Your SlideShare is downloading. ×
0
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN

11,996

Published on

COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN

COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN

Published in: Technology, Business
5 Comments
24 Likes
Statistics
Notes
  • Thank you so much for presenting such a comprehensive documentation. Highly informative and helpful.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Impressive presentation of 'COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN'. You’ve shown your credibility on presentation with this slideshow. This one deserves thumbs up. I’m John, owner of www.freeringtones.ws/ . Hope to see more quality slides from you.

    Best wishes.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • As a management instructor I appreciate viewing the work of others. This is probably the best demonstration on planning I have viewed.
    Anisa
    http://financejedi.com http://healthjedi.com
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • http://www.fioricetsupply.com is the place to resolve the price problem. Buy now and make a deal for you.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • moldova lawyerwatched this video.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
11,996
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
0
Comments
5
Likes
24
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Will address: Laws Computer Crime Computer Crime Investigations Ethics
  • Transcript

    • 1. COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
    • 2. Objectives <ul><li>To review computer crime laws and regulations ; investigative measures and techniques used to determine if a crime has been committed and methods to gather evidence; and the ethical constraints that provide a code of conduct for the security professional. </li></ul><ul><li>To review the methods for determining if a computer crime has been committed ; the laws that would be applicable for the crime; laws prohibiting specific types of computer crime; methods to gather and preserve evidence of a computer crime, investigative methods and techniques ; and ways in which RFC 1087 and the (ISC) 2 Code of Ethics can be applied to resolve ethical dilemmas. </li></ul>
    • 3. References Used <ul><li>Handbook of Information Security Management 1999 - Krause & Tipton </li></ul><ul><li>Computer Security Handbook, Third Edition - Hutt, Bosworth & Hoyt </li></ul><ul><li>Security in Computing - Pfleeger </li></ul><ul><li>(ISC) 2 CBK Review Materials </li></ul><ul><li>Computer Crime - Icove, Seger & VonStorch </li></ul><ul><li>Computer, Ethics, and Society - Ermann, Williams & Shauf </li></ul><ul><li>An Introduction to Computer Security: The NIST Handbook </li></ul>
    • 4. Topics to Be Covered <ul><li>Computer Laws </li></ul><ul><li>Computer Crime </li></ul><ul><li>Computer Crime Investigations </li></ul><ul><li>Computer Ethics </li></ul>
    • 5. COMPUTER CRIME LAWS
    • 6. Proprietary Rights & Obligations <ul><li>Legal Forms of Protection </li></ul><ul><ul><li>Trade Secrets: Information that Provides a Competitive Advantage. Protect Ideas. </li></ul></ul><ul><ul><li>Copyrights: Right of an Author to Prevent Use or Copying Works of the Author. Protect Expression of Ideas. </li></ul></ul><ul><ul><li>Patents: Protect Results of Science, Technology & Engineering </li></ul></ul><ul><li>Business Needs </li></ul><ul><ul><li>Protect Developed Software </li></ul></ul><ul><ul><li>Contractual Agreements </li></ul></ul><ul><ul><li>Define Trade Secrets for Employees </li></ul></ul>
    • 7. Proprietary Rights & Obligations (continued) <ul><li>Security Techniques to Protect Trade Secrets </li></ul><ul><ul><li>Numbering Copies </li></ul></ul><ul><ul><li>Logging Document Issuance </li></ul></ul><ul><ul><li>Checking Files & Workstations </li></ul></ul><ul><ul><li>Secure Storage </li></ul></ul><ul><ul><li>Controlled Distribution </li></ul></ul><ul><ul><li>Limitations on Copying </li></ul></ul><ul><li>Contractual Commitments to Protect Proprietary Rights </li></ul><ul><ul><li>Licensing Agreements with Vendors </li></ul></ul><ul><ul><li>Liability for Compliance </li></ul></ul>
    • 8. Proprietary Rights & Obligations (continued) <ul><li>Enforcement Efforts </li></ul><ul><ul><li>Software Protection Association (SPA) </li></ul></ul><ul><ul><li>Federation Against Software Theft (FAST) </li></ul></ul><ul><ul><li>Business Software Alliance (BSA) </li></ul></ul><ul><li>Personal Computers </li></ul><ul><ul><li>Establish User Accountability </li></ul></ul><ul><ul><li>Policy Development and Circulation </li></ul></ul><ul><ul><li>Purging of Proprietary Software </li></ul></ul>
    • 9. Protection for Computer Objects <ul><li>Hardware - Patents </li></ul><ul><li>Firmware </li></ul><ul><ul><li>Patents for Physical Devices </li></ul></ul><ul><ul><li>Trade Secret Protection for Code </li></ul></ul><ul><li>Object Code Software - Copyrights </li></ul><ul><li>Source Code Software - Trade Secrets </li></ul><ul><li>Documentation - Copyrights </li></ul>
    • 10. Management Problems <ul><li>Corporate Recordkeeping </li></ul><ul><ul><li>Accuracy of Computer Records: Potential Use in Court </li></ul></ul><ul><ul><li>IRS Rules: Inadequate Controls May Impact Audit Findings </li></ul></ul><ul><li>Labor and Management Relations </li></ul><ul><ul><li>Collective Bargaining: Disciplinary Actions, Workplace Rules </li></ul></ul><ul><ul><li>Work Stoppage </li></ul></ul><ul><ul><li>Limitations on Background Investigations </li></ul></ul><ul><ul><li>Limitations on Drug and Polygraph Testing </li></ul></ul><ul><ul><li>Disgruntled Employees </li></ul></ul><ul><ul><li>Non-Disclosure Requirements </li></ul></ul><ul><ul><li>Immigration Laws </li></ul></ul><ul><ul><li>Establishment and Enforcement of Security Rules </li></ul></ul>
    • 11. Management Problems (continued) <ul><li>Data Communications: Disclosure thru - </li></ul><ul><ul><li>Eavesdropping and Interception </li></ul></ul><ul><ul><li>Loss of Confidential Information </li></ul></ul><ul><li>Outsourcing </li></ul><ul><ul><li>Contract Review </li></ul></ul><ul><ul><li>Review of Contractor’s Capabilities </li></ul></ul><ul><ul><li>Impact of Downsizing </li></ul></ul><ul><ul><li>Contractor Use of Proprietary Software </li></ul></ul>
    • 12. Management Problems (continued) <ul><li>Personal Injury </li></ul><ul><ul><li>Employee Safety </li></ul></ul><ul><ul><li>Carpal Tunnel Syndrome </li></ul></ul><ul><ul><li>Radiation Injury </li></ul></ul><ul><li>Insurance Against Legal Liability </li></ul><ul><ul><li>Requirements for Security Precautions </li></ul></ul><ul><ul><li>Right to Inspect Premises </li></ul></ul><ul><ul><li>Cooperation with Insurance Company </li></ul></ul>
    • 13. Legal Liability <ul><li>Due Care: Minimum and Customary Practice of Responsible Protection of Assets </li></ul><ul><li>Due Diligence: The Prudent Management and Execution of Due Care </li></ul><ul><li>Programming Errors: Reasonable Precautions for - </li></ul><ul><ul><li>Loss of a Program </li></ul></ul><ul><ul><li>Unauthorized Revisions </li></ul></ul><ul><ul><li>Availability of Backup Versions </li></ul></ul><ul><li>Product Liability </li></ul><ul><ul><li>Liability for Database Inaccuracies: Due to Security Breaches </li></ul></ul><ul><ul><li>European Union: No Limits on Personal Liability for Personal Injury </li></ul></ul>
    • 14. Legal Liability (continued) <ul><li>Defamation </li></ul><ul><ul><li>Libel Due to Inaccuracy of Data </li></ul></ul><ul><ul><li>Unauthorized Release of Confidential Information </li></ul></ul><ul><ul><li>Alteration of Visual Images </li></ul></ul><ul><li>Foreign Corrupt Practices Act </li></ul><ul><ul><li>Mandate for Security Controls or Cost/Benefit Analysis </li></ul></ul><ul><ul><li>Potential SEC Litigation </li></ul></ul>
    • 15. Legal Liability (continued) <ul><li>Failure to Observe Standards </li></ul><ul><ul><li>FIPS Pubs and CSL Bulletins </li></ul></ul><ul><ul><li>Failure to Comply Used in Litigation </li></ul></ul><ul><li>Personal Liability </li></ul><ul><ul><li>Action or Inaction was Proximate Cause </li></ul></ul><ul><ul><li>Financial Responsibility to Plaintiff </li></ul></ul><ul><ul><li>Joint and Several Liability </li></ul></ul>
    • 16. Legal Liability (continued) <ul><li>Federal Sentencing Guidelines </li></ul><ul><ul><li>Chapter 8 Added 1991 </li></ul></ul><ul><ul><li>Applicable to Organizations </li></ul></ul><ul><ul><li>Violations of Federal Law </li></ul></ul><ul><ul><li>Specifies Levels of Fines </li></ul></ul><ul><ul><li>Mitigation of Fines Through Implementation of Precautions </li></ul></ul>
    • 17. Privacy & Other Personal Rights <ul><li>The Federal Privacy Act </li></ul><ul><ul><li>Government Files Open to Public Unless Specified </li></ul></ul><ul><ul><li>Act Applies to Executive Branch Only </li></ul></ul><ul><ul><li>“ Record” = Information about an Individual </li></ul></ul><ul><ul><li>Must be Need to Maintain Records </li></ul></ul><ul><ul><li>Disclosure Prohibited without Consent </li></ul></ul><ul><ul><li>Requirements on Government Agencies </li></ul></ul><ul><ul><ul><li>Record Disclosures </li></ul></ul></ul><ul><ul><ul><li>Public Notice of Existence of Records </li></ul></ul></ul><ul><ul><ul><li>Ensure Security & Confidentiality of Records </li></ul></ul></ul>
    • 18. Privacy and Other Personal Rights (continued) <ul><li>State Acts and Regulations </li></ul><ul><ul><li>Fair Information Practices Acts: Define Information that Can be Collected </li></ul></ul><ul><ul><li>Uniform Information Practices Code - National Conference of Commissioners on Uniform State Laws: Recommended Model </li></ul></ul><ul><ul><li>Statutes Regulating Information Maintained by Private Organizations: e.g..., Health Care, Insurance </li></ul></ul>
    • 19. Privacy and Other Personal Rights (continued) <ul><li>Other Employee Rights </li></ul><ul><ul><li>Electronic Mail: Expectations of Privacy </li></ul></ul><ul><ul><li>Drug Testing: Limited to Sensitive Positions Only </li></ul></ul><ul><ul><li>Freedom From Hostile Work Environment </li></ul></ul><ul><li>International Privacy </li></ul><ul><ul><li>European Statutes Cover Both Government and Private Corporate Records </li></ul></ul><ul><ul><li>Application Primarily to Computerized Data Banks </li></ul></ul><ul><ul><li>Strict Rules on Disclosure </li></ul></ul><ul><ul><li>Prohibitions of Transfer of Information Across National Boundaries </li></ul></ul>
    • 20. Privacy and Other Personal Rights (continued) <ul><li>Management Responsibilities </li></ul><ul><ul><li>Regular Review with Legal Department </li></ul></ul><ul><ul><li>Consider all Jurisdictions </li></ul></ul><ul><ul><li>Prepare Policies for Compliance </li></ul></ul><ul><ul><li>Enforce Policies </li></ul></ul><ul><ul><li>Document Enforcement </li></ul></ul>
    • 21. Computer-Related Laws <ul><li>Criminal Law </li></ul><ul><ul><li>Victim is Society </li></ul></ul><ul><ul><li>Purpose of Prosecution is Punishment </li></ul></ul><ul><ul><li>Deterrent Effect of Punishment </li></ul></ul><ul><ul><li>Burden of Proof is Reasonable Doubt </li></ul></ul><ul><ul><li>Felonies - Jail > One Year </li></ul></ul><ul><ul><li>Misdemeanors - Jail < One Year </li></ul></ul><ul><ul><li>Federal and State Levels </li></ul></ul><ul><ul><ul><li>Elements of Proof Vary Between and Among </li></ul></ul></ul><ul><ul><ul><li>Specific vs. General Applicability </li></ul></ul></ul>
    • 22. Computer Crime Laws <ul><li>Federal </li></ul><ul><ul><li>Computer Fraud and Abuse Act (Title 18, U.S. Code, 1030) </li></ul></ul><ul><ul><ul><li>*Accessing Federal Interest Computer (FIC) to acquire national defense information </li></ul></ul></ul><ul><ul><ul><li>Accessing an FIC to obtain financial information </li></ul></ul></ul><ul><ul><ul><li>Accessing an FIC to deny the use of the computer </li></ul></ul></ul><ul><ul><ul><li>*Accessing an FIC to affect a fraud </li></ul></ul></ul><ul><ul><ul><li>*Damaging or denying use of an FIC thru transmission of code, program, information or command </li></ul></ul></ul><ul><ul><ul><li>Furthering a fraud by trafficking in passwords </li></ul></ul></ul><ul><ul><li>Economic Espionage Act of 1996: Obtaining trade secrets to benefit a foreign entity </li></ul></ul><ul><ul><li>Electronic Funds Transfer Act: Covers use, transport, sell, receive or furnish counterfeit, altered, lost, stolen, or fraudulently obtained debit instruments in interstate or foreign commerce. </li></ul></ul>
    • 23. Federal Computer Crime Laws (continued) <ul><ul><li>Child Pornography Prevention Act of 1996 (CPPA): Prohibits use of computer technology to produce child pornography. </li></ul></ul><ul><ul><li>Computer Security Act of 1987: Requires Federal Executive agencies to Establish Computer Security Programs. </li></ul></ul><ul><ul><li>Electronic Communications Privacy Act (ECPA): Prohibits unauthorized interception or retrieval of electronic communications </li></ul></ul><ul><ul><li>Fair Credit Reporting Act: Governs types of data that companies may be collected on private citizens & how it may be used. </li></ul></ul><ul><ul><li>Foreign Corrupt Practices Act: Covers improper foreign operations, but applies to all companies registered with the SEC, and requires companies to institute security programs. </li></ul></ul><ul><ul><li>Freedom of Information Act: Permits public access to information collected by the Federal Executive Branch. </li></ul></ul>
    • 24. Computer Laws (continued) <ul><li>Civil Law (Tort Law) </li></ul><ul><ul><li>Damage/Loss to an Individual or Business </li></ul></ul><ul><ul><li>Type of Punishment Different: No Incarceration </li></ul></ul><ul><ul><li>Primary Purpose is Financial Restitution </li></ul></ul><ul><ul><ul><li>Compensatory Damages: Actual Damages, Attorney Fees, Lost Profits, Investigation Costs </li></ul></ul></ul><ul><ul><ul><li>Punitive Damages: Set by Jury to Punish Offender </li></ul></ul></ul><ul><ul><ul><li>Statutory Damages: Established by Law </li></ul></ul></ul><ul><ul><li>Easier to Obtain Conviction: Preponderance of Evidence </li></ul></ul><ul><ul><li>Impoundment Orders/Writs of Possession: Equivalent to Search Warrant </li></ul></ul>
    • 25. Computer Laws (continued) <ul><li>International Laws </li></ul><ul><ul><li>Lack of Universal Cooperation </li></ul></ul><ul><ul><li>Differences in Interpretations of Laws </li></ul></ul><ul><ul><li>Outdated Laws Against Fraud </li></ul></ul><ul><ul><li>Problems with Evidence Admissibility </li></ul></ul><ul><ul><li>Extradition </li></ul></ul><ul><ul><li>Low Priority </li></ul></ul>
    • 26. Computer Crime <ul><li>Computer Crime as a Separate Category </li></ul><ul><ul><li>Rules of Property: Lack of Tangible Assets </li></ul></ul><ul><ul><li>Rules of Evidence: Lack of Original Documents </li></ul></ul><ul><ul><li>Threats to Integrity and Confidentiality: Goes beyond normal definition of a loss </li></ul></ul><ul><ul><li>Value of Data: Difficult to Measure. Cases of Restitution only for Media </li></ul></ul><ul><ul><li>Terminology: Statues have not kept pace. Is Computer Hardware “Machinery”? Does Software quality as “Supplies”. </li></ul></ul>
    • 27. Computer Crime (continued) <ul><li>Computer Crime is Hard to Define </li></ul><ul><ul><li>Lack of Understanding </li></ul></ul><ul><ul><li>Laws are Inadequate: Slow to Keep Pace with Rapidly Changing Technology </li></ul></ul><ul><ul><li>Multiple Roles for Computers </li></ul></ul><ul><ul><ul><li>Object of a Crime: Target of an Attack </li></ul></ul></ul><ul><ul><ul><li>Subject of a Crime: Used to attack (impersonating a network node) </li></ul></ul></ul><ul><ul><ul><li>Medium of a Crime: Used as a Means to Commit a Crime (Trojan Horse) </li></ul></ul></ul>
    • 28. Computer Crime (continued) <ul><li>Difficulties in Prosecution </li></ul><ul><ul><li>Understanding: Judges, Lawyers, Police, Jurors </li></ul></ul><ul><ul><li>Evidence: Lack of Tangible Evidence </li></ul></ul><ul><ul><li>Forms of Assets: e.g., Magnetic Particles, Computer Time </li></ul></ul><ul><ul><li>Juveniles: </li></ul></ul><ul><ul><ul><li>Many Perpetrators are Juveniles </li></ul></ul></ul><ul><ul><ul><li>Adults Don’t Take Juvenile Crime Seriously </li></ul></ul></ul>
    • 29. Legal Aspects of Cryptography <ul><li>Prohibitions on Use Approach (e.g., France) </li></ul><ul><li>Prohibitions on Export (e.g., USA, GB, CAN, GER) </li></ul><ul><ul><li>US Controls Export of Cryptography Implemented in Software </li></ul></ul><ul><ul><li>Practically Impossible to Enforce </li></ul></ul>
    • 30. Nature and Extent of Computer-Related Crime <ul><li>Typology </li></ul><ul><ul><li>Input Tampering: Entry of Fraudulent or False Data </li></ul></ul><ul><ul><li>Throughput Tampering: Altering Computer Instructions </li></ul></ul><ul><ul><li>Output Tampering: Theft of Information </li></ul></ul><ul><li>Most Common Crimes </li></ul><ul><ul><li>Input and Output Type </li></ul></ul><ul><ul><li>Fraudulent Disbursements </li></ul></ul><ul><ul><li>Fabrication of Data </li></ul></ul>
    • 31. The Computer Criminal <ul><li>Typical Profile </li></ul><ul><ul><li>Male, White, Young </li></ul></ul><ul><ul><li>No Prior Record </li></ul></ul><ul><ul><li>Works in Data Processing or Accounting </li></ul></ul><ul><li>Myths </li></ul><ul><ul><li>Special Talents are Necessary </li></ul></ul><ul><ul><li>Fraud has Increased Because of Computers </li></ul></ul>
    • 32. The Computer Criminal (continued) <ul><li>Personal Motivations </li></ul><ul><ul><li>Economic </li></ul></ul><ul><ul><li>Egocentric </li></ul></ul><ul><ul><li>Ideological </li></ul></ul><ul><ul><li>Psychotic </li></ul></ul>
    • 33. The Computer Criminal (continued) <ul><li>Environmental Motivations </li></ul><ul><ul><li>Work Environment </li></ul></ul><ul><ul><li>Reward System </li></ul></ul><ul><ul><li>Level of Interpersonal Trust </li></ul></ul><ul><ul><li>Ethical Environment </li></ul></ul><ul><ul><li>Stress Level </li></ul></ul><ul><ul><li>Internal Controls Environment </li></ul></ul>
    • 34. The Control Environment <ul><li>Factors that Encourage Crime </li></ul><ul><ul><li>Motivation </li></ul></ul><ul><ul><li>Personal Inducements </li></ul></ul><ul><li>Factors that Discourage Crime </li></ul><ul><ul><li>Prevention Measures </li></ul></ul><ul><ul><ul><li>Internal Controls Systems </li></ul></ul></ul><ul><ul><ul><li>Access Control Systems </li></ul></ul></ul><ul><ul><li>Detection Measures </li></ul></ul><ul><ul><ul><li>Auditing </li></ul></ul></ul><ul><ul><ul><li>Supervision </li></ul></ul></ul>
    • 35. COMPUTER CRIME INVESTIGATION
    • 36. Investigation Steps <ul><li>Detection and Containment </li></ul><ul><ul><li>Accidental Discovery </li></ul></ul><ul><ul><li>Audit Trail Review </li></ul></ul><ul><ul><li>Real-Time Intrusion Monitoring </li></ul></ul><ul><ul><li>Limit Further Loss </li></ul></ul><ul><ul><li>Reduction in Liability </li></ul></ul><ul><li>Report to Management </li></ul><ul><ul><li>Immediate Notification </li></ul></ul><ul><ul><li>Limit Knowledge of Investigation </li></ul></ul><ul><ul><li>Use Out-of-Band Communications </li></ul></ul>
    • 37. Investigation Steps (continued) <ul><li>Preliminary Investigation </li></ul><ul><ul><li>Determine if a Crime has Occurred </li></ul></ul><ul><ul><li>Review Complaint </li></ul></ul><ul><ul><li>Inspect Damage </li></ul></ul><ul><ul><li>Interview Witnesses </li></ul></ul><ul><ul><li>Examine Logs </li></ul></ul><ul><ul><li>Identify Investigation Requirements </li></ul></ul>
    • 38. Investigation Steps (continued) <ul><li>Disclosure Determination </li></ul><ul><ul><li>Determine if Disclosure is Required by Law </li></ul></ul><ul><ul><li>Determine if Disclosure is Desired </li></ul></ul><ul><ul><li>Caution in Dealing with the Media </li></ul></ul><ul><li>Courses of Action </li></ul><ul><ul><li>Do Nothing </li></ul></ul><ul><ul><li>Surveillance </li></ul></ul><ul><ul><li>Eliminate Security Holes </li></ul></ul><ul><ul><li>Is Police Report Required? </li></ul></ul><ul><ul><li>Is Prosecution a Goal? </li></ul></ul>
    • 39. Investigation Steps (continued) <ul><li>Conducting the Investigation </li></ul><ul><ul><li>Investigative Responsibility </li></ul></ul><ul><ul><ul><li>Internal Investigation </li></ul></ul></ul><ul><ul><ul><li>External Private Consultant Investigation </li></ul></ul></ul><ul><ul><ul><li>Local/State/Federal Investigation </li></ul></ul></ul><ul><ul><li>Factors </li></ul></ul><ul><ul><ul><li>Cost </li></ul></ul></ul><ul><ul><ul><li>Legal Issues (Privacy, Evidence, Search & Seizure) </li></ul></ul></ul><ul><ul><ul><li>Information Dissemination </li></ul></ul></ul><ul><ul><ul><li>Investigative Control </li></ul></ul></ul>
    • 40. Investigative Process <ul><li>Identify Potential Suspects </li></ul><ul><ul><li>Insiders </li></ul></ul><ul><ul><li>Outsiders </li></ul></ul><ul><ul><li>Collaboration </li></ul></ul><ul><li>Identify Potential Witnesses </li></ul><ul><ul><li>Who to Interview </li></ul></ul><ul><ul><li>Who to Conduct Interview </li></ul></ul>
    • 41. Investigative Process (continued) <ul><li>Identify Type of System to be Seized </li></ul><ul><ul><li>Network, Hardware & Software Configuration </li></ul></ul><ul><ul><li>System Experts </li></ul></ul><ul><ul><li>Security System in Place </li></ul></ul><ul><ul><li>Location of System </li></ul></ul><ul><ul><li>Elements of Proof </li></ul></ul><ul><ul><li>Probable Cause/Warrant </li></ul></ul><ul><ul><li>Location of Analysis </li></ul></ul>
    • 42. Investigative Process (continued) <ul><li>Identify Search and Seizure Team Members </li></ul><ul><ul><li>Lead Investigator </li></ul></ul><ul><ul><li>Information Security Representative </li></ul></ul><ul><ul><li>Legal Representative </li></ul></ul><ul><ul><li>Technical Representatives </li></ul></ul><ul><li>Obtain and Serve Search Warrants </li></ul><ul><li>Determine if System Is at Risk </li></ul><ul><ul><li>Access of Suspect </li></ul></ul><ul><ul><li>Potential Destruction of Evidence </li></ul></ul>
    • 43. Investigation Steps (continued) <ul><li>Execute the Plan </li></ul><ul><ul><li>Secure and Control Scene </li></ul></ul><ul><ul><li>Protect Evidence </li></ul></ul><ul><ul><li>Don’t Touch Keyboard </li></ul></ul><ul><ul><li>Videotape Process </li></ul></ul><ul><ul><li>Capture Monitor Display </li></ul></ul><ul><ul><li>Unplug System </li></ul></ul><ul><ul><li>Remove Cover </li></ul></ul><ul><ul><li>Disks and Drives </li></ul></ul><ul><ul><li>Search Premises (for Magnetic Media and Documentation) </li></ul></ul><ul><ul><li>Seize Other Devices (that may contain information) </li></ul></ul>
    • 44. Investigation Steps (continued) <ul><li>Conduct Surveillance </li></ul><ul><ul><li>Physical: Determine Subject’s Habits, Associates, Life Style </li></ul></ul><ul><ul><li>Computer: Audit Logs or Electronic Monitoring </li></ul></ul><ul><li>Other Information Sources </li></ul><ul><ul><li>Personnel Files </li></ul></ul><ul><ul><li>Telephone and Fax Logs </li></ul></ul><ul><ul><li>Security Logs </li></ul></ul><ul><ul><li>Time Cards </li></ul></ul><ul><li>Investigative Reporting </li></ul><ul><ul><li>Document Known Facts </li></ul></ul><ul><ul><li>Statement of Final Conclusions </li></ul></ul>
    • 45. Computer Forensics <ul><li>Conduct a Disk Image Backup of Suspect System: Bit level Copy of the Disk, Sector by Sector </li></ul><ul><li>Authenticate the File System: Create Message Digest for all Directories, Files & Disk Sectors </li></ul><ul><li>Analyze Restored Data: Conduct Forensic Analysis in a Controlled Environment </li></ul><ul><ul><li>Search Tools: Quick View Plus, Expert Witness, Super Sleuth </li></ul></ul><ul><ul><li>Searching for Obscure Data: Hidden Files/Directories, Erased or Deleted Files, Encrypted Data, Overwritten Files </li></ul></ul><ul><ul><li>Steganography: Hiding a Piece of Information within Another </li></ul></ul><ul><ul><li>Review Communications Programs: Links to Others </li></ul></ul>
    • 46. Computer Forensics (continued) <ul><li>Reassemble and Boot Suspect System with Clean Operating System </li></ul><ul><ul><li>Target System May Be Infected </li></ul></ul><ul><ul><li>Obtain System Time as Reference </li></ul></ul><ul><ul><li>Run Complete System Analysis Report </li></ul></ul><ul><li>Boot Suspect System with Original Operating System </li></ul><ul><ul><li>Identify Rogue Programs </li></ul></ul><ul><ul><li>Identify Background Programs </li></ul></ul><ul><ul><li>Identify What System Interrupts have Been Set </li></ul></ul>
    • 47. Computer Forensics (continued) <ul><li>Search Backup Media: Don’t Forget Off-Site Storage </li></ul><ul><li>Search Access Controlled Systems and Encrypted Files </li></ul><ul><ul><li>Password Cracking </li></ul></ul><ul><ul><li>Publisher Back Door </li></ul></ul><ul><ul><li>Documentary Clues </li></ul></ul><ul><ul><li>Ask the Suspect </li></ul></ul><ul><ul><li>Case Law on Obtaining Passwords from Suspects </li></ul></ul>
    • 48. Rules of Evidence <ul><li>Types of Evidence </li></ul><ul><ul><li>Direct: Oral Testimony by Witness </li></ul></ul><ul><ul><li>Real: Tangible Objects/Physical Evidence </li></ul></ul><ul><ul><li>Documentary: Printed Business Records, Manuals, Printouts </li></ul></ul><ul><ul><li>Demonstrative: Used to Aid the Jury (Models, Illustrations, Charts </li></ul></ul><ul><li>Best Evidence Rule: To Limit Potential for Alteration </li></ul><ul><li>Exclusionary Rule: Evidence Must be Gathered Legally or it Can’t Be Used </li></ul><ul><li>Hearsay Rule: Key for Computer Generated Evidence </li></ul><ul><ul><li>Second Hand Evidence </li></ul></ul><ul><ul><li>Admissibility Based on Veracity and Competence of Source </li></ul></ul><ul><ul><li>Exceptions: Rule 803 of Federal Rules of Evidence (Business Documents created at the time by person with knowledge, part of regular business, routinely kept, supported by testimony) </li></ul></ul>
    • 49. Rules of Evidence (continued) <ul><li>Chain of Evidence: Accountability & Protection </li></ul><ul><ul><li>Who Obtained Evidence </li></ul></ul><ul><ul><li>Where and When it was Obtained </li></ul></ul><ul><ul><li>Who Secured it </li></ul></ul><ul><ul><li>Who Controlled it </li></ul></ul><ul><ul><li>Account for Everyone Who Had Access to or Handled the Evidence </li></ul></ul><ul><ul><li>Assurance Against Tampering </li></ul></ul>
    • 50. Rules of Evidence (continued) <ul><li>Admissibility of Evidence: Computer-generated Evidence is Always Suspect </li></ul><ul><ul><li>Relevancy: Must Prove a Fact that is Material to the Case </li></ul></ul><ul><ul><li>Reliability: Prove Reliability of Evidence and the Process for Producing It </li></ul></ul><ul><li>Evidence Life Cycle </li></ul><ul><ul><li>Collection and Identification </li></ul></ul><ul><ul><li>Storage, Preservation, and Transportation </li></ul></ul><ul><ul><li>Presentation in Court </li></ul></ul><ul><ul><li>Return to Victim (Owner) </li></ul></ul>
    • 51. Legal Proceedings <ul><li>Discovery </li></ul><ul><ul><li>Defense Granted Access to All Investigative Materials </li></ul></ul><ul><ul><li>Protective Order Limits Who Has Access </li></ul></ul><ul><li>Grand Jury and Preliminary Hearings </li></ul><ul><ul><li>Witnesses Called </li></ul></ul><ul><ul><li>Assign Law Enforcement Liaison </li></ul></ul><ul><li>Trial: Unknown Results </li></ul><ul><li>Recovery of Damages: Thru Civil Courts </li></ul>
    • 52. Legal Proceedings (continued) <ul><li>Post Mortem Review: Analyze Attack and Close Security Holes </li></ul><ul><ul><li>Incident Response Plan </li></ul></ul><ul><ul><li>Information Dissemination Policy </li></ul></ul><ul><ul><li>Incident Reporting Policy </li></ul></ul><ul><ul><li>Electronic Monitoring Statement </li></ul></ul><ul><ul><li>Audit Trail Policy </li></ul></ul><ul><ul><li>Warning Banner (Prohibit Unauthorized Access and Give Notice of Monitoring) </li></ul></ul><ul><ul><li>Need for Additional Personnel Security Controls </li></ul></ul>
    • 53. COMPUTER ETHICS
    • 54. Ethics Origins and Outlook <ul><li>Differences Between Law and Ethics: Must vs. Should </li></ul><ul><li>Origins </li></ul><ul><ul><li>Common Good </li></ul></ul><ul><ul><li>National Interest </li></ul></ul><ul><ul><li>Individual Rights </li></ul></ul><ul><ul><li>Enlightened Self-Interest </li></ul></ul><ul><ul><li>Law </li></ul></ul><ul><ul><li>Tradition/Culture </li></ul></ul><ul><ul><li>Religion </li></ul></ul><ul><li>Fundamental Changes to Society </li></ul><ul><li>No Sandbox Training </li></ul>
    • 55. Common Fallacies of the Computer Generation <ul><li>The Computer Game Fallacy: Computer Designed to Prevent Abuse </li></ul><ul><li>The Law-Abiding Citizen Fallacy: Constitutional Rights </li></ul><ul><li>The Shatterproof Fallacy: Limited Effects </li></ul><ul><li>The Candy-from-a-Baby Fallacy: It’s Easy So It Must be OK </li></ul><ul><li>The Hacker’s Fallacy: Means of Learning </li></ul><ul><li>The Free Information Fallacy: Information Wants to Be Free </li></ul>
    • 56. Resources <ul><li>National Computer Ethics and Responsibilities Campaign (NCERC) </li></ul><ul><li>Computer Ethics Resource Guide </li></ul><ul><li>National Computer Security Association (NCSA) </li></ul><ul><li>Computer Ethics Institute </li></ul><ul><ul><li>1991 – Ten Commandments of Computer Ethics </li></ul></ul><ul><ul><li>End User’s Basic Tenants of Responsible Computing </li></ul></ul><ul><ul><li>Four Primary Values </li></ul></ul><ul><ul><li>Considerations for Conduct </li></ul></ul><ul><ul><li>The Code of Fair Information Practices </li></ul></ul><ul><ul><li>Unacceptable Internet Activities (RFC 1087) </li></ul></ul>
    • 57. (ISC) 2 Code of Ethics <ul><li>Conduct to meet highest standards of moral, ethical, and legal behavior </li></ul><ul><li>Maintain personal reputation and that of the profession </li></ul><ul><li>Report unlawful activities and cooperate in investigation </li></ul><ul><li>Promote prudent information security measures </li></ul><ul><li>Provide competent service and avoid conflicts of interest </li></ul><ul><li>Execute responsibilities in keeping with highest professional standards </li></ul><ul><li>Use information properly </li></ul><ul><li>Maintain confidentiality of information </li></ul>
    • 58. Ethical Responsibilities <ul><li>Collectors of Data to Data Subjects for: </li></ul><ul><ul><li>Integrity </li></ul></ul><ul><ul><li>Confidentiality </li></ul></ul><ul><li>Custodians of Data to Owners of Data for: </li></ul><ul><ul><li>Availability </li></ul></ul><ul><ul><li>Integrity </li></ul></ul><ul><li>Users of Data to Data Subjects and Owners for: </li></ul><ul><ul><li>Confidentiality </li></ul></ul><ul><ul><li>Integrity </li></ul></ul>
    • 59. Competitive Intelligence <ul><li>Published Material & Public Documents </li></ul><ul><li>Disclosures by Competitor Employees (without Subterfuge) </li></ul><ul><li>Market Surveys & Consultant’s Reports </li></ul><ul><li>Financial Reports & Broker’s Research Surveys </li></ul><ul><li>Trade Fairs, Exhibits, & Competitor Literature </li></ul><ul><li>Analysis of Competitor Products </li></ul><ul><li>Reports of Own Personnel </li></ul><ul><li>Legitimate Employment Interviews with Competitor Employees </li></ul>
    • 60. Industrial Espionage <ul><li>Camouflaged Questioning of Competitor’s Employees </li></ul><ul><li>Direct Observation under Secret Conditions </li></ul><ul><li>False Job Interviews </li></ul><ul><li>False Negotiations </li></ul><ul><li>Use of Professional Investigators </li></ul><ul><li>Hiring Competitor’s Employees </li></ul><ul><li>Trespassing </li></ul><ul><li>Bribing Suppliers and Employees </li></ul><ul><li>Planting Agent on Competitor Payroll </li></ul><ul><li>Eavesdropping </li></ul><ul><li>Theft of Information </li></ul><ul><li>Blackmail and Extortion </li></ul>
    • 61. Plan of Action <ul><li>Develop organizational guide to computer ethics </li></ul><ul><li>Develop a computer ethics policy to supplement the computer security policy </li></ul><ul><li>Include computer ethics information in the employee handbook </li></ul><ul><li>Expand business ethics policy to include computer ethics </li></ul><ul><li>Foster user awareness of computer ethics </li></ul><ul><li>Establish an E-mail privacy policy and promote user awareness of it </li></ul>
    • 62. QUESTIONS?

    ×