Presentation is loading. Please wait.

Presentation is loading. Please wait.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Published byKatrina Webster Modified over 8 years ago

Similar presentations

Presentation on theme: "Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,"— Presentation transcript:

1 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Legal Issues and Ethics Chapter 24

2 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionObjectives Explain the laws and rules concerning importing and exporting encryption software. Identify the laws that govern computer access and trespass. Identify the laws that govern encryption and digital rights management. Describe the laws that govern digital signatures Explore ethical issues associated with information security.

3 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Key Terms Administrative law Click fraud Common law Computer Fraud and Abuse Act (CFAA) Computer trespass Digital Millennium Copyright Act (DMCA) Electronic Communications Privacy Act (ECPA) Gramm-Leach-Bliley Act (GLBA)

4 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Key Terms (continued) Payment Card Industry Data Security Standard (PCI DSS) Sarbanes-Oxley Act (SOX) Section 404 Statutory law Stored Communications Act (SCA) Wassenaar Arrangement

5 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionCybercrime Characteristics –Technology is constantly changing –Sophistication of computer crimes has increased –Generally focused on financial gain –Often run by organized crime –Low risk of being caught –Difficult to prosecute

6 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Types of Cybercrime Computer-involved crimes can be classified as –Computer-assisted –Computer-targeted –Computer-incidental

7 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Internet Crime Most computer crime revolves around money. Internet Crime Complaint Center (IC3): –FBI, NW3C, and BJA partnership –Produces common Internet crimes list and descriptions –Provides advice on how to prevent becoming a victim of Internet crime

8 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Common Internet Crime Schemes Auction fraud Counterfeit cashier’s check Credit card fraud Debt elimination Parcel courier e-mail scheme Lotteries Escrow services fraud Identity theft Business opportunities Internet extortion Investment fraud Employment opportunities Nigerian Letter or “419” Phishing/spoofing Ponzi/pyramid Reshipping Spam Third-party receiver of funds

9 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Sources of Laws Statutory law –Laws set by legislative bodies like Congress Administrative law –Power granted to government agencies through legislation Common law –Laws derived from previous events or precedence

10 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Computer Trespass Unauthorized access of a computer system –Independent of access method Considered a crime in many countries –May warrant significant punishment –Treaties between countries regulate ways to deal with the cyber offenders

11 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Convention on Cybercrime First international treaty on Internet crimes –EU, U.S., Canada, Japan, and others Created common policies to handle cybercrime Focused on: –Copyright infringement –Computer-related fraud –Child pornography –Violations of network security

12 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Significant U.S. Laws Electronic Communications Privacy Act Stored Communications Act Computer Fraud and Abuse Act Controlling the Assault of Non-Solicited Pornography and Marketing Act USA Patriot Act Gramm-Leach-Bliley Act Sarbanes-Oxley Act

13 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Electronics Communications Privacy Act (ECPA) Addresses legal privacy issues related to computer use and telecommunications Warning Banners are common practice in: –Establishing the level of expected privacy –Serving notice of intent to monitor –Obtaining user’s consent to monitoring –Providing consent to law enforcement search

14 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Computer Fraud and Abuse Act (1986) Foundation of U.S. law on unauthorized access Criminalizes activities such as: –Accessing government or interstate commerce systems –Using a computer in interstate crime –Trafficking in passwords or access information –Transmitting code, commands, or programs that result in damage

15 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM) Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM) Established spam e-mail regulations Provided rules of compliance –Unsubscribe, content, and sending behavior Has had a poor track record of convictions

16 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition USA Patriot Act Response to the 9/11 terrorist attacks Altered U.S. laws on Internet wiretaps and tracing –Requires ISPs to facilitate Internet monitoring –Provides for federal law enforcement investigation and adjudication of computer intrusions Supported changes in other supporting computer misuse laws –ECPA and CFAA

17 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Gramm-Leach-Bliley Act (GLBA) Financial industry legislation to protect individual privacy. –Created an opt-out method providing individual control over the use of personal information –Enforced by state, federal and securities laws –Restricts information sharing with third-party firms

18 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Sarbanes-Oxley Act (SOX) Overhaul of financial accounting standards –Targeted standards of publicly traded firms Section 404 controls –Internal controls on financial reporting processes –Audits required on a regular basis

19 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Payment Card Industry Data Security Standard (PCI DSS) Contractual rules governing exchange of credit card data between banks and merchants –Voluntary standard Noncompliance may result in: –Higher transaction fees –Expensive fines –Inability to process credit cards

20 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Import/Export Encryption Restrictions Includes use to secure network communications U.S. export control laws –Administered by the Bureau of Industry and Security –Encryption rules found in Export Administration Regulations (EAR) –Controls include presale product reviews, post-export reporting, and export license reviews.

21 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Non-U.S. Laws Wassenaar Arrangement –International agreement on export controls dealing with dual-use goods and technologies. –Removed key length restrictions on encryption products. Cryptographic use restrictions –Many countries tightly restrict the use and possession of cryptographic technology.

22 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition U.S. Digital Signature Laws Means to show approval for electronic records –Cryptography provides integrity and non- repudiation. –Enables e-commerce transactions Examples: –Electronic Signatures in Global and National Commerce Act –Uniform Electronic Transactions Act

23 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Other Digital Signature Laws United Nations –UN Commission on International Trade Law Model Law on Electronic Commerce Canada –Uniform Electronic Commerce Act European Union –Electronic Commerce Directive

24 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Digital Millennium Copyright Act (DMCA) Protects rights of recording artists. Identifies how new computer technology relates to copyright laws. Also regulates software and hardware designed to circumvent copyright protection controls.

25 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionEthics Globalization blurs ethical lines. –Social norms vary among diverse principalities. Challenge for today’s businesses: –Code of ethics must be established. –Employees need to understand what is expected. SANS published a set of IT ethical guidelines.

26 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Chapter Summary Explain the laws and rules concerning importing and exporting encryption software. Identify the laws that govern computer access and trespass. Identify the laws that govern encryption and digital rights management. Describe the laws that govern digital signatures. Explore ethical issues associated with information security.

Download ppt "Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,"

Similar presentations

Lesson 24-Security and Law

Lesson 24-Security and Law
11 Section D: SQL  SQL Basics  Adding Records  Searching for Information  Updating Fields  Joining Tables Chapter 11: Databases1.

11 Section D: SQL  SQL Basics  Adding Records  Searching for Information  Updating Fields  Joining Tables Chapter 11: Databases1.
Principles of Information Security, 3rd Edition2 Introduction  You must understand scope of an organization’s legal and ethical responsibilities  To.

Principles of Information Security, 3rd Edition2 Introduction  You must understand scope of an organization’s legal and ethical responsibilities  To.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL.

Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL.
Eneken Tikk // EST. Importance of Legal Framework  Law takes the principle of territoriality as point of departure;  Cyber security tools and targets.

Eneken Tikk // EST. Importance of Legal Framework  Law takes the principle of territoriality as point of departure;  Cyber security tools and targets.
Security Controls – What Works

Security Controls – What Works
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 1 Introduction to Security.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 1 Introduction to Security.
Chapter 1 Introduction to Security

Chapter 1 Introduction to Security
Slides prepared by Cyndi Chie and Sarah Frye A Gift of Fire Third edition Sara Baase Chapter 2: Privacy.

Slides prepared by Cyndi Chie and Sarah Frye A Gift of Fire Third edition Sara Baase Chapter 2: Privacy.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
1 McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved. Ethical Challenges Ethics Principles of right and wrong that.

1 McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved. Ethical Challenges Ethics Principles of right and wrong that.
OVERVIEW OF COMPUTER CRIME LEGISLATION IN HAWAII

OVERVIEW OF COMPUTER CRIME LEGISLATION IN HAWAII
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
1 IT Security-related Legislation Judy Borreson Caruso CUMREC 2004 May 18, 2004 Copyright Judy Borreson Caruso, 2004. This work is the intellectual property.

1 IT Security-related Legislation Judy Borreson Caruso CUMREC 2004 May 18, 2004 Copyright Judy Borreson Caruso, This work is the intellectual property.
Copyright © 2009 by Pearson Prentice Hall. All rights reserved. PowerPoint Slides to Accompany CONTEMPORARY BUSINESS AND ONLINE COMMERCE LAW 6 th Edition.

Copyright © 2009 by Pearson Prentice Hall. All rights reserved. PowerPoint Slides to Accompany CONTEMPORARY BUSINESS AND ONLINE COMMERCE LAW 6 th Edition.
© 2003, EDUCAUSE Information Privacy: Public Policy and Institutional Policies Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.

© 2003, EDUCAUSE Information Privacy: Public Policy and Institutional Policies Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.
E-Commerce: Regulatory, Ethical, and Social Environments

E-Commerce: Regulatory, Ethical, and Social Environments
CJ © 2011 Cengage Learning Chapter 17 Cyber Crime and The Future of Criminal Justice.

CJ © 2011 Cengage Learning Chapter 17 Cyber Crime and The Future of Criminal Justice.
The Realities and Challenges of Cyber Crime and Cyber Security in Africa Prof Raymond Akwule President/CEO Digital Bridge Institute 2011 Workshop on Cyber.

The Realities and Challenges of Cyber Crime and Cyber Security in Africa Prof Raymond Akwule President/CEO Digital Bridge Institute 2011 Workshop on Cyber.

Similar presentations

Ads by Google