• Save
Upcoming SlideShare
Loading in...5








Total Views
Views on SlideShare
Embed Views



9 Embeds 234

http://saetiadotnet.wordpress.com 134
http://www.secguru.com 61
http://www.slideshare.net 23
http://natthaporn09.wordpress.com 8
http://www.techgig.com 4 1 1
https://staffs.blackboard.com 1
https://blackboard.strayer.edu 1



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • Thank you so much for presenting such a comprehensive documentation. Highly informative and helpful.
    Are you sure you want to
    Your message goes here
  • Impressive presentation of 'COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN'. You’ve shown your credibility on presentation with this slideshow. This one deserves thumbs up. I’m John, owner of www.freeringtones.ws/ . Hope to see more quality slides from you.

    Best wishes.
    Are you sure you want to
    Your message goes here
  • As a management instructor I appreciate viewing the work of others. This is probably the best demonstration on planning I have viewed.
    http://financejedi.com http://healthjedi.com
    Are you sure you want to
    Your message goes here
  • http://www.fioricetsupply.com is the place to resolve the price problem. Buy now and make a deal for you.
    Are you sure you want to
    Your message goes here
  • moldova lawyerwatched this video.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment
  • Will address: Laws Computer Crime Computer Crime Investigations Ethics


  • Objectives
    • To review computer crime laws and regulations ; investigative measures and techniques used to determine if a crime has been committed and methods to gather evidence; and the ethical constraints that provide a code of conduct for the security professional.
    • To review the methods for determining if a computer crime has been committed ; the laws that would be applicable for the crime; laws prohibiting specific types of computer crime; methods to gather and preserve evidence of a computer crime, investigative methods and techniques ; and ways in which RFC 1087 and the (ISC) 2 Code of Ethics can be applied to resolve ethical dilemmas.
  • References Used
    • Handbook of Information Security Management 1999 - Krause & Tipton
    • Computer Security Handbook, Third Edition - Hutt, Bosworth & Hoyt
    • Security in Computing - Pfleeger
    • (ISC) 2 CBK Review Materials
    • Computer Crime - Icove, Seger & VonStorch
    • Computer, Ethics, and Society - Ermann, Williams & Shauf
    • An Introduction to Computer Security: The NIST Handbook
    View slide
  • Topics to Be Covered
    • Computer Laws
    • Computer Crime
    • Computer Crime Investigations
    • Computer Ethics
    View slide
  • Proprietary Rights & Obligations
    • Legal Forms of Protection
      • Trade Secrets: Information that Provides a Competitive Advantage. Protect Ideas.
      • Copyrights: Right of an Author to Prevent Use or Copying Works of the Author. Protect Expression of Ideas.
      • Patents: Protect Results of Science, Technology & Engineering
    • Business Needs
      • Protect Developed Software
      • Contractual Agreements
      • Define Trade Secrets for Employees
  • Proprietary Rights & Obligations (continued)
    • Security Techniques to Protect Trade Secrets
      • Numbering Copies
      • Logging Document Issuance
      • Checking Files & Workstations
      • Secure Storage
      • Controlled Distribution
      • Limitations on Copying
    • Contractual Commitments to Protect Proprietary Rights
      • Licensing Agreements with Vendors
      • Liability for Compliance
  • Proprietary Rights & Obligations (continued)
    • Enforcement Efforts
      • Software Protection Association (SPA)
      • Federation Against Software Theft (FAST)
      • Business Software Alliance (BSA)
    • Personal Computers
      • Establish User Accountability
      • Policy Development and Circulation
      • Purging of Proprietary Software
  • Protection for Computer Objects
    • Hardware - Patents
    • Firmware
      • Patents for Physical Devices
      • Trade Secret Protection for Code
    • Object Code Software - Copyrights
    • Source Code Software - Trade Secrets
    • Documentation - Copyrights
  • Management Problems
    • Corporate Recordkeeping
      • Accuracy of Computer Records: Potential Use in Court
      • IRS Rules: Inadequate Controls May Impact Audit Findings
    • Labor and Management Relations
      • Collective Bargaining: Disciplinary Actions, Workplace Rules
      • Work Stoppage
      • Limitations on Background Investigations
      • Limitations on Drug and Polygraph Testing
      • Disgruntled Employees
      • Non-Disclosure Requirements
      • Immigration Laws
      • Establishment and Enforcement of Security Rules
  • Management Problems (continued)
    • Data Communications: Disclosure thru -
      • Eavesdropping and Interception
      • Loss of Confidential Information
    • Outsourcing
      • Contract Review
      • Review of Contractor’s Capabilities
      • Impact of Downsizing
      • Contractor Use of Proprietary Software
  • Management Problems (continued)
    • Personal Injury
      • Employee Safety
      • Carpal Tunnel Syndrome
      • Radiation Injury
    • Insurance Against Legal Liability
      • Requirements for Security Precautions
      • Right to Inspect Premises
      • Cooperation with Insurance Company
  • Legal Liability
    • Due Care: Minimum and Customary Practice of Responsible Protection of Assets
    • Due Diligence: The Prudent Management and Execution of Due Care
    • Programming Errors: Reasonable Precautions for -
      • Loss of a Program
      • Unauthorized Revisions
      • Availability of Backup Versions
    • Product Liability
      • Liability for Database Inaccuracies: Due to Security Breaches
      • European Union: No Limits on Personal Liability for Personal Injury
  • Legal Liability (continued)
    • Defamation
      • Libel Due to Inaccuracy of Data
      • Unauthorized Release of Confidential Information
      • Alteration of Visual Images
    • Foreign Corrupt Practices Act
      • Mandate for Security Controls or Cost/Benefit Analysis
      • Potential SEC Litigation
  • Legal Liability (continued)
    • Failure to Observe Standards
      • FIPS Pubs and CSL Bulletins
      • Failure to Comply Used in Litigation
    • Personal Liability
      • Action or Inaction was Proximate Cause
      • Financial Responsibility to Plaintiff
      • Joint and Several Liability
  • Legal Liability (continued)
    • Federal Sentencing Guidelines
      • Chapter 8 Added 1991
      • Applicable to Organizations
      • Violations of Federal Law
      • Specifies Levels of Fines
      • Mitigation of Fines Through Implementation of Precautions
  • Privacy & Other Personal Rights
    • The Federal Privacy Act
      • Government Files Open to Public Unless Specified
      • Act Applies to Executive Branch Only
      • “ Record” = Information about an Individual
      • Must be Need to Maintain Records
      • Disclosure Prohibited without Consent
      • Requirements on Government Agencies
        • Record Disclosures
        • Public Notice of Existence of Records
        • Ensure Security & Confidentiality of Records
  • Privacy and Other Personal Rights (continued)
    • State Acts and Regulations
      • Fair Information Practices Acts: Define Information that Can be Collected
      • Uniform Information Practices Code - National Conference of Commissioners on Uniform State Laws: Recommended Model
      • Statutes Regulating Information Maintained by Private Organizations: e.g..., Health Care, Insurance
  • Privacy and Other Personal Rights (continued)
    • Other Employee Rights
      • Electronic Mail: Expectations of Privacy
      • Drug Testing: Limited to Sensitive Positions Only
      • Freedom From Hostile Work Environment
    • International Privacy
      • European Statutes Cover Both Government and Private Corporate Records
      • Application Primarily to Computerized Data Banks
      • Strict Rules on Disclosure
      • Prohibitions of Transfer of Information Across National Boundaries
  • Privacy and Other Personal Rights (continued)
    • Management Responsibilities
      • Regular Review with Legal Department
      • Consider all Jurisdictions
      • Prepare Policies for Compliance
      • Enforce Policies
      • Document Enforcement
  • Computer-Related Laws
    • Criminal Law
      • Victim is Society
      • Purpose of Prosecution is Punishment
      • Deterrent Effect of Punishment
      • Burden of Proof is Reasonable Doubt
      • Felonies - Jail > One Year
      • Misdemeanors - Jail < One Year
      • Federal and State Levels
        • Elements of Proof Vary Between and Among
        • Specific vs. General Applicability
  • Computer Crime Laws
    • Federal
      • Computer Fraud and Abuse Act (Title 18, U.S. Code, 1030)
        • *Accessing Federal Interest Computer (FIC) to acquire national defense information
        • Accessing an FIC to obtain financial information
        • Accessing an FIC to deny the use of the computer
        • *Accessing an FIC to affect a fraud
        • *Damaging or denying use of an FIC thru transmission of code, program, information or command
        • Furthering a fraud by trafficking in passwords
      • Economic Espionage Act of 1996: Obtaining trade secrets to benefit a foreign entity
      • Electronic Funds Transfer Act: Covers use, transport, sell, receive or furnish counterfeit, altered, lost, stolen, or fraudulently obtained debit instruments in interstate or foreign commerce.
  • Federal Computer Crime Laws (continued)
      • Child Pornography Prevention Act of 1996 (CPPA): Prohibits use of computer technology to produce child pornography.
      • Computer Security Act of 1987: Requires Federal Executive agencies to Establish Computer Security Programs.
      • Electronic Communications Privacy Act (ECPA): Prohibits unauthorized interception or retrieval of electronic communications
      • Fair Credit Reporting Act: Governs types of data that companies may be collected on private citizens & how it may be used.
      • Foreign Corrupt Practices Act: Covers improper foreign operations, but applies to all companies registered with the SEC, and requires companies to institute security programs.
      • Freedom of Information Act: Permits public access to information collected by the Federal Executive Branch.
  • Computer Laws (continued)
    • Civil Law (Tort Law)
      • Damage/Loss to an Individual or Business
      • Type of Punishment Different: No Incarceration
      • Primary Purpose is Financial Restitution
        • Compensatory Damages: Actual Damages, Attorney Fees, Lost Profits, Investigation Costs
        • Punitive Damages: Set by Jury to Punish Offender
        • Statutory Damages: Established by Law
      • Easier to Obtain Conviction: Preponderance of Evidence
      • Impoundment Orders/Writs of Possession: Equivalent to Search Warrant
  • Computer Laws (continued)
    • International Laws
      • Lack of Universal Cooperation
      • Differences in Interpretations of Laws
      • Outdated Laws Against Fraud
      • Problems with Evidence Admissibility
      • Extradition
      • Low Priority
  • Computer Crime
    • Computer Crime as a Separate Category
      • Rules of Property: Lack of Tangible Assets
      • Rules of Evidence: Lack of Original Documents
      • Threats to Integrity and Confidentiality: Goes beyond normal definition of a loss
      • Value of Data: Difficult to Measure. Cases of Restitution only for Media
      • Terminology: Statues have not kept pace. Is Computer Hardware “Machinery”? Does Software quality as “Supplies”.
  • Computer Crime (continued)
    • Computer Crime is Hard to Define
      • Lack of Understanding
      • Laws are Inadequate: Slow to Keep Pace with Rapidly Changing Technology
      • Multiple Roles for Computers
        • Object of a Crime: Target of an Attack
        • Subject of a Crime: Used to attack (impersonating a network node)
        • Medium of a Crime: Used as a Means to Commit a Crime (Trojan Horse)
  • Computer Crime (continued)
    • Difficulties in Prosecution
      • Understanding: Judges, Lawyers, Police, Jurors
      • Evidence: Lack of Tangible Evidence
      • Forms of Assets: e.g., Magnetic Particles, Computer Time
      • Juveniles:
        • Many Perpetrators are Juveniles
        • Adults Don’t Take Juvenile Crime Seriously
  • Legal Aspects of Cryptography
    • Prohibitions on Use Approach (e.g., France)
    • Prohibitions on Export (e.g., USA, GB, CAN, GER)
      • US Controls Export of Cryptography Implemented in Software
      • Practically Impossible to Enforce
  • Nature and Extent of Computer-Related Crime
    • Typology
      • Input Tampering: Entry of Fraudulent or False Data
      • Throughput Tampering: Altering Computer Instructions
      • Output Tampering: Theft of Information
    • Most Common Crimes
      • Input and Output Type
      • Fraudulent Disbursements
      • Fabrication of Data
  • The Computer Criminal
    • Typical Profile
      • Male, White, Young
      • No Prior Record
      • Works in Data Processing or Accounting
    • Myths
      • Special Talents are Necessary
      • Fraud has Increased Because of Computers
  • The Computer Criminal (continued)
    • Personal Motivations
      • Economic
      • Egocentric
      • Ideological
      • Psychotic
  • The Computer Criminal (continued)
    • Environmental Motivations
      • Work Environment
      • Reward System
      • Level of Interpersonal Trust
      • Ethical Environment
      • Stress Level
      • Internal Controls Environment
  • The Control Environment
    • Factors that Encourage Crime
      • Motivation
      • Personal Inducements
    • Factors that Discourage Crime
      • Prevention Measures
        • Internal Controls Systems
        • Access Control Systems
      • Detection Measures
        • Auditing
        • Supervision
  • Investigation Steps
    • Detection and Containment
      • Accidental Discovery
      • Audit Trail Review
      • Real-Time Intrusion Monitoring
      • Limit Further Loss
      • Reduction in Liability
    • Report to Management
      • Immediate Notification
      • Limit Knowledge of Investigation
      • Use Out-of-Band Communications
  • Investigation Steps (continued)
    • Preliminary Investigation
      • Determine if a Crime has Occurred
      • Review Complaint
      • Inspect Damage
      • Interview Witnesses
      • Examine Logs
      • Identify Investigation Requirements
  • Investigation Steps (continued)
    • Disclosure Determination
      • Determine if Disclosure is Required by Law
      • Determine if Disclosure is Desired
      • Caution in Dealing with the Media
    • Courses of Action
      • Do Nothing
      • Surveillance
      • Eliminate Security Holes
      • Is Police Report Required?
      • Is Prosecution a Goal?
  • Investigation Steps (continued)
    • Conducting the Investigation
      • Investigative Responsibility
        • Internal Investigation
        • External Private Consultant Investigation
        • Local/State/Federal Investigation
      • Factors
        • Cost
        • Legal Issues (Privacy, Evidence, Search & Seizure)
        • Information Dissemination
        • Investigative Control
  • Investigative Process
    • Identify Potential Suspects
      • Insiders
      • Outsiders
      • Collaboration
    • Identify Potential Witnesses
      • Who to Interview
      • Who to Conduct Interview
  • Investigative Process (continued)
    • Identify Type of System to be Seized
      • Network, Hardware & Software Configuration
      • System Experts
      • Security System in Place
      • Location of System
      • Elements of Proof
      • Probable Cause/Warrant
      • Location of Analysis
  • Investigative Process (continued)
    • Identify Search and Seizure Team Members
      • Lead Investigator
      • Information Security Representative
      • Legal Representative
      • Technical Representatives
    • Obtain and Serve Search Warrants
    • Determine if System Is at Risk
      • Access of Suspect
      • Potential Destruction of Evidence
  • Investigation Steps (continued)
    • Execute the Plan
      • Secure and Control Scene
      • Protect Evidence
      • Don’t Touch Keyboard
      • Videotape Process
      • Capture Monitor Display
      • Unplug System
      • Remove Cover
      • Disks and Drives
      • Search Premises (for Magnetic Media and Documentation)
      • Seize Other Devices (that may contain information)
  • Investigation Steps (continued)
    • Conduct Surveillance
      • Physical: Determine Subject’s Habits, Associates, Life Style
      • Computer: Audit Logs or Electronic Monitoring
    • Other Information Sources
      • Personnel Files
      • Telephone and Fax Logs
      • Security Logs
      • Time Cards
    • Investigative Reporting
      • Document Known Facts
      • Statement of Final Conclusions
  • Computer Forensics
    • Conduct a Disk Image Backup of Suspect System: Bit level Copy of the Disk, Sector by Sector
    • Authenticate the File System: Create Message Digest for all Directories, Files & Disk Sectors
    • Analyze Restored Data: Conduct Forensic Analysis in a Controlled Environment
      • Search Tools: Quick View Plus, Expert Witness, Super Sleuth
      • Searching for Obscure Data: Hidden Files/Directories, Erased or Deleted Files, Encrypted Data, Overwritten Files
      • Steganography: Hiding a Piece of Information within Another
      • Review Communications Programs: Links to Others
  • Computer Forensics (continued)
    • Reassemble and Boot Suspect System with Clean Operating System
      • Target System May Be Infected
      • Obtain System Time as Reference
      • Run Complete System Analysis Report
    • Boot Suspect System with Original Operating System
      • Identify Rogue Programs
      • Identify Background Programs
      • Identify What System Interrupts have Been Set
  • Computer Forensics (continued)
    • Search Backup Media: Don’t Forget Off-Site Storage
    • Search Access Controlled Systems and Encrypted Files
      • Password Cracking
      • Publisher Back Door
      • Documentary Clues
      • Ask the Suspect
      • Case Law on Obtaining Passwords from Suspects
  • Rules of Evidence
    • Types of Evidence
      • Direct: Oral Testimony by Witness
      • Real: Tangible Objects/Physical Evidence
      • Documentary: Printed Business Records, Manuals, Printouts
      • Demonstrative: Used to Aid the Jury (Models, Illustrations, Charts
    • Best Evidence Rule: To Limit Potential for Alteration
    • Exclusionary Rule: Evidence Must be Gathered Legally or it Can’t Be Used
    • Hearsay Rule: Key for Computer Generated Evidence
      • Second Hand Evidence
      • Admissibility Based on Veracity and Competence of Source
      • Exceptions: Rule 803 of Federal Rules of Evidence (Business Documents created at the time by person with knowledge, part of regular business, routinely kept, supported by testimony)
  • Rules of Evidence (continued)
    • Chain of Evidence: Accountability & Protection
      • Who Obtained Evidence
      • Where and When it was Obtained
      • Who Secured it
      • Who Controlled it
      • Account for Everyone Who Had Access to or Handled the Evidence
      • Assurance Against Tampering
  • Rules of Evidence (continued)
    • Admissibility of Evidence: Computer-generated Evidence is Always Suspect
      • Relevancy: Must Prove a Fact that is Material to the Case
      • Reliability: Prove Reliability of Evidence and the Process for Producing It
    • Evidence Life Cycle
      • Collection and Identification
      • Storage, Preservation, and Transportation
      • Presentation in Court
      • Return to Victim (Owner)
  • Legal Proceedings
    • Discovery
      • Defense Granted Access to All Investigative Materials
      • Protective Order Limits Who Has Access
    • Grand Jury and Preliminary Hearings
      • Witnesses Called
      • Assign Law Enforcement Liaison
    • Trial: Unknown Results
    • Recovery of Damages: Thru Civil Courts
  • Legal Proceedings (continued)
    • Post Mortem Review: Analyze Attack and Close Security Holes
      • Incident Response Plan
      • Information Dissemination Policy
      • Incident Reporting Policy
      • Electronic Monitoring Statement
      • Audit Trail Policy
      • Warning Banner (Prohibit Unauthorized Access and Give Notice of Monitoring)
      • Need for Additional Personnel Security Controls
  • Ethics Origins and Outlook
    • Differences Between Law and Ethics: Must vs. Should
    • Origins
      • Common Good
      • National Interest
      • Individual Rights
      • Enlightened Self-Interest
      • Law
      • Tradition/Culture
      • Religion
    • Fundamental Changes to Society
    • No Sandbox Training
  • Common Fallacies of the Computer Generation
    • The Computer Game Fallacy: Computer Designed to Prevent Abuse
    • The Law-Abiding Citizen Fallacy: Constitutional Rights
    • The Shatterproof Fallacy: Limited Effects
    • The Candy-from-a-Baby Fallacy: It’s Easy So It Must be OK
    • The Hacker’s Fallacy: Means of Learning
    • The Free Information Fallacy: Information Wants to Be Free
  • Resources
    • National Computer Ethics and Responsibilities Campaign (NCERC)
    • Computer Ethics Resource Guide
    • National Computer Security Association (NCSA)
    • Computer Ethics Institute
      • 1991 – Ten Commandments of Computer Ethics
      • End User’s Basic Tenants of Responsible Computing
      • Four Primary Values
      • Considerations for Conduct
      • The Code of Fair Information Practices
      • Unacceptable Internet Activities (RFC 1087)
  • (ISC) 2 Code of Ethics
    • Conduct to meet highest standards of moral, ethical, and legal behavior
    • Maintain personal reputation and that of the profession
    • Report unlawful activities and cooperate in investigation
    • Promote prudent information security measures
    • Provide competent service and avoid conflicts of interest
    • Execute responsibilities in keeping with highest professional standards
    • Use information properly
    • Maintain confidentiality of information
  • Ethical Responsibilities
    • Collectors of Data to Data Subjects for:
      • Integrity
      • Confidentiality
    • Custodians of Data to Owners of Data for:
      • Availability
      • Integrity
    • Users of Data to Data Subjects and Owners for:
      • Confidentiality
      • Integrity
  • Competitive Intelligence
    • Published Material & Public Documents
    • Disclosures by Competitor Employees (without Subterfuge)
    • Market Surveys & Consultant’s Reports
    • Financial Reports & Broker’s Research Surveys
    • Trade Fairs, Exhibits, & Competitor Literature
    • Analysis of Competitor Products
    • Reports of Own Personnel
    • Legitimate Employment Interviews with Competitor Employees
  • Industrial Espionage
    • Camouflaged Questioning of Competitor’s Employees
    • Direct Observation under Secret Conditions
    • False Job Interviews
    • False Negotiations
    • Use of Professional Investigators
    • Hiring Competitor’s Employees
    • Trespassing
    • Bribing Suppliers and Employees
    • Planting Agent on Competitor Payroll
    • Eavesdropping
    • Theft of Information
    • Blackmail and Extortion
  • Plan of Action
    • Develop organizational guide to computer ethics
    • Develop a computer ethics policy to supplement the computer security policy
    • Include computer ethics information in the employee handbook
    • Expand business ethics policy to include computer ethics
    • Foster user awareness of computer ethics
    • Establish an E-mail privacy policy and promote user awareness of it