Presentation is loading. Please wait.

Presentation is loading. Please wait.

Legal, Regulations, Investigations and Compliance.

Published byAugustus Cook Modified over 9 years ago

Similar presentations

Presentation on theme: "Legal, Regulations, Investigations and Compliance."— Presentation transcript:

1 Legal, Regulations, Investigations and Compliance

2 2 Domain Objectives Discuss the world’s various major legal systems Describe the differences and similarities between common law and civil law Explain laws and regulations affecting information technology Discuss computer related crime and its importance to information assurance and security

3 3 Describe the importance of international cooperation in relation to computer crime Explain an incident response methodology Discuss the importance of digital evidence management and handling Describe general guidelines for computer forensic investigations Domain Objectives

4 4 Availability Confidentiality Integrity Information Security Information Security TRIAD

5 5 Domain Agenda Major Legal Systems Information Technology Laws and Regulations Incident Response Computer Forensics

6 6 Major Legal Systems Common Law Civil Law Customary Law Religious Law Mixed Law

7 7 Common Law Roots in England Based on Legal Precedents, Past Decisions, and Societal Traditions

8 8 Common Law Overview of Common Law Courts Judges Common Law Countries

9 9 Common Law: Criminal Law Based on common law, statutory law, or a combination of both Deals with behavior or conduct Typically the punishment meted out by the criminal courts involves some loss of personal freedom for the guilty party

10 10 Common Law: Tort Law Definition Punishment Traces its origin to criminal law

11 11 Common Law: Tort Law Principles of a Tort Categories of a Tort

12 12 Law created by administrative agencies by way of rules, regulations, orders, and decisions Areas covered by Administrative Law Common Law: Administrative Law

13 13 Civil Law Traces its roots back to two beginnings: Roman Empire Napoleonic Code of France Characteristics Presents various sub-divisions Common law as opposed to Civil law Methodological approach difference Judges’ role difference

14 14 Customary Law Regionalized systems Reflects the society’s norms and values Most countries combine customary law with another legal system

15 15 Religious Law Traditional Islamic law (Sharia) Guided by the Qur’an or Sunnah Covers all aspects of a person’s life

16 16 Convergence of two or more legal systems Examples of mixed law Mixed Law

17 17 Source: WorldLegalSystems World Legal Systems

18 18 Domain Agenda Major Legal Systems Information Technology Laws and Regulations Incident Response Computer Forensics

19 19 Information Technology Law & Regulations Intellectual Property Law Patent Trademark Copyright Trade Secret Licensing Issues Privacy Liability Computer Crime International Cooperation

20 20 Intellectual Property Laws Purpose Two categories Industrial Property Copyright

21 21 Intellectual Property: Patent Definition Advantages

22 22 Characteristics of a Trademark Word Name Symbol Purpose of a Trademark Color Sound Product shape Intellectual Property: Trademark ™

23 23 © Intellectual Property: Copyright Covers the expression of ideas Writings Recordings Computer programs Weaker than patent protection

24 24 Intellectual Property: Trade Secret Should be confidential Protection of Trade Secret

25 25 Intellectual Property: Software Licensing Issues Categories of software licensing: Freeware Shareware Commercial Academic Master agreements and end user licensing agreements (EULAs)

26 26 Rights and Obligations Individuals Organizations Privacy Laws and Regulations

27 27 Generic Approach Regulation by Industry The overall objective is to: Protect citizen’s personal information Balance the business and governmental need to collect and use this information Privacy Initiatives

28 28 Privacy and the OECD The Organization for Economic Co-operation and Development (OECD) 7 core principles

29 29 Employee Monitoring Authorized Usage Policies Internet usage Email Telephone (i.e., VoIP) Employee Privacy

30 30 Responsibilities of end users Encourage use of: Encryption Anti-virus Patches Shredding Privacy: Personal Protection

31 31 Liability Legal Responsibility Penalties Civil Criminal Penalties Negligence is often used to establish liability

32 32 Acting without care Due care Negligence

33 33 Ethereal concept often judged against a continually moving benchmark Requires a commitment to an ongoing risk analysis and risk management process Due Care vs. Due Diligence Due Diligence

34 34 Computer Crimes Often divided into 3 categories Computers as a Tool Computers as the Target of Crime Computer Incidental to the Crime

35 35 Insider abuse Viruses White collar/Financial fraud Corporate espionage Hacking Child Pornography Stalking Organized crime Terrorism Identity Theft Social Engineering Computer Crimes

36 36 Initiatives related to International Cooperation in dealing with Computer Crime The Council of Europe (CoE) Cybercrime Convention International Cooperation

37 37 Domain Agenda Major Legal Systems Information Technology Laws and Regulations Incident Response Computer Forensics

38 38 Response capability Policy and guidelines Response Incident response Triage Containment Investigation Analysis and Treatment Recovery Debriefing Metrics Public Disclosure Incident Response: Overview

39 39 Incident response in its simplest form is the practice of: Detecting a problem Determining its cause Minimizing the damage it causes Resolving the problem Documenting each step of the response for future reference Incident Response Objectives

40 40 The foundation for Incident Response (IR) is comprised of: Policy Procedures Guidelines Management of evidence Response Capability

41 41 Incident Response Policy Escalation Process Interaction with third party entities

42 42 Response Team Staffing and training Virtual Team Permanent Team Hybrid of the Virtual and Permanent Response Team Members

43 43 Incident Response and Handling Incident Approved Handling Process

44 44 Incident Response and Handling Phases Triage Investigation Containment Analysis and tracking

45 45 Triage encompasses: Detection Classification Notification Triage

46 46 Triage - Detection Initial Screening False Positives

47 47 Incident Hierarchy General Classifiers Source (internal vs. external) More Granular or Specific Characteristics (i.e., worm vs. spam) Triage - Classification

48 48 Investigation Phase Components Components of this phase: Analysis Interpretation Reaction Recovery

49 49 Investigation Phase Objectives Desired outcomes of this phase are: Reduce the impact Identify the cause Get back up and running in the shortest possible time Prevent the incident from re-occurring

50 50 Investigation Considerations The investigative phase must consider: Adherence to company policy Applicable laws and regulations Proper evidence management and handling

51 51 Containment Reduce the potential impact of the incident Systems, devices, or networks that can become “infected” The containment strategy depends on: Category of the attack Asset(s) affected Criticality of the data or system

52 52 Containment Strategies Disconnecting the system from the network Virtually isolating the systems through network segmentation Implementing a firewall or filtering router with the appropriate rule sets Installation of Honeynets/Honeypots

53 53 Containment Documentation Incident and evidence handling procedures Sources of evidence Risk of Entrapment vs. Enticement

54 54 Analysis and Tracking The Concept of Root Cause Determines actual initial event Attempts to identify the true source and actual point of entry

55 55 Analysis and Tracking Goals Obtain sufficient information to stop the current incident Prevent future “like” incidents from occurring Identify what or whom is responsible

56 56 Analysis and Tracking Team Heterogeneous and/or Eclectic Skills Solid understanding of the systems affected Real World, Applied Experience

57 57 Analysis and Tracking Logs Dynamic Nature of the Logs Feeds into the tracking process Working Relationship with other Entities

58 58 Recovery Phase Goal To get back up and running The Business (worst case) Affected Systems (best case) Protect evidence

59 59 Recovery and Repair Recovery into production of affected systems Ensure system can withstand another attack Test for vulnerabilities and weaknesses

60 60 Closure of the Incident Incident response is an iterative process Closure to the incident

61 61 Debriefing/Feedback Formal process Include all of the team members Use output to adapt or modify policy and guidelines

62 62 Communications of the Incident Public disclosure of an incident can: Compound the negative impact Provide an opportunity regain public trust Communication handled by authorized personnel only

63 63 Major Legal Systems Information Technology Laws and Regulations Incident Response Computer Forensics Domain Agenda

64 64 Computer Forensics Key Components Crime scenes Digital evidence Guidelines

65 65 Computer Forensics: The Law The inclusion of the “law”, introduces concepts that may be foreign to many information security professionals Crime scene Chain of custody Best evidence Admissibility requirements Rules of evidence

66 66 Computer Forensics: Evidence Computer Forensics includes: Evidence or potential evidence Falls under the larger domain of Digital Forensic Science Research Workshop Deals with evidence and the legal system

67 67 Computer Forensics: Evidence Correctly identifying the crime scene, evidence, and potential containers of evidence Collecting or acquiring evidence: Adhering to the criminalistic principles Keeping contamination and the destruction of the scene to a minimum

68 68 Computer Forensics: Evidence Using the scientific methods: Determine characteristics of the evidence Comparison of evidence Event reconstruction Presentation of findings: Interpreting and analysis of the examination Articulating these in a format appropriate for the intended audience

69 69 Crime Scene Prior to identifying evidence, the larger crime scene needs to be addressed A crime scene is nothing more than: The environment in which potential evidence may exist Digital crime scenes follow the same principles

70 70 Crime Scene The principles of criminalistics apply to both digital and physical crime scenes: Identify the scene Protect the environment Identify evidence and potential sources of evidence Collect evidence Minimize the degree of contamination

71 71 Crime Scene: Physical vs. Virtual The Crime Scene Environment Physical Virtual or Cyber

72 72 Locard’s Principle Locard’s Principle of Exchange When a crime is committed, the Perpetrator Leaves something behind Takes something with them This principle allows us to identify aspects of the person or persons responsible, even with a purely digital crime scene

73 73 Behavior Investigation or Root Cause Analysis Means, Opportunity, and Motives (MOM) Modus Operandi (MO) Criminal computer behavior is no different than typical criminal behavior

74 74 Behavior of Computer Criminals Computer criminals have specific MO’s Hacking software/tools Types of systems or networks attacked, etc. Signature behaviors MO & Signature behaviors Profiling Interviewing

75 75 Crime Scene Analysis Protect the ‘crime scene’ from unauthorized individuals Once a scene has been contaminated, there is no undo or redo button to push The damage is done!

76 76 Digital Evidence The exact requirements for the admissibility of evidence vary Evidence

77 77 Digital Evidence: 5 Rules Admissible Authentic Complete Accurate Convincing

78 78 Digital Evidence: Hearsay Hearsay Second-hand evidence Normally not admissible Business records exceptions: Computer generated information can fall into this category May require someone to attest to the how the records/information were created

79 79 Digital Evidence: Life Span Digital evidence Volatile and “fragile” May have a short “life span” Collect quickly By order of volatility (i.e., most volatile first) Document, document, document!

80 80 Digital Evidence: Chain of Custody Chain of Custody Who What When Where How

81 81 Digital Evidence: Accuracy and Integrity Ensuring the accuracy and integrity of evidence is critical! The current protocol for demonstrating accuracy and integrity relies on hash functions MD5 SHA 256

82 82 General Guidelines IOCE/SWGDE 6 principles for computer forensics and digital/electronic evidence When dealing with digital evidence, all of the general forensic and procedural principles must be applied Upon seizing digital evidence, actions taken should not change that evidence When it is necessary for a person to access original digital evidence, that person should be trained for the purpose

83 83 Six IOCE/SWGDE Principles All activity relating to the seizure, access, storage or transfer of digital evidence must be fully documented, preserved and available for review An Individual is responsible for all actions taken with respect to digital evidence whilst the digital evidence is in their possession Any agency, which is responsible for seizing, accessing, storing or transferring digital evidence is responsible for compliance with these principles

84 84 General Guidelines: Dos and Don’ts Minimize Handling/Corruption of Original Data Account for Any Changes and Keep Detailed Logs of Your Actions Comply with the Five Rules for Evidence Do Not Exceed Your Knowledge Follow Your Local Security Policy and Obtain Written Permission

85 85 General Guidelines: Dos and Don’ts Capture as Accurate an Image of the System as Possible Be Prepared to Testify Ensure Your Actions are Repeatable Work Fast Proceed From Volatile to Persistent Evidence Don't Run Any Programs on the Affected System

86 86 General Guidelines: Dos and Don’ts Act ethically In good faith Attempt to do no harm Do not exceed one’s knowledge, skills, and abilities

87 87 Domain Summary Know local laws and regulations Have an approved procedure for handling of incidents Ensure that all handling of sensitive information is compliant with regulation Follow best practices and document all steps of an investigation

88 “Security TranscendsTechnology”

Download ppt "Legal, Regulations, Investigations and Compliance."

Similar presentations

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Evidence Collection & Admissibility Computer Forensics BACS 371.

Evidence Collection & Admissibility Computer Forensics BACS 371.
Auditing Computer Systems

Auditing Computer Systems
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL.

Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL.
EXAMINING CYBER/COMPUTER LAW BUSINESS LAW. EXPLAIN CYBER LAW AND THE VARIOUS TYPES OF CYBER CRIMES.

EXAMINING CYBER/COMPUTER LAW BUSINESS LAW. EXPLAIN CYBER LAW AND THE VARIOUS TYPES OF CYBER CRIMES.
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Legal, Regulations, Compliance and Investigations.

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Legal, Regulations, Compliance and Investigations.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Network security policy: best practices

Network security policy: best practices
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Similar presentations

Ads by Google