10. law invest & ethics
-
Upload
7wounders -
Category
Technology
-
view
1.063 -
download
0
Transcript of 10. law invest & ethics
Law, Investigations and Law, Investigations and EthicsEthics
ObjectivesObjectives
To review To review computer crime laws and regulationscomputer crime laws and regulations; ; investigative investigative measures and techniquesmeasures and techniques used to determine if a crime has used to determine if a crime has been committed and methods to gather evidence; and the been committed and methods to gather evidence; and the ethical constraintsethical constraints that provide a code of conduct for the that provide a code of conduct for the security professional.security professional.
To review the To review the methods for determining if a computer crime methods for determining if a computer crime has been committedhas been committed; the ; the lawslaws that would be applicable for the that would be applicable for the crime; laws prohibiting specific types of computer crime; crime; laws prohibiting specific types of computer crime; methods to gather and preserve methods to gather and preserve evidenceevidence of a computer of a computer crime, crime, investigative methods and techniquesinvestigative methods and techniques; and ways in ; and ways in which which RFC 1087RFC 1087 and the and the (ISC)(ISC)22 Code of Ethics Code of Ethics can be applied can be applied to resolve ethical dilemmas.to resolve ethical dilemmas.
Law Investigation and EthicsLaw Investigation and Ethics
LawsLaws Security incidents Recognition skills Response skills Technical skills Investigations Incident handling Code of Ethics
Major categories of computer crime Computer assisted crime - Criminal activities that
are not unique to computers but merely use computers as tools to assist the criminal endeavor (e.g., fraud, child pornography)
Computer specific or targeted crime - Crimes directed at computers, networks, and the information stored on these systems (e.g., denial of service, sniffers, attacking passwords)
Computer is incidental - The computer is incidental to the criminal activity (e.g., customer lists for traffickers)
LawsLawsCriminal Law - Individual conduct violating government laws enacted for the protection of the public
Unauthorized accessExceeding authorized accessIntellectual property theft or misuse of informationPornographyTheft of computing servicesForgery using a computerProperty theft (e.g., computer hardware and chips)Invasion of privacyDenial-of-servicesComputer fraudReleasing viruses and other malicious codeSabotage (i.e., data alteration or malicious destruction)Extortion by computerEmbezzlement using a computerEspionage involving computersTerrorism involving computersIdentity theft
Laws Cont…Laws Cont… Civil Law (Tort)
Wrong against an individual or business, typically resulting in damage or loss to that individual or business
There is no jail sentence under the civil law system
Administrative Law (Regulatory law) Establishes the standards of performance and
conduct for organizations conducting business in various industries
Violations of these laws can result in financial penalties or imprisonment
Proprietary Rights & ObligationsProprietary Rights & Obligations
Legal Forms of ProtectionLegal Forms of Protection Trade Secrets: Trade Secrets: Information that Provides a Competitive Information that Provides a Competitive
Advantage.Advantage. Protect Ideas. Protect Ideas. Copyrights: Copyrights: Right of an Author to Prevent Use or Copying Right of an Author to Prevent Use or Copying
Works of the Author. Protect Expression of Ideas. Works of the Author. Protect Expression of Ideas. Patents: Patents: Protect Results of Science, Technology & Protect Results of Science, Technology &
EngineeringEngineering Business NeedsBusiness Needs
Protect Developed SoftwareProtect Developed Software Contractual AgreementsContractual Agreements Define Trade Secrets for EmployeesDefine Trade Secrets for Employees
Proprietary Rights & Obligations Cont…Proprietary Rights & Obligations Cont…
Security Techniques to Protect Trade SecretsSecurity Techniques to Protect Trade Secrets Numbering CopiesNumbering Copies Logging Document IssuanceLogging Document Issuance Checking Files & WorkstationsChecking Files & Workstations Secure StorageSecure Storage Controlled DistributionControlled Distribution Limitations on CopyingLimitations on Copying
Contractual Commitments to Protect Proprietary RightsContractual Commitments to Protect Proprietary Rights Licensing Agreements with VendorsLicensing Agreements with Vendors Liability for ComplianceLiability for Compliance
Proprietary Rights & Obligations Cont…Proprietary Rights & Obligations Cont…
Enforcement EffortsEnforcement Efforts Software Protection Association (SPA)Software Protection Association (SPA) Federation Against Software Theft (FAST)Federation Against Software Theft (FAST) Business Software Alliance (BSA)Business Software Alliance (BSA)
Personal ComputersPersonal Computers Establish User AccountabilityEstablish User Accountability Policy Development and CirculationPolicy Development and Circulation Purging of Proprietary SoftwarePurging of Proprietary Software
Protection for Computer ObjectsProtection for Computer Objects
Hardware - PatentsHardware - Patents FirmwareFirmware
Patents for Physical DevicesPatents for Physical Devices Trade Secret Protection for CodeTrade Secret Protection for Code
Object Code Software - CopyrightsObject Code Software - Copyrights Source Code Software - Trade SecretsSource Code Software - Trade Secrets Documentation - CopyrightsDocumentation - Copyrights
Management ProblemsManagement Problems
Corporate RecordkeepingCorporate Recordkeeping Accuracy of Computer Records: Potential Use in CourtAccuracy of Computer Records: Potential Use in Court IRS Rules: Inadequate Controls May Impact Audit FindingsIRS Rules: Inadequate Controls May Impact Audit Findings
Labor and Management RelationsLabor and Management Relations Collective Bargaining: Collective Bargaining: Disciplinary Actions, Workplace RulesDisciplinary Actions, Workplace Rules Work StoppageWork Stoppage Limitations on Background InvestigationsLimitations on Background Investigations Limitations on Drug and Polygraph TestingLimitations on Drug and Polygraph Testing Disgruntled EmployeesDisgruntled Employees Non-Disclosure RequirementsNon-Disclosure Requirements Immigration LawsImmigration Laws Establishment and Enforcement of Security RulesEstablishment and Enforcement of Security Rules
Management Problems Cont…Management Problems Cont…
Data Communications: Data Communications: Disclosure thru -Disclosure thru - Eavesdropping and InterceptionEavesdropping and Interception Loss of Confidential InformationLoss of Confidential Information
OutsourcingOutsourcing Contract ReviewContract Review Review of Contractor’s CapabilitiesReview of Contractor’s Capabilities Impact of DownsizingImpact of Downsizing Contractor Use of Proprietary SoftwareContractor Use of Proprietary Software
Management Problems Cont…Management Problems Cont… Personal InjuryPersonal Injury
Employee SafetyEmployee Safety Carpal Tunnel SyndromeCarpal Tunnel Syndrome Radiation InjuryRadiation Injury
Insurance Against Legal LiabilityInsurance Against Legal Liability Requirements for Security PrecautionsRequirements for Security Precautions Right to Inspect PremisesRight to Inspect Premises Cooperation with Insurance CompanyCooperation with Insurance Company
Legal LiabilityLegal Liability Due Care - Due Care - Minimum and Customary Practice of Responsible Minimum and Customary Practice of Responsible
Protection of AssetsProtection of Assets Due Diligence - Due Diligence - The Prudent Management and Execution of Due The Prudent Management and Execution of Due
CareCare Programming Errors - Programming Errors - Reasonable Precautions for -Reasonable Precautions for -
Loss of a ProgramLoss of a Program Unauthorized RevisionsUnauthorized Revisions Availability of Backup VersionsAvailability of Backup Versions
Product LiabilityProduct Liability Liability for Database Inaccuracies: Due to Security BreachesLiability for Database Inaccuracies: Due to Security Breaches European Union: No Limits on Personal Liability for Personal European Union: No Limits on Personal Liability for Personal
InjuryInjury
Legal Liability Cont…Legal Liability Cont…
DefamationDefamation Libel Due to Inaccuracy of DataLibel Due to Inaccuracy of Data Unauthorized Release of Confidential InformationUnauthorized Release of Confidential Information Alteration of Visual ImagesAlteration of Visual Images
Foreign Corrupt Practices ActForeign Corrupt Practices Act Mandate for Security Controls or Cost/Benefit AnalysisMandate for Security Controls or Cost/Benefit Analysis Potential SEC LitigationPotential SEC Litigation
Legal Liability Cont…Legal Liability Cont…
Failure to Observe StandardsFailure to Observe Standards FIPS Pubs and CSL BulletinsFIPS Pubs and CSL Bulletins Failure to Comply Used in LitigationFailure to Comply Used in Litigation
Personal LiabilityPersonal Liability Action or Inaction was Proximate CauseAction or Inaction was Proximate Cause Financial Responsibility to PlaintiffFinancial Responsibility to Plaintiff Joint and Several LiabilityJoint and Several Liability
Legal Liability Cont…Legal Liability Cont…
Federal Sentencing GuidelinesFederal Sentencing Guidelines Chapter 8 Added 1991Chapter 8 Added 1991 Applicable to OrganizationsApplicable to Organizations Violations of Federal LawViolations of Federal Law Specifies Levels of FinesSpecifies Levels of Fines Mitigation of Fines Through Implementation of Mitigation of Fines Through Implementation of
PrecautionsPrecautions
Privacy & Other Personal RightsPrivacy & Other Personal Rights
The Federal Privacy ActThe Federal Privacy Act Government Files Open to Public Unless SpecifiedGovernment Files Open to Public Unless Specified Act Applies to Executive Branch OnlyAct Applies to Executive Branch Only ““Record” = Information about an IndividualRecord” = Information about an Individual Must be Need to Maintain RecordsMust be Need to Maintain Records Disclosure Prohibited without ConsentDisclosure Prohibited without Consent Requirements on Government AgenciesRequirements on Government Agencies
Record DisclosuresRecord Disclosures Public Notice of Existence of RecordsPublic Notice of Existence of Records Ensure Security & Confidentiality of RecordsEnsure Security & Confidentiality of Records
Privacy and Other Personal Rights Cont…Privacy and Other Personal Rights Cont…
State Acts and RegulationsState Acts and Regulations Fair Information Practices Acts: Define Information that Fair Information Practices Acts: Define Information that
Can be CollectedCan be Collected Uniform Information Practices Code - National Conference Uniform Information Practices Code - National Conference
of Commissioners on Uniform State Laws: Recommended of Commissioners on Uniform State Laws: Recommended ModelModel
Statutes Regulating Information Maintained by Private Statutes Regulating Information Maintained by Private Organizations: e.g..., Health Care, InsuranceOrganizations: e.g..., Health Care, Insurance
Privacy and Other Personal Rights Cont…Privacy and Other Personal Rights Cont…
Other Employee RightsOther Employee Rights Electronic Mail: Expectations of PrivacyElectronic Mail: Expectations of Privacy Drug Testing: Limited to Sensitive Positions OnlyDrug Testing: Limited to Sensitive Positions Only Freedom From Hostile Work EnvironmentFreedom From Hostile Work Environment
International PrivacyInternational Privacy European Statutes Cover Both Government and Private European Statutes Cover Both Government and Private
Corporate RecordsCorporate Records Application Primarily to Computerized Data BanksApplication Primarily to Computerized Data Banks Strict Rules on DisclosureStrict Rules on Disclosure Prohibitions of Transfer of Information Across National Prohibitions of Transfer of Information Across National
BoundariesBoundaries
Privacy and Other Personal Rights Cont…Privacy and Other Personal Rights Cont…
Management ResponsibilitiesManagement Responsibilities Regular Review with Legal DepartmentRegular Review with Legal Department Consider all JurisdictionsConsider all Jurisdictions Prepare Policies for CompliancePrepare Policies for Compliance Enforce PoliciesEnforce Policies Document EnforcementDocument Enforcement
Computer Crime LawsComputer Crime Laws FederalFederal
Computer Fraud and Abuse Act (Title 18, U.S. Computer Fraud and Abuse Act (Title 18, U.S. Code, 1030)Code, 1030)
*Accessing Federal Interest Computer (FIC) to acquire national *Accessing Federal Interest Computer (FIC) to acquire national defense informationdefense information
Accessing an FIC to obtain financial informationAccessing an FIC to obtain financial information Accessing an FIC to deny the use of the computerAccessing an FIC to deny the use of the computer *Accessing an FIC to affect a fraud*Accessing an FIC to affect a fraud *Damaging or denying use of an FIC thru transmission of code, *Damaging or denying use of an FIC thru transmission of code,
program, information or commandprogram, information or command Furthering a fraud by trafficking in passwordsFurthering a fraud by trafficking in passwords
Economic Espionage Act of 1996: Economic Espionage Act of 1996: Obtaining trade Obtaining trade secrets to benefit a foreign entitysecrets to benefit a foreign entity
Electronic Funds Transfer Act: Electronic Funds Transfer Act: Covers use, transport, Covers use, transport, sell, receive or furnish counterfeit, altered, lost, stolen, or sell, receive or furnish counterfeit, altered, lost, stolen, or fraudulently obtained debit instruments in interstate or foreign fraudulently obtained debit instruments in interstate or foreign commerce.commerce.
Federal Computer Crime Laws Cont…Federal Computer Crime Laws Cont…
Child Pornography Prevention Act of 1996 (CPPA): Child Pornography Prevention Act of 1996 (CPPA): Prohibits use of computer technology to produce child pornography.Prohibits use of computer technology to produce child pornography.
Computer Security Act of 1987: Computer Security Act of 1987: Requires Federal Executive Requires Federal Executive agencies to Establish Computer Security Programs.agencies to Establish Computer Security Programs.
Electronic Communications Privacy Act (ECPA): Electronic Communications Privacy Act (ECPA): Prohibits unauthorized interception or retrieval of electronic Prohibits unauthorized interception or retrieval of electronic communicationscommunications
Fair Credit Reporting Act: Fair Credit Reporting Act: Governs types of data that Governs types of data that companies may be collected on private citizens & how it may be used.companies may be collected on private citizens & how it may be used.
Foreign Corrupt Practices Act: Foreign Corrupt Practices Act: Covers improper foreign Covers improper foreign operations, but applies to all companies registered with the SEC, and operations, but applies to all companies registered with the SEC, and requires companies to institute security programs.requires companies to institute security programs.
Freedom of Information Act: Freedom of Information Act: Permits public access to Permits public access to information collected by the Federal Executive Branch.information collected by the Federal Executive Branch.
Computer Laws Cont…Computer Laws Cont…
International LawsInternational Laws Lack of Universal CooperationLack of Universal Cooperation Differences in Interpretations of LawsDifferences in Interpretations of Laws Outdated Laws Against FraudOutdated Laws Against Fraud Problems with Evidence AdmissibilityProblems with Evidence Admissibility ExtraditionExtradition Low PriorityLow Priority
Computer CrimeComputer Crime
Computer Crime as a Separate Category Computer Crime as a Separate Category Rules of Property: Rules of Property: Lack of Tangible AssetsLack of Tangible Assets Rules of Evidence: Rules of Evidence: Lack of Original DocumentsLack of Original Documents Threats to Integrity and Confidentiality: Threats to Integrity and Confidentiality: Goes Goes
beyond normal definition of a lossbeyond normal definition of a loss Value of Data: Value of Data: Difficult to Measure. Cases of Difficult to Measure. Cases of
Restitution only for MediaRestitution only for Media Terminology: Terminology: Statues have not kept pace. Is Computer Statues have not kept pace. Is Computer
Hardware “Machinery”? Does Software quality as Hardware “Machinery”? Does Software quality as “Supplies”.“Supplies”.
Computer Crime Cont…Computer Crime Cont… Computer Crime is Hard to DefineComputer Crime is Hard to Define
Lack of UnderstandingLack of Understanding Laws are Inadequate: Slow to Keep Pace with Rapidly Laws are Inadequate: Slow to Keep Pace with Rapidly
Changing TechnologyChanging Technology Multiple Roles for ComputersMultiple Roles for Computers
Object of a Crime: Target of an AttackObject of a Crime: Target of an Attack Subject of a Crime: Used to attack (impersonating a network node)Subject of a Crime: Used to attack (impersonating a network node) Medium of a Crime: Used as a Means to Commit a Crime (Trojan Medium of a Crime: Used as a Means to Commit a Crime (Trojan
Horse)Horse) Difficulties in ProsecutionDifficulties in Prosecution
Understanding: Understanding: Judges, Lawyers, Police, JurorsJudges, Lawyers, Police, Jurors Evidence: Evidence: Lack of Tangible EvidenceLack of Tangible Evidence Forms of Assets: Forms of Assets: e.g., Magnetic Particles, Computer Timee.g., Magnetic Particles, Computer Time Juveniles: Juveniles:
Many Perpetrators are JuvenilesMany Perpetrators are Juveniles Adults Don’t Take Juvenile Crime SeriouslyAdults Don’t Take Juvenile Crime Seriously
Nature and Extent of Computer-Related Nature and Extent of Computer-Related CrimeCrime
TypologyTypology Input Tampering: Input Tampering: Entry of Fraudulent or False DataEntry of Fraudulent or False Data Throughput Tampering: Throughput Tampering: Altering Computer InstructionsAltering Computer Instructions Output Tampering: Output Tampering: Theft of InformationTheft of Information
Most Common CrimesMost Common Crimes Input and Output TypeInput and Output Type Fraudulent DisbursementsFraudulent Disbursements Fabrication of DataFabrication of Data
The Computer CriminalThe Computer Criminal Typical ProfileTypical Profile
Male, White, YoungMale, White, Young No Prior RecordNo Prior Record Works in Data Processing or AccountingWorks in Data Processing or Accounting
MythsMyths Special Talents are NecessarySpecial Talents are Necessary Fraud has Increased Because of ComputersFraud has Increased Because of Computers
The Criminal MotivationThe Criminal Motivation Personal MotivationsPersonal Motivations
EconomicEconomic EgocentricEgocentric IdeologicalIdeological PsychoticPsychotic
Environmental MotivationsEnvironmental Motivations Work EnvironmentWork Environment Reward SystemReward System Level of Interpersonal TrustLevel of Interpersonal Trust Ethical EnvironmentEthical Environment Stress LevelStress Level Internal Controls EnvironmentInternal Controls Environment
The Control EnvironmentThe Control Environment
Factors that Encourage CrimeFactors that Encourage Crime MotivationMotivation Personal InducementsPersonal Inducements
Factors that Discourage CrimeFactors that Discourage Crime Prevention MeasuresPrevention Measures
Internal Controls SystemsInternal Controls Systems Access Control SystemsAccess Control Systems
Detection MeasuresDetection Measures AuditingAuditing SupervisionSupervision
Crime InvestigationCrime Investigation Detection and ContainmentDetection and Containment
Accidental DiscoveryAccidental Discovery Audit Trail ReviewAudit Trail Review Real-Time Intrusion MonitoringReal-Time Intrusion Monitoring Limit Further LossLimit Further Loss Reduction in LiabilityReduction in Liability
Report to ManagementReport to Management Immediate NotificationImmediate Notification Limit Knowledge of InvestigationLimit Knowledge of Investigation Use Out-of-Band CommunicationsUse Out-of-Band Communications
Crime Investigation Cont…Crime Investigation Cont…
Preliminary InvestigationPreliminary Investigation Determine if a Crime has OccurredDetermine if a Crime has Occurred Review ComplaintReview Complaint Inspect DamageInspect Damage Interview WitnessesInterview Witnesses Examine LogsExamine Logs Identify Investigation RequirementsIdentify Investigation Requirements
Crime Investigation Cont…Crime Investigation Cont… Disclosure DeterminationDisclosure Determination
Determine if Disclosure is Required by LawDetermine if Disclosure is Required by Law Determine if Disclosure is DesiredDetermine if Disclosure is Desired Caution in Dealing with the MediaCaution in Dealing with the Media
Courses of ActionCourses of Action Do NothingDo Nothing SurveillanceSurveillance Eliminate Security HolesEliminate Security Holes Is Police Report Required?Is Police Report Required? Is Prosecution a Goal?Is Prosecution a Goal?
Crime Investigation Cont…Crime Investigation Cont… Conducting the InvestigationConducting the Investigation
Investigative ResponsibilityInvestigative Responsibility Internal InvestigationInternal Investigation External Private Consultant InvestigationExternal Private Consultant Investigation Local/State/Federal InvestigationLocal/State/Federal Investigation
FactorsFactors CostCost Legal Issues (Privacy, Evidence, Search & Seizure)Legal Issues (Privacy, Evidence, Search & Seizure) Information DisseminationInformation Dissemination Investigative ControlInvestigative Control
Crime Investigation Cont…Crime Investigation Cont… Execute the PlanExecute the Plan
Secure and Control SceneSecure and Control Scene Protect EvidenceProtect Evidence Don’t Touch KeyboardDon’t Touch Keyboard Videotape ProcessVideotape Process Capture Monitor DisplayCapture Monitor Display Unplug SystemUnplug System Remove CoverRemove Cover Disks and DrivesDisks and Drives Search Premises (for Magnetic Media and Documentation)Search Premises (for Magnetic Media and Documentation) Seize Other Devices (that may contain information)Seize Other Devices (that may contain information)
Crime Investigation Cont…Crime Investigation Cont… Conduct SurveillanceConduct Surveillance
Physical: Determine Subject’s Habits, Associates, Life Physical: Determine Subject’s Habits, Associates, Life StyleStyle
Computer: Audit Logs or Electronic MonitoringComputer: Audit Logs or Electronic Monitoring Other Information SourcesOther Information Sources
Personnel FilesPersonnel Files Telephone and Fax LogsTelephone and Fax Logs Security LogsSecurity Logs Time CardsTime Cards
Investigative ReportingInvestigative Reporting Document Known FactsDocument Known Facts Statement of Final ConclusionsStatement of Final Conclusions
Computer ForensicsComputer Forensics
Conduct a Disk Image Backup of Suspect System: Conduct a Disk Image Backup of Suspect System: Bit Bit level Copy of the Disk, Sector by Sectorlevel Copy of the Disk, Sector by Sector
Authenticate the File System: Authenticate the File System: Create Message Digest for all Create Message Digest for all Directories, Files & Disk SectorsDirectories, Files & Disk Sectors
Analyze Restored Data: Analyze Restored Data: Conduct Forensic Analysis in a Conduct Forensic Analysis in a Controlled EnvironmentControlled Environment Search Tools: Search Tools: Quick View Plus, Expert Witness, Super SleuthQuick View Plus, Expert Witness, Super Sleuth Searching for Obscure Data: Searching for Obscure Data: Hidden Files/Directories, Hidden Files/Directories,
Erased or Deleted Files, Encrypted Data, Overwritten FilesErased or Deleted Files, Encrypted Data, Overwritten Files Steganography: Steganography: Hiding a Piece of Information within Another Hiding a Piece of Information within Another Review Communications Programs: Review Communications Programs: Links to OthersLinks to Others
Computer Forensics Cont…Computer Forensics Cont… Reassemble and Boot Suspect System with Clean Reassemble and Boot Suspect System with Clean
Operating SystemOperating System Target System May Be InfectedTarget System May Be Infected Obtain System Time as ReferenceObtain System Time as Reference Run Complete System Analysis ReportRun Complete System Analysis Report
Boot Suspect System with Original Operating SystemBoot Suspect System with Original Operating System Identify Rogue ProgramsIdentify Rogue Programs Identify Background ProgramsIdentify Background Programs Identify What System Interrupts have Been SetIdentify What System Interrupts have Been Set
Computer Forensics Cont…Computer Forensics Cont… Search Backup Media: Search Backup Media: Don’t Forget Off-Site StorageDon’t Forget Off-Site Storage
Search Access Controlled Systems and Encrypted FilesSearch Access Controlled Systems and Encrypted Files Password CrackingPassword Cracking Publisher Back DoorPublisher Back Door Documentary CluesDocumentary Clues Ask the SuspectAsk the Suspect Case Law on Obtaining Passwords from SuspectsCase Law on Obtaining Passwords from Suspects
The EvidenceThe Evidence Types of EvidenceTypes of Evidence
Direct: Oral Testimony by WitnessDirect: Oral Testimony by Witness Real: Tangible Objects/Physical EvidenceReal: Tangible Objects/Physical Evidence Documentary: Printed Business Records, Manuals, PrintoutsDocumentary: Printed Business Records, Manuals, Printouts Demonstrative: Used to Aid the Jury (Models, Illustrations, Demonstrative: Used to Aid the Jury (Models, Illustrations,
ChartsCharts Best Evidence Rule: Best Evidence Rule: To Limit Potential for AlterationTo Limit Potential for Alteration Exclusionary Rule: Exclusionary Rule: Evidence Must be Gathered Legally or it Evidence Must be Gathered Legally or it
Can’t Be UsedCan’t Be Used Hearsay Rule: Hearsay Rule: Key for Computer Generated EvidenceKey for Computer Generated Evidence
Second Hand EvidenceSecond Hand Evidence Admissibility Based on Veracity and Competence of SourceAdmissibility Based on Veracity and Competence of Source Exceptions: Rule 803 of Federal Rules of Evidence (Business Exceptions: Rule 803 of Federal Rules of Evidence (Business
Documents created at the time by person with knowledge, part Documents created at the time by person with knowledge, part of regular business, routinely kept, supported by testimony)of regular business, routinely kept, supported by testimony)
The Evidence Cont…The Evidence Cont… Chain of Evidence (Chain of Custody) - Chain of Evidence (Chain of Custody) - Accountability & Accountability &
ProtectionProtection Who Obtained EvidenceWho Obtained Evidence Where and When it was ObtainedWhere and When it was Obtained Who Secured itWho Secured it Who Controlled itWho Controlled it Account for Everyone Who Had Access to or Handled the Account for Everyone Who Had Access to or Handled the
EvidenceEvidence Assurance Against TamperingAssurance Against Tampering
The Evidence Cont…The Evidence Cont… Admissibility of Evidence:Admissibility of Evidence: Computer-generated Evidence Computer-generated Evidence
is Always Suspectis Always Suspect Relevancy:Relevancy: Must Prove a Fact that is Material to the CaseMust Prove a Fact that is Material to the Case Reliability:Reliability: Prove Reliability of Evidence and the Process Prove Reliability of Evidence and the Process
for Producing Itfor Producing It
Evidence Life CycleEvidence Life Cycle Collection and IdentificationCollection and Identification Storage, Preservation, and TransportationStorage, Preservation, and Transportation Presentation in CourtPresentation in Court Return to Victim (Owner)Return to Victim (Owner)
Legal ProceedingsLegal Proceedings
DiscoveryDiscovery Defense Granted Access to All Investigative MaterialsDefense Granted Access to All Investigative Materials Protective Order Limits Who Has AccessProtective Order Limits Who Has Access
Grand Jury and Preliminary HearingsGrand Jury and Preliminary Hearings Witnesses CalledWitnesses Called Assign Law Enforcement LiaisonAssign Law Enforcement Liaison
Trial: Unknown ResultsTrial: Unknown Results Recovery of Damages: Thru Civil CourtsRecovery of Damages: Thru Civil Courts
Legal Proceedings Cont…Legal Proceedings Cont…
Post Mortem Review:Post Mortem Review: Analyze Attack and Close Analyze Attack and Close Security HolesSecurity Holes Incident Response PlanIncident Response Plan Information Dissemination PolicyInformation Dissemination Policy Incident Reporting PolicyIncident Reporting Policy Electronic Monitoring StatementElectronic Monitoring Statement Audit Trail PolicyAudit Trail Policy Warning Banner (Prohibit Unauthorized Access Warning Banner (Prohibit Unauthorized Access
and Give Notice of Monitoring)and Give Notice of Monitoring) Need for Additional Personnel Security ControlsNeed for Additional Personnel Security Controls
EthicsEthics Differences Between Law vs. Ethics: Differences Between Law vs. Ethics: Must vs. Should Must vs. Should OriginsOrigins
Common GoodCommon Good National InterestNational Interest Individual RightsIndividual Rights Enlightened Self-InterestEnlightened Self-Interest LawLaw Tradition/CultureTradition/Culture ReligionReligion
Fundamental Changes to SocietyFundamental Changes to Society No Sandbox TrainingNo Sandbox Training
Referential ResourcesReferential Resources National Computer Ethics and Responsibilities National Computer Ethics and Responsibilities
Campaign (NCERC)Campaign (NCERC) Computer Ethics Resource GuideComputer Ethics Resource Guide National Computer Security Association (NCSA)National Computer Security Association (NCSA) Computer Ethics InstituteComputer Ethics Institute
1991 – Ten Commandments of Computer Ethics1991 – Ten Commandments of Computer Ethics End User’s Basic Tenants of Responsible End User’s Basic Tenants of Responsible
ComputingComputing Four Primary ValuesFour Primary Values Considerations for ConductConsiderations for Conduct The Code of Fair Information PracticesThe Code of Fair Information Practices Unacceptable Internet Activities (RFC 1087)Unacceptable Internet Activities (RFC 1087)
(ISC)(ISC)22 Code of Ethics Code of Ethics
Code of Ethics Preamble Code of Ethics Preamble Safety of the commonwealth, duty to our principals, Safety of the commonwealth, duty to our principals,
and to each other requires that we adhere, and be seen and to each other requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior. to adhere, to the highest ethical standards of behavior.
Therefore, strict adherence to this Code is a condition Therefore, strict adherence to this Code is a condition of certificationof certification
Code of Ethics CanonsCode of Ethics Canons
Protect society, the commonwealth, and the Protect society, the commonwealth, and the infrastructure. infrastructure.
Act honorably, honestly, justly, responsibly, and legally. Act honorably, honestly, justly, responsibly, and legally. Provide diligent and competent service to principals. Provide diligent and competent service to principals. Advance and protect the profession. Advance and protect the profession.
Competitive IntelligenceCompetitive Intelligence
Published Material & Public DocumentsPublished Material & Public Documents Disclosures by Competitor Employees (without Disclosures by Competitor Employees (without
Subterfuge)Subterfuge) Market Surveys & Consultant’s ReportsMarket Surveys & Consultant’s Reports Financial Reports & Broker’s Research SurveysFinancial Reports & Broker’s Research Surveys Trade Fairs, Exhibits, & Competitor LiteratureTrade Fairs, Exhibits, & Competitor Literature Analysis of Competitor ProductsAnalysis of Competitor Products Reports of Own PersonnelReports of Own Personnel Legitimate Employment Interviews with Competitor Legitimate Employment Interviews with Competitor
EmployeesEmployees
Industrial EspionageIndustrial Espionage Camouflaged Questioning of Competitor’s EmployeesCamouflaged Questioning of Competitor’s Employees Direct Observation under Secret ConditionsDirect Observation under Secret Conditions False Job InterviewsFalse Job Interviews False NegotiationsFalse Negotiations Use of Professional InvestigatorsUse of Professional Investigators Hiring Competitor’s EmployeesHiring Competitor’s Employees TrespassingTrespassing Bribing Suppliers and EmployeesBribing Suppliers and Employees Planting Agent on Competitor PayrollPlanting Agent on Competitor Payroll EavesdroppingEavesdropping Theft of InformationTheft of Information Blackmail and ExtortionBlackmail and Extortion
Plan of ActionPlan of Action Develop organizational guide to computer ethicsDevelop organizational guide to computer ethics Develop a computer ethics policy to supplement the computer Develop a computer ethics policy to supplement the computer
security policysecurity policy Include computer ethics information in the employee Include computer ethics information in the employee
handbookhandbook Expand business ethics policy to include computer ethicsExpand business ethics policy to include computer ethics Foster user awareness of computer ethicsFoster user awareness of computer ethics Establish an E-mail privacy policy and promote user Establish an E-mail privacy policy and promote user
awareness of itawareness of it
??