Universal CooperationLack of Universal Cooperation Differences in Interpretations of LawsDifferences in Interpretations of Laws Outdated Laws Against FraudOutdated Laws Against Fraud Problems with Evidence AdmissibilityProblems with Evidence Admissibility ExtraditionExtradition Low PriorityLow Priority

Computer CrimeComputer Crime

Computer Crime as a Separate Category Computer Crime as a Separate Category Rules of Property: Rules of Property: Lack of Tangible AssetsLack of Tangible Assets Rules of Evidence: Rules of Evidence: Lack of Original DocumentsLack of Original Documents Threats to Integrity and Confidentiality: Threats to Integrity and Confidentiality: Goes Goes

beyond normal definition of a lossbeyond normal definition of a loss Value of Data: Value of Data: Difficult to Measure. Cases of Difficult to Measure. Cases of

Restitution only for MediaRestitution only for Media Terminology: Terminology: Statues have not kept pace. Is Computer Statues have not kept pace. Is Computer

Hardware “Machinery”? Does Software quality as Hardware “Machinery”? Does Software quality as “Supplies”.“Supplies”.

Computer Crime Cont…Computer Crime Cont… Computer Crime is Hard to DefineComputer Crime is Hard to Define

Lack of UnderstandingLack of Understanding Laws are Inadequate: Slow to Keep Pace with Rapidly Laws are Inadequate: Slow to Keep Pace with Rapidly

Changing TechnologyChanging Technology Multiple Roles for ComputersMultiple Roles for Computers

Object of a Crime: Target of an AttackObject of a Crime: Target of an Attack Subject of a Crime: Used to attack (impersonating a network node)Subject of a Crime: Used to attack (impersonating a network node) Medium of a Crime: Used as a Means to Commit a Crime (Trojan Medium of a Crime: Used as a Means to Commit a Crime (Trojan

Horse)Horse) Difficulties in ProsecutionDifficulties in Prosecution

Understanding: Understanding: Judges, Lawyers, Police, JurorsJudges, Lawyers, Police, Jurors Evidence: Evidence: Lack of Tangible EvidenceLack of Tangible Evidence Forms of Assets: Forms of Assets: e.g., Magnetic Particles, Computer Timee.g., Magnetic Particles, Computer Time Juveniles: Juveniles:

Many Perpetrators are JuvenilesMany Perpetrators are Juveniles Adults Don’t Take Juvenile Crime SeriouslyAdults Don’t Take Juvenile Crime Seriously

Nature and Extent of Computer-Related Nature and Extent of Computer-Related CrimeCrime

TypologyTypology Input Tampering: Input Tampering: Entry of Fraudulent or False DataEntry of Fraudulent or False Data Throughput Tampering: Throughput Tampering: Altering Computer InstructionsAltering Computer Instructions Output Tampering: Output Tampering: Theft of InformationTheft of Information

Most Common CrimesMost Common Crimes Input and Output TypeInput and Output Type Fraudulent DisbursementsFraudulent Disbursements Fabrication of DataFabrication of Data

The Computer CriminalThe Computer Criminal Typical ProfileTypical Profile

Male, White, YoungMale, White, Young No Prior RecordNo Prior Record Works in Data Processing or AccountingWorks in Data Processing or Accounting

MythsMyths Special Talents are NecessarySpecial Talents are Necessary Fraud has Increased Because of ComputersFraud has Increased Because of Computers

The Criminal MotivationThe Criminal Motivation Personal MotivationsPersonal Motivations

EconomicEconomic EgocentricEgocentric IdeologicalIdeological PsychoticPsychotic

Environmental MotivationsEnvironmental Motivations Work EnvironmentWork Environment Reward SystemReward System Level of Interpersonal TrustLevel of Interpersonal Trust Ethical EnvironmentEthical Environment Stress LevelStress Level Internal Controls EnvironmentInternal Controls Environment

The Control EnvironmentThe Control Environment

Factors that Encourage CrimeFactors that Encourage Crime MotivationMotivation Personal InducementsPersonal Inducements

Factors that Discourage CrimeFactors that Discourage Crime Prevention MeasuresPrevention Measures

Internal Controls SystemsInternal Controls Systems Access Control SystemsAccess Control Systems

Detection MeasuresDetection Measures AuditingAuditing SupervisionSupervision

Crime InvestigationCrime Investigation Detection and ContainmentDetection and Containment

Accidental DiscoveryAccidental Discovery Audit Trail ReviewAudit Trail Review Real-Time Intrusion MonitoringReal-Time Intrusion Monitoring Limit Further LossLimit Further Loss Reduction in LiabilityReduction in Liability

Report to ManagementReport to Management Immediate NotificationImmediate Notification Limit Knowledge of InvestigationLimit Knowledge of Investigation Use Out-of-Band CommunicationsUse Out-of-Band Communications

Crime Investigation Cont…Crime Investigation Cont…

Preliminary InvestigationPreliminary Investigation Determine if a Crime has OccurredDetermine if a Crime has Occurred Review ComplaintReview Complaint Inspect DamageInspect Damage Interview WitnessesInterview Witnesses Examine LogsExamine Logs Identify Investigation RequirementsIdentify Investigation Requirements

Crime Investigation Cont…Crime Investigation Cont… Disclosure DeterminationDisclosure Determination

Determine if Disclosure is Required by LawDetermine if Disclosure is Required by Law Determine if Disclosure is DesiredDetermine if Disclosure is Desired Caution in Dealing with the MediaCaution in Dealing with the Media

Courses of ActionCourses of Action Do NothingDo Nothing SurveillanceSurveillance Eliminate Security HolesEliminate Security Holes Is Police Report Required?Is Police Report Required? Is Prosecution a Goal?Is Prosecution a Goal?

Crime Investigation Cont…Crime Investigation Cont… Conducting the InvestigationConducting the Investigation

Investigative ResponsibilityInvestigative Responsibility Internal InvestigationInternal Investigation External Private Consultant InvestigationExternal Private Consultant Investigation Local/State/Federal InvestigationLocal/State/Federal Investigation

FactorsFactors CostCost Legal Issues (Privacy, Evidence, Search & Seizure)Legal Issues (Privacy, Evidence, Search & Seizure) Information DisseminationInformation Dissemination Investigative ControlInvestigative Control

Crime Investigation Cont…Crime Investigation Cont… Execute the PlanExecute the Plan

Secure and Control SceneSecure and Control Scene Protect EvidenceProtect Evidence Don’t Touch KeyboardDon’t Touch Keyboard Videotape ProcessVideotape Process Capture Monitor DisplayCapture Monitor Display Unplug SystemUnplug System Remove CoverRemove Cover Disks and DrivesDisks and Drives Search Premises (for Magnetic Media and Documentation)Search Premises (for Magnetic Media and Documentation) Seize Other Devices (that may contain information)Seize Other Devices (that may contain information)

Crime Investigation Cont…Crime Investigation Cont… Conduct SurveillanceConduct Surveillance

Physical: Determine Subject’s Habits, Associates, Life Physical: Determine Subject’s Habits, Associates, Life StyleStyle

Computer: Audit Logs or Electronic MonitoringComputer: Audit Logs or Electronic Monitoring Other Information SourcesOther Information Sources

Personnel FilesPersonnel Files Telephone and Fax LogsTelephone and Fax Logs Security LogsSecurity Logs Time CardsTime Cards

Investigative ReportingInvestigative Reporting Document Known FactsDocument Known Facts Statement of Final ConclusionsStatement of Final Conclusions

Computer ForensicsComputer Forensics

Conduct a Disk Image Backup of Suspect System: Conduct a Disk Image Backup of Suspect System: Bit Bit level Copy of the Disk, Sector by Sectorlevel Copy of the Disk, Sector by Sector

Authenticate the File System: Authenticate the File System: Create Message Digest for all Create Message Digest for all Directories, Files & Disk SectorsDirectories, Files & Disk Sectors

Analyze Restored Data: Analyze Restored Data: Conduct Forensic Analysis in a Conduct Forensic Analysis in a Controlled EnvironmentControlled Environment Search Tools: Search Tools: Quick View Plus, Expert Witness, Super SleuthQuick View Plus, Expert Witness, Super Sleuth Searching for Obscure Data: Searching for Obscure Data: Hidden Files/Directories, Hidden Files/Directories,

Erased or Deleted Files, Encrypted Data, Overwritten FilesErased or Deleted Files, Encrypted Data, Overwritten Files Steganography: Steganography: Hiding a Piece of Information within Another Hiding a Piece of Information within Another Review Communications Programs: Review Communications Programs: Links to OthersLinks to Others

Computer Forensics Cont…Computer Forensics Cont… Reassemble and Boot Suspect System with Clean Reassemble and Boot Suspect System with Clean

Operating SystemOperating System Target System May Be InfectedTarget System May Be Infected Obtain System Time as ReferenceObtain System Time as Reference Run Complete System Analysis ReportRun Complete System Analysis Report

Boot Suspect System with Original Operating SystemBoot Suspect System with Original Operating System Identify Rogue ProgramsIdentify Rogue Programs Identify Background ProgramsIdentify Background Programs Identify What System Interrupts have Been SetIdentify What System Interrupts have Been Set

Computer Forensics Cont…Computer Forensics Cont… Search Backup Media: Search Backup Media: Don’t Forget Off-Site StorageDon’t Forget Off-Site Storage

Search Access Controlled Systems and Encrypted FilesSearch Access Controlled Systems and Encrypted Files Password CrackingPassword Cracking Publisher Back DoorPublisher Back Door Documentary CluesDocumentary Clues Ask the SuspectAsk the Suspect Case Law on Obtaining Passwords from SuspectsCase Law on Obtaining Passwords from Suspects

The EvidenceThe Evidence Types of EvidenceTypes of Evidence

Direct: Oral Testimony by WitnessDirect: Oral Testimony by Witness Real: Tangible Objects/Physical EvidenceReal: Tangible Objects/Physical Evidence Documentary: Printed Business Records, Manuals, PrintoutsDocumentary: Printed Business Records, Manuals, Printouts Demonstrative: Used to Aid the Jury (Models, Illustrations, Demonstrative: Used to Aid the Jury (Models, Illustrations,

ChartsCharts Best Evidence Rule: Best Evidence Rule: To Limit Potential for AlterationTo Limit Potential for Alteration Exclusionary Rule: Exclusionary Rule: Evidence Must be Gathered Legally or it Evidence Must be Gathered Legally or it

Can’t Be UsedCan’t Be Used Hearsay Rule: Hearsay Rule: Key for Computer Generated EvidenceKey for Computer Generated Evidence

Second Hand EvidenceSecond Hand Evidence Admissibility Based on Veracity and Competence of SourceAdmissibility Based on Veracity and Competence of Source Exceptions: Rule 803 of Federal Rules of Evidence (Business Exceptions: Rule 803 of Federal Rules of Evidence (Business

Documents created at the time by person with knowledge, part Documents created at the time by person with knowledge, part of regular business, routinely kept, supported by testimony)of regular business, routinely kept, supported by testimony)

The Evidence Cont…The Evidence Cont… Chain of Evidence (Chain of Custody) - Chain of Evidence (Chain of Custody) - Accountability & Accountability &

ProtectionProtection Who Obtained EvidenceWho Obtained Evidence Where and When it was ObtainedWhere and When it was Obtained Who Secured itWho Secured it Who Controlled itWho Controlled it Account for Everyone Who Had Access to or Handled the Account for Everyone Who Had Access to or Handled the

EvidenceEvidence Assurance Against TamperingAssurance Against Tampering

The Evidence Cont…The Evidence Cont… Admissibility of Evidence:Admissibility of Evidence: Computer-generated Evidence Computer-generated Evidence

is Always Suspectis Always Suspect Relevancy:Relevancy: Must Prove a Fact that is Material to the CaseMust Prove a Fact that is Material to the Case Reliability:Reliability: Prove Reliability of Evidence and the Process Prove Reliability of Evidence and the Process

for Producing Itfor Producing It

Evidence Life CycleEvidence Life Cycle Collection and IdentificationCollection and Identification Storage, Preservation, and TransportationStorage, Preservation, and Transportation Presentation in CourtPresentation in Court Return to Victim (Owner)Return to Victim (Owner)

Legal ProceedingsLegal Proceedings

DiscoveryDiscovery Defense Granted Access to All Investigative MaterialsDefense Granted Access to All Investigative Materials Protective Order Limits Who Has AccessProtective Order Limits Who Has Access

Grand Jury and Preliminary HearingsGrand Jury and Preliminary Hearings Witnesses CalledWitnesses Called Assign Law Enforcement LiaisonAssign Law Enforcement Liaison

Trial: Unknown ResultsTrial: Unknown Results Recovery of Damages: Thru Civil CourtsRecovery of Damages: Thru Civil Courts

Legal Proceedings Cont…Legal Proceedings Cont…

Post Mortem Review:Post Mortem Review: Analyze Attack and Close Analyze Attack and Close Security HolesSecurity Holes Incident Response PlanIncident Response Plan Information Dissemination PolicyInformation Dissemination Policy Incident Reporting PolicyIncident Reporting Policy Electronic Monitoring StatementElectronic Monitoring Statement Audit Trail PolicyAudit Trail Policy Warning Banner (Prohibit Unauthorized Access Warning Banner (Prohibit Unauthorized Access

and Give Notice of Monitoring)and Give Notice of Monitoring) Need for Additional Personnel Security ControlsNeed for Additional Personnel Security Controls

EthicsEthics Differences Between Law vs. Ethics: Differences Between Law vs. Ethics: Must vs. Should Must vs. Should OriginsOrigins

Common GoodCommon Good National InterestNational Interest Individual RightsIndividual Rights Enlightened Self-InterestEnlightened Self-Interest LawLaw Tradition/CultureTradition/Culture ReligionReligion

Fundamental Changes to SocietyFundamental Changes to Society No Sandbox TrainingNo Sandbox Training

Referential ResourcesReferential Resources National Computer Ethics and Responsibilities National Computer Ethics and Responsibilities

Campaign (NCERC)Campaign (NCERC) Computer Ethics Resource GuideComputer Ethics Resource Guide National Computer Security Association (NCSA)National Computer Security Association (NCSA) Computer Ethics InstituteComputer Ethics Institute

1991 – Ten Commandments of Computer Ethics1991 – Ten Commandments of Computer Ethics End User’s Basic Tenants of Responsible End User’s Basic Tenants of Responsible

ComputingComputing Four Primary ValuesFour Primary Values Considerations for ConductConsiderations for Conduct The Code of Fair Information PracticesThe Code of Fair Information Practices Unacceptable Internet Activities (RFC 1087)Unacceptable Internet Activities (RFC 1087)

(ISC)(ISC)22 Code of Ethics Code of Ethics

Code of Ethics Preamble Code of Ethics Preamble Safety of the commonwealth, duty to our principals, Safety of the commonwealth, duty to our principals,

and to each other requires that we adhere, and be seen and to each other requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior. to adhere, to the highest ethical standards of behavior.

Therefore, strict adherence to this Code is a condition Therefore, strict adherence to this Code is a condition of certificationof certification

Code of Ethics CanonsCode of Ethics Canons

Protect society, the commonwealth, and the Protect society, the commonwealth, and the infrastructure. infrastructure.

Act honorably, honestly, justly, responsibly, and legally. Act honorably, honestly, justly, responsibly, and legally. Provide diligent and competent service to principals. Provide diligent and competent service to principals. Advance and protect the profession. Advance and protect the profession.

Competitive IntelligenceCompetitive Intelligence

Published Material & Public DocumentsPublished Material & Public Documents Disclosures by Competitor Employees (without Disclosures by Competitor Employees (without

Subterfuge)Subterfuge) Market Surveys & Consultant’s ReportsMarket Surveys & Consultant’s Reports Financial Reports & Broker’s Research SurveysFinancial Reports & Broker’s Research Surveys Trade Fairs, Exhibits, & Competitor LiteratureTrade Fairs, Exhibits, & Competitor Literature Analysis of Competitor ProductsAnalysis of Competitor Products Reports of Own PersonnelReports of Own Personnel Legitimate Employment Interviews with Competitor Legitimate Employment Interviews with Competitor

EmployeesEmployees

Industrial EspionageIndustrial Espionage Camouflaged Questioning of Competitor’s EmployeesCamouflaged Questioning of Competitor’s Employees Direct Observation under Secret ConditionsDirect Observation under Secret Conditions False Job InterviewsFalse Job Interviews False NegotiationsFalse Negotiations Use of Professional InvestigatorsUse of Professional Investigators Hiring Competitor’s EmployeesHiring Competitor’s Employees TrespassingTrespassing Bribing Suppliers and EmployeesBribing Suppliers and Employees Planting Agent on Competitor PayrollPlanting Agent on Competitor Payroll EavesdroppingEavesdropping Theft of InformationTheft of Information Blackmail and ExtortionBlackmail and Extortion

Plan of ActionPlan of Action Develop organizational guide to computer ethicsDevelop organizational guide to computer ethics Develop a computer ethics policy to supplement the computer Develop a computer ethics policy to supplement the computer

security policysecurity policy Include computer ethics information in the employee Include computer ethics information in the employee

handbookhandbook Expand business ethics policy to include computer ethicsExpand business ethics policy to include computer ethics Foster user awareness of computer ethicsFoster user awareness of computer ethics Establish an E-mail privacy policy and promote user Establish an E-mail privacy policy and promote user

awareness of itawareness of it

10. law invest & ethics

Technology

Transcript of 10. law invest & ethics