Presentation is loading. Please wait.

Presentation is loading. Please wait.

ISA 562 1 Domain 10: Legal, Regulations, Compliance, & Investigations ISA 562 Internet Security Theory & Practice.

Published byDale Cameron Modified over 8 years ago

Similar presentations

Presentation on theme: "ISA 562 1 Domain 10: Legal, Regulations, Compliance, & Investigations ISA 562 Internet Security Theory & Practice."— Presentation transcript:

1 ISA 562 1 Domain 10: Legal, Regulations, Compliance, & Investigations ISA 562 Internet Security Theory & Practice

2 2 Objectives Discuss computer crime Discuss laws and regulation for IT Differences and similarities between common law and Civil law Incident response technology Forensics And many more ….

3 Introduction Addresses computer crimes laws and regulations Decide on a suitable set of investigation procedures (involving techniques and measures) that can be used to determine if a crime has been committed Have methods to gather evidence Develop a set of incident-handling capabilities to react quickly and efficiently to malicious threats or suspicious incidents 3

4 Major Legal Systems Common Law English roots Common law originally developed from court decisions based on customs, traditions and precedents. The book has more details. Common Law types: Criminal Law (for more info read book) Tort Law (for more info read book) Administrative Law (for more info read book) 4

5 Major Legal Systems Civil Law Roots go back to roman empire and Napoleonic code of France Body of laws established by state or nation for its own regulations (read the book) Customary Law Reflects the society's norms and values Religious Law Examples: The Islamic Law system. Mixed Law Combining two or more legal systems Becomes relevant for inter-state or inter-national crimes! 5

6 IT Laws and regulations Intellectual property law Specifically designed to protect tangible items, intangible items and property from those wishing to copy or use it without due compensation to the inventor or creator, it has two categories Industrial property Copyright Some definitions Patent: an idea (protects novels, useful, etc) Copyright: an expression of an idea Trademark: a symbol representing an idea ( used to identify goods and distinguish them from those made or sold by others) Trade secrets: refers to proprietary business or technical information, processes, etc that are confidential and critical to business Software Licensing types Freeware, Shareware, Commercial, Academic 6

7 IT Laws and regulations (continued) Privacy: address the rights and obligations of individuals and organizations Initiatives Generic approaches Horizontal enactment across all industries Regulation by industry Vertical Enactment Requirements for financial sectors, healthcare, government etc Privacy and the OECD Employees Monitoring and usage policies (Internet, email, etc) Personal protection End user responsibilities by encourage them to use specific technologies like : encryption, anti-virus, etc 7

8 Other Concerns Liability Legal Responsibilities, etc Negligence Acting without care Due Diligence The degree of prudence that might be properly expected from a reasonable person put in the given circumstances Computer Crimes Read more in the book on computer crime categories Computer crime examples Insider abuse Stalking Financial fraud Hacking etc International cooperation 8

9 Incident Response Incident : any event that has the potential to negatively impact the business or its assets The need for Incident response Root cause analysis Discover a problem an resolving it Minimize damage Document the steps Establish Capabilities to handle Compromises Policy (Escalation Process), procedures, guidelines and management evidence Establish a Team Virtual, permanent or a combination of the two Each situations has its pros and cons 9

10 Incident Response and handling Phases Triage: done as the first step in incident handling Contains detection, classification and notification Detection step recognizes false positives and false negatives Classification step assigns a severity for events (eg. high, medium, low) Notification step, notifies identified entities depending on the event’s severity Investigation: components include Analysis : could be automated or manual Interpretation: explanation for the event Reaction: What to do in case of the event Recovery: Specific procedures to recovery from the event 10

11 Incident Response and handling (continued) Objectives Reduce Impact Identify cause, etc Considerations Law Policy, etc Containment Reducing the potential impact of the incident Depends on the attack, what has been affected, etc Strategies used: System Isolation System Disconnection Implementing a security product (like firewalls) Documentation for Handling procedures, source of evidence, etc. 11

12 Computer forensics Evidence Digital, electronic, storage or wire Computer forensics is very young only abut 25 years old, latent fingerprint analysis goes back to the 1800s Deals with both evidence and legal issues Identified as Crime scenes Evidence Potential containers of evidence Acquiring evidence Criminalistic principles Minimize evidence contamination and destruction at the sense Using scientific methods when acquiring evidence Presenting comprehensible findings 12

13 Computer forensics (continued) Crime scene Where potential evidence of the crime may exist Could be physical, virtual or cyber Read more about Locards’s principle in the book Behaviors Means, Opportunity and Motives (MOM) Modus Operandi (MO): Eg, Hacking - signature behaviors The scene should be preserved, no unauthorized individuals / procedures in place. Contamination cannot be undone! 13

14 Computer forensics (continued) Digital Evidence Admissibility criteria varies Should have some probative value Relevant to the case at hand Rules: Admissible and Authentic Complete, Accurate and Convincing Hearsay An out of court statement offered as proof of an assertion (second hand evidence) Normally not admissible One exception: computer generated information 14

15 Computer forensics (continued) Life span Volatile May have short life span, etc Chain of custody Evidence handling Who, what, where, when & how Requires following a formal process that is well documented Accuracy and integrity Examples are MD5 & SHA 15

16 Computer forensics (continued) Guidelines for computer forensics All activity to the seizure, access, etc should be fully document Minimize handling/corruption of original data Be prepared to testify Work fast Comply with evidence rules Act ethically, In good faith etc 16

17 References ISC2 CBK Material 17

Download ppt "ISA 562 1 Domain 10: Legal, Regulations, Compliance, & Investigations ISA 562 Internet Security Theory & Practice."

Similar presentations

Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Evidence Collection & Admissibility Computer Forensics BACS 371.

Evidence Collection & Admissibility Computer Forensics BACS 371.
Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.

Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Legal, Regulations, Compliance and Investigations.

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Legal, Regulations, Compliance and Investigations.
Security Controls – What Works

Security Controls – What Works
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Evidence Computer Forensics. Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject.

Evidence Computer Forensics. Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
9-1. 9-2 09 Fraud Examination Evidence I: Physical, Documentary, and Observational Evidence McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies,

Fraud Examination Evidence I: Physical, Documentary, and Observational Evidence McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies,
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Copyright © Center for Systems Security and Information Assurance Lesson Eight Security Management.

Copyright © Center for Systems Security and Information Assurance Lesson Eight Security Management.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
CYBER CRIME AND SECURITY TRENDS

CYBER CRIME AND SECURITY TRENDS
Introduction to Computer Forensics Fall 2007. Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (http://www.forensics.nl).http://www.forensics.nl.

Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
By Drudeisha Madhub Data Protection Commissioner Date: 12.08.14.

By Drudeisha Madhub Data Protection Commissioner Date:
Security+ All-In-One Edition Chapter 20 – Forensics Brian E. Brzezicki.

Security+ All-In-One Edition Chapter 20 – Forensics Brian E. Brzezicki.
COEN 252 Computer Forensics Introduction to Computer Forensics  Thomas Schwarz, S.J. 2009 w/ T. Scocca.

COEN 252 Computer Forensics Introduction to Computer Forensics  Thomas Schwarz, S.J w/ T. Scocca.
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

Similar presentations

Ads by Google