SlideShare a Scribd company logo

Law, Investigations and Ethics Guide

Download as PPT, PDF
7
7wounders
TechnologyBusiness
1 of 51
Law, Investigations and Ethics
Objectives To review computer crime laws and regulations; investigative measures and techniques used to determine if a crime has been committed and methods to gather evidence; and the ethical constraints that provide a code of conduct for the security professional. To review the methods for determining if a computer crime has been committed; the laws that would be applicable for the crime; laws prohibiting specific types of computer crime; methods to gather and preserve evidence of a computer crime, investigative methods and techniques; and ways in which RFC 1087 and the (ISC)2 Code of Ethics can be applied to resolve ethical dilemmas.
Law Investigation and Ethics  Laws  Security incidents  Recognition skills  Response skills  Technical skills  Investigations  Incident handling  Code of Ethics
Major categories of computer crime  Computer assisted crime - Criminal activities that are not unique to computers but merely use computers as tools to assist the criminal endeavor (e.g., fraud, child pornography)  Computer specific or targeted crime - Crimes directed at computers, networks, and the information stored on these systems (e.g., denial of service, sniffers, attacking passwords)  Computer is incidental - The computer is incidental to the criminal activity (e.g., customer lists for traffickers)
Laws Criminal Law - Individual conduct violating government laws enacted for the protection of the public Unauthorized access Exceeding authorized access Intellectual property theft or misuse of information Pornography Theft of computing services Forgery using a computer Property theft (e.g., computer hardware and chips) Invasion of privacy Denial-of-services Computer fraud Releasing viruses and other malicious code Sabotage (i.e., data alteration or malicious destruction) Extortion by computer Embezzlement using a computer Espionage involving computers Terrorism involving computers Identity theft
Laws Cont…  Civil Law (Tort)  Wrong against an individual or business, typically resulting in damage or loss to that individual or business  There is no jail sentence under the civil law system  Administrative Law (Regulatory law)  Establishes the standards of performance and conduct for organizations conducting business in various industries  Violations of these laws can result in financial penalties or imprisonment
Proprietary Rights & Obligations  Legal Forms of Protection  Trade Secrets: Information that Provides a Competitive Advantage. Protect Ideas.  Copyrights: Right of an Author to Prevent Use or Copying Works of the Author. Protect Expression of Ideas.  Patents: Protect Results of Science, Technology & Engineering  Business Needs  Protect Developed Software  Contractual Agreements  Define Trade Secrets for Employees
Proprietary Rights & Obligations Cont…  Security Techniques to Protect Trade Secrets  Numbering Copies  Logging Document Issuance  Checking Files & Workstations  Secure Storage  Controlled Distribution  Limitations on Copying  Contractual Commitments to Protect Proprietary Rights  Licensing Agreements with Vendors  Liability for Compliance
Proprietary Rights & Obligations Cont…  Enforcement Efforts  Software Protection Association (SPA)  Federation Against Software Theft (FAST)  Business Software Alliance (BSA)  Personal Computers  Establish User Accountability  Policy Development and Circulation  Purging of Proprietary Software
Protection for Computer Objects  Hardware - Patents  Firmware  Patents for Physical Devices  Trade Secret Protection for Code  Object Code Software - Copyrights  Source Code Software - Trade Secrets  Documentation - Copyrights
Management Problems  Corporate Recordkeeping  Accuracy of Computer Records: Potential Use in Court  IRS Rules: Inadequate Controls May Impact Audit Findings  Labor and Management Relations  Collective Bargaining: Disciplinary Actions, Workplace Rules  Work Stoppage  Limitations on Background Investigations  Limitations on Drug and Polygraph Testing  Disgruntled Employees  Non-Disclosure Requirements  Immigration Laws  Establishment and Enforcement of Security Rules
Management Problems Cont…  Data Communications: Disclosure thru -  Eavesdropping and Interception  Loss of Confidential Information  Outsourcing  Contract Review  Review of Contractor’s Capabilities  Impact of Downsizing  Contractor Use of Proprietary Software
Management Problems Cont…  Personal Injury  Employee Safety  Carpal Tunnel Syndrome  Radiation Injury  Insurance Against Legal Liability  Requirements for Security Precautions  Right to Inspect Premises  Cooperation with Insurance Company
Legal Liability  Due Care - Minimum and Customary Practice of Responsible Protection of Assets  Due Diligence - The Prudent Management and Execution of Due Care  Programming Errors - Reasonable Precautions for -  Loss of a Program  Unauthorized Revisions  Availability of Backup Versions  Product Liability  Liability for Database Inaccuracies: Due to Security Breaches  European Union: No Limits on Personal Liability for Personal Injury
Legal Liability Cont…  Defamation  Libel Due to Inaccuracy of Data  Unauthorized Release of Confidential Information  Alteration of Visual Images  Foreign Corrupt Practices Act  Mandate for Security Controls or Cost/Benefit Analysis  Potential SEC Litigation
Legal Liability Cont…  Failure to Observe Standards  FIPS Pubs and CSL Bulletins  Failure to Comply Used in Litigation  Personal Liability  Action or Inaction was Proximate Cause  Financial Responsibility to Plaintiff  Joint and Several Liability
Legal Liability Cont…  Federal Sentencing Guidelines  Chapter 8 Added 1991  Applicable to Organizations  Violations of Federal Law  Specifies Levels of Fines  Mitigation of Fines Through Implementation of Precautions
Privacy & Other Personal Rights  The Federal Privacy Act  Government Files Open to Public Unless Specified  Act Applies to Executive Branch Only  “Record” = Information about an Individual  Must be Need to Maintain Records  Disclosure Prohibited without Consent  Requirements on Government Agencies  Record Disclosures  Public Notice of Existence of Records  Ensure Security & Confidentiality of Records
Privacy and Other Personal Rights Cont…  State Acts and Regulations  Fair Information Practices Acts: Define Information that Can be Collected  Uniform Information Practices Code - National Conference of Commissioners on Uniform State Laws: Recommended Model  Statutes Regulating Information Maintained by Private Organizations: e.g..., Health Care, Insurance
Privacy and Other Personal Rights Cont…  Other Employee Rights  Electronic Mail: Expectations of Privacy  Drug Testing: Limited to Sensitive Positions Only  Freedom From Hostile Work Environment  International Privacy  European Statutes Cover Both Government and Private Corporate Records  Application Primarily to Computerized Data Banks  Strict Rules on Disclosure  Prohibitions of Transfer of Information Across National Boundaries
Privacy and Other Personal Rights Cont…  Management Responsibilities  Regular Review with Legal Department  Consider all Jurisdictions  Prepare Policies for Compliance  Enforce Policies  Document Enforcement
Computer Crime Laws  Federal  Computer Fraud and Abuse Act (Title 18, U.S. Code, 1030)  *Accessing Federal Interest Computer (FIC) to acquire national defense information  Accessing an FIC to obtain financial information  Accessing an FIC to deny the use of the computer  *Accessing an FIC to affect a fraud  *Damaging or denying use of an FIC thru transmission of code, program, information or command  Furthering a fraud by trafficking in passwords  Economic Espionage Act of 1996: Obtaining trade secrets to benefit a foreign entity  Electronic Funds Transfer Act: Covers use, transport, sell, receive or furnish counterfeit, altered, lost, stolen, or fraudulently obtained debit instruments in interstate or foreign commerce.
Federal Computer Crime Laws Cont…  Child Pornography Prevention Act of 1996 (CPPA): Prohibits use of computer technology to produce child pornography.  Computer Security Act of 1987: Requires Federal Executive agencies to Establish Computer Security Programs.  Electronic Communications Privacy Act (ECPA): Prohibits unauthorized interception or retrieval of electronic communications  Fair Credit Reporting Act: Governs types of data that companies may be collected on private citizens & how it may be used.  Foreign Corrupt Practices Act: Covers improper foreign operations, but applies to all companies registered with the SEC, and requires companies to institute security programs.  Freedom of Information Act: Permits public access to information collected by the Federal Executive Branch.
Computer Laws Cont…  International Laws  Lack of Universal Cooperation  Differences in Interpretations of Laws  Outdated Laws Against Fraud  Problems with Evidence Admissibility  Extradition  Low Priority
Computer Crime  Computer Crime as a Separate Category  Rules of Property: Lack of Tangible Assets  Rules of Evidence: Lack of Original Documents  Threats to Integrity and Confidentiality: Goes beyond normal definition of a loss  Value of Data: Difficult to Measure. Cases of Restitution only for Media  Terminology: Statues have not kept pace. Is Computer Hardware “Machinery”? Does Software quality as “Supplies”.
Computer Crime Cont…  Computer Crime is Hard to Define  Lack of Understanding  Laws are Inadequate: Slow to Keep Pace with Rapidly Changing Technology  Multiple Roles for Computers  Object of a Crime: Target of an Attack  Subject of a Crime: Used to attack (impersonating a network node)  Medium of a Crime: Used as a Means to Commit a Crime (Trojan Horse)  Difficulties in Prosecution  Understanding: Judges, Lawyers, Police, Jurors  Evidence: Lack of Tangible Evidence  Forms of Assets: e.g., Magnetic Particles, Computer Time  Juveniles:  Many Perpetrators are Juveniles  Adults Don’t Take Juvenile Crime Seriously
Nature and Extent of Computer-Related Crime  Typology  Input Tampering: Entry of Fraudulent or False Data  Throughput Tampering: Altering Computer Instructions  Output Tampering: Theft of Information  Most Common Crimes  Input and Output Type  Fraudulent Disbursements  Fabrication of Data
The Computer Criminal  Typical Profile  Male, White, Young  No Prior Record  Works in Data Processing or Accounting  Myths  Special Talents are Necessary  Fraud has Increased Because of Computers
The Criminal Motivation  Personal Motivations  Economic  Egocentric  Ideological  Psychotic  Environmental Motivations  Work Environment  Reward System  Level of Interpersonal Trust  Ethical Environment  Stress Level  Internal Controls Environment
The Control Environment  Factors that Encourage Crime  Motivation  Personal Inducements  Factors that Discourage Crime  Prevention Measures  Internal Controls Systems  Access Control Systems  Detection Measures  Auditing  Supervision
Crime Investigation  Detection and Containment  Accidental Discovery  Audit Trail Review  Real-Time Intrusion Monitoring  Limit Further Loss  Reduction in Liability  Report to Management  Immediate Notification  Limit Knowledge of Investigation  Use Out-of-Band Communications
Crime Investigation Cont…  Preliminary Investigation  Determine if a Crime has Occurred  Review Complaint  Inspect Damage  Interview Witnesses  Examine Logs  Identify Investigation Requirements
Crime Investigation Cont…  Disclosure Determination  Determine if Disclosure is Required by Law  Determine if Disclosure is Desired  Caution in Dealing with the Media  Courses of Action  Do Nothing  Surveillance  Eliminate Security Holes  Is Police Report Required?  Is Prosecution a Goal?
Crime Investigation Cont…  Conducting the Investigation  Investigative Responsibility  Internal Investigation  External Private Consultant Investigation  Local/State/Federal Investigation  Factors  Cost  Legal Issues (Privacy, Evidence, Search & Seizure)  Information Dissemination  Investigative Control
Crime Investigation Cont…  Execute the Plan  Secure and Control Scene  Protect Evidence  Don’t Touch Keyboard  Videotape Process  Capture Monitor Display  Unplug System  Remove Cover  Disks and Drives  Search Premises (for Magnetic Media and Documentation)  Seize Other Devices (that may contain information)
Crime Investigation Cont…  Conduct Surveillance  Physical: Determine Subject’s Habits, Associates, Life Style  Computer: Audit Logs or Electronic Monitoring  Other Information Sources  Personnel Files  Telephone and Fax Logs  Security Logs  Time Cards  Investigative Reporting  Document Known Facts  Statement of Final Conclusions
Computer Forensics  Conduct a Disk Image Backup of Suspect System: Bit level Copy of the Disk, Sector by Sector  Authenticate the File System: Create Message Digest for all Directories, Files & Disk Sectors  Analyze Restored Data: Conduct Forensic Analysis in a Controlled Environment  Search Tools: Quick View Plus, Expert Witness, Super Sleuth  Searching for Obscure Data: Hidden Files/Directories, Erased or Deleted Files, Encrypted Data, Overwritten Files  Steganography: Hiding a Piece of Information within Another  Review Communications Programs: Links to Others
Computer Forensics Cont…  Reassemble and Boot Suspect System with Clean Operating System  Target System May Be Infected  Obtain System Time as Reference  Run Complete System Analysis Report  Boot Suspect System with Original Operating System  Identify Rogue Programs  Identify Background Programs  Identify What System Interrupts have Been Set
Computer Forensics Cont…  Search Backup Media: Don’t Forget Off-Site Storage  Search Access Controlled Systems and Encrypted Files  Password Cracking  Publisher Back Door  Documentary Clues  Ask the Suspect  Case Law on Obtaining Passwords from Suspects
The Evidence  Types of Evidence  Direct: Oral Testimony by Witness  Real: Tangible Objects/Physical Evidence  Documentary: Printed Business Records, Manuals, Printouts  Demonstrative: Used to Aid the Jury (Models, Illustrations, Charts  Best Evidence Rule: To Limit Potential for Alteration  Exclusionary Rule: Evidence Must be Gathered Legally or it Can’t Be Used  Hearsay Rule: Key for Computer Generated Evidence  Second Hand Evidence  Admissibility Based on Veracity and Competence of Source  Exceptions: Rule 803 of Federal Rules of Evidence (Business Documents created at the time by person with knowledge, part of regular business, routinely kept, supported by testimony)
The Evidence Cont…  Chain of Evidence (Chain of Custody) - Accountability & Protection  Who Obtained Evidence  Where and When it was Obtained  Who Secured it  Who Controlled it  Account for Everyone Who Had Access to or Handled the Evidence  Assurance Against Tampering
The Evidence Cont…  Admissibility of Evidence: Computer-generated Evidence is Always Suspect  Relevancy: Must Prove a Fact that is Material to the Case  Reliability: Prove Reliability of Evidence and the Process for Producing It  Evidence Life Cycle  Collection and Identification  Storage, Preservation, and Transportation  Presentation in Court  Return to Victim (Owner)
Legal Proceedings  Discovery  Defense Granted Access to All Investigative Materials  Protective Order Limits Who Has Access  Grand Jury and Preliminary Hearings  Witnesses Called  Assign Law Enforcement Liaison  Trial: Unknown Results  Recovery of Damages: Thru Civil Courts
Legal Proceedings Cont…  Post Mortem Review: Analyze Attack and Close Security Holes  Incident Response Plan  Information Dissemination Policy  Incident Reporting Policy  Electronic Monitoring Statement  Audit Trail Policy  Warning Banner (Prohibit Unauthorized Access and Give Notice of Monitoring)  Need for Additional Personnel Security Controls
Ethics  Differences Between Law vs. Ethics: Must vs. Should  Origins  Common Good  National Interest  Individual Rights  Enlightened Self-Interest  Law  Tradition/Culture  Religion  Fundamental Changes to Society  No Sandbox Training
Referential Resources  National Computer Ethics and Responsibilities Campaign (NCERC)  Computer Ethics Resource Guide  National Computer Security Association (NCSA)  Computer Ethics Institute  1991 – Ten Commandments of Computer Ethics  End User’s Basic Tenants of Responsible Computing  Four Primary Values  Considerations for Conduct  The Code of Fair Information Practices  Unacceptable Internet Activities (RFC 1087)
(ISC)2 Code of Ethics  Code of Ethics Preamble  Safety of the commonwealth, duty to our principals, and to each other requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior.  Therefore, strict adherence to this Code is a condition of certification  Code of Ethics Canons  Protect society, the commonwealth, and the infrastructure.  Act honorably, honestly, justly, responsibly, and legally.  Provide diligent and competent service to principals.  Advance and protect the profession.
Competitive Intelligence  Published Material & Public Documents  Disclosures by Competitor Employees (without Subterfuge)  Market Surveys & Consultant’s Reports  Financial Reports & Broker’s Research Surveys  Trade Fairs, Exhibits, & Competitor Literature  Analysis of Competitor Products  Reports of Own Personnel  Legitimate Employment Interviews with Competitor Employees
Industrial Espionage  Camouflaged Questioning of Competitor’s Employees  Direct Observation under Secret Conditions  False Job Interviews  False Negotiations  Use of Professional Investigators  Hiring Competitor’s Employees  Trespassing  Bribing Suppliers and Employees  Planting Agent on Competitor Payroll  Eavesdropping  Theft of Information  Blackmail and Extortion
Plan of Action  Develop organizational guide to computer ethics  Develop a computer ethics policy to supplement the computer security policy  Include computer ethics information in the employee handbook  Expand business ethics policy to include computer ethics  Foster user awareness of computer ethics  Establish an E-mail privacy policy and promote user awareness of it
?

Recommended

20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet Law20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet LawKlemchuk LLP
 
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAINCOMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAINamiable_indian
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issuesSagar Rahurkar
 
Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000Sagar Rahurkar
 
Cybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementCybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementKeelan Stewart
 
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Raleigh ISSA
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Financial Poise
 
10 Things You Need To Know About Privacy
10 Things You Need To Know About Privacy10 Things You Need To Know About Privacy
10 Things You Need To Know About PrivacyNow Dentons
 

Recommended

20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet Law20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet LawKlemchuk LLP
 
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAINCOMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN
COMPUTER LAW, INVESTIGATION AND ETHICS DOMAINamiable_indian
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issuesSagar Rahurkar
 
Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000Sagar Rahurkar
 
Cybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementCybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementKeelan Stewart
 
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Raleigh ISSA
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Financial Poise
 
10 Things You Need To Know About Privacy
10 Things You Need To Know About Privacy10 Things You Need To Know About Privacy
10 Things You Need To Know About PrivacyNow Dentons
 
Personal Data Privacy and Information Security
Personal Data Privacy and Information SecurityPersonal Data Privacy and Information Security
Personal Data Privacy and Information SecurityCharles Mok
 
Sec af pa slides
Sec af pa slidesSec af pa slides
Sec af pa slideswrightjr02
 
Infosec Law (Feb 2006)
Infosec Law (Feb 2006)Infosec Law (Feb 2006)
Infosec Law (Feb 2006)Lance Michalson
 
Business And The Law
Business And The LawBusiness And The Law
Business And The LawRobbieA
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...- Mark - Fullbright
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
 
Agency Systems
Agency SystemsAgency Systems
Agency SystemsHi Tech Criminal Justice
 
What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!Now Dentons
 
What You Need to Know About Privacy
What You Need to Know About PrivacyWhat You Need to Know About Privacy
What You Need to Know About PrivacyNow Dentons
 
Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000n|u - The Open Security Community
 
Kurnava_Law+Ethics+and+Cybersecurity_Research+Paper
Kurnava_Law+Ethics+and+Cybersecurity_Research+PaperKurnava_Law+Ethics+and+Cybersecurity_Research+Paper
Kurnava_Law+Ethics+and+Cybersecurity_Research+PaperMatthew Kurnava
 
Privacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowPrivacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowThe Capital Network
 
Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)Lance Michalson
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
Do You Wannacry: Your Ethical and Legal Duties Regarding Cybersecurity & Privacy
Do You Wannacry: Your Ethical and Legal Duties Regarding Cybersecurity & PrivacyDo You Wannacry: Your Ethical and Legal Duties Regarding Cybersecurity & Privacy
Do You Wannacry: Your Ethical and Legal Duties Regarding Cybersecurity & PrivacyButlerRubin
 
Developing a Legal Framework to Combat Cybercrime
Developing a Legal Framework to Combat CybercrimeDeveloping a Legal Framework to Combat Cybercrime
Developing a Legal Framework to Combat CybercrimeMarcelo Gomes Freire
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability PresentationSean Graham
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislationUlf Mattsson
 
Legal aspects of IT security
Legal aspects of IT securityLegal aspects of IT security
Legal aspects of IT securityAdv Prashant Mali
 
Computer Misuse Act
Computer Misuse ActComputer Misuse Act
Computer Misuse Actmrmwood
 
Chapter#2
Chapter#2Chapter#2
Chapter#2p080011
 
Prof.dr.halit hami oz enginering ethics-course-unit-02
Prof.dr.halit hami oz enginering ethics-course-unit-02Prof.dr.halit hami oz enginering ethics-course-unit-02
Prof.dr.halit hami oz enginering ethics-course-unit-02Prof. Dr. Halit Hami Öz
 

More Related Content

What's hot

Personal Data Privacy and Information Security
Personal Data Privacy and Information SecurityPersonal Data Privacy and Information Security
Personal Data Privacy and Information SecurityCharles Mok
 
Sec af pa slides
Sec af pa slidesSec af pa slides
Sec af pa slideswrightjr02
 
Business And The Law
Business And The LawBusiness And The Law
Business And The LawRobbieA
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...- Mark - Fullbright
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
 
What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!Now Dentons
 
What You Need to Know About Privacy
What You Need to Know About PrivacyWhat You Need to Know About Privacy
What You Need to Know About PrivacyNow Dentons
 
Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000n|u - The Open Security Community
 
Kurnava_Law+Ethics+and+Cybersecurity_Research+Paper
Kurnava_Law+Ethics+and+Cybersecurity_Research+PaperKurnava_Law+Ethics+and+Cybersecurity_Research+Paper
Kurnava_Law+Ethics+and+Cybersecurity_Research+PaperMatthew Kurnava
 
Privacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowPrivacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowThe Capital Network
 
Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)Lance Michalson
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
Do You Wannacry: Your Ethical and Legal Duties Regarding Cybersecurity & Privacy
Do You Wannacry: Your Ethical and Legal Duties Regarding Cybersecurity & PrivacyDo You Wannacry: Your Ethical and Legal Duties Regarding Cybersecurity & Privacy
Do You Wannacry: Your Ethical and Legal Duties Regarding Cybersecurity & PrivacyButlerRubin
 
Developing a Legal Framework to Combat Cybercrime
Developing a Legal Framework to Combat CybercrimeDeveloping a Legal Framework to Combat Cybercrime
Developing a Legal Framework to Combat CybercrimeMarcelo Gomes Freire
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability PresentationSean Graham
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislationUlf Mattsson
 
Legal aspects of IT security
Legal aspects of IT securityLegal aspects of IT security
Legal aspects of IT securityAdv Prashant Mali
 
Computer Misuse Act
Computer Misuse ActComputer Misuse Act
Computer Misuse Actmrmwood
 

What's hot (20)

Personal Data Privacy and Information Security
Personal Data Privacy and Information SecurityPersonal Data Privacy and Information Security
Personal Data Privacy and Information Security
 
Sec af pa slides
Sec af pa slidesSec af pa slides
Sec af pa slides
 
Infosec Law (Feb 2006)
Infosec Law (Feb 2006)Infosec Law (Feb 2006)
Infosec Law (Feb 2006)
 
Business And The Law
Business And The LawBusiness And The Law
Business And The Law
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
 
Agency Systems
Agency SystemsAgency Systems
Agency Systems
 
What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!
 
What You Need to Know About Privacy
What You Need to Know About PrivacyWhat You Need to Know About Privacy
What You Need to Know About Privacy
 
Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000Regulatory Compliance under the Information Technology Act, 2000
Regulatory Compliance under the Information Technology Act, 2000
 
Kurnava_Law+Ethics+and+Cybersecurity_Research+Paper
Kurnava_Law+Ethics+and+Cybersecurity_Research+PaperKurnava_Law+Ethics+and+Cybersecurity_Research+Paper
Kurnava_Law+Ethics+and+Cybersecurity_Research+Paper
 
Privacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowPrivacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to Know
 
Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
 
Do You Wannacry: Your Ethical and Legal Duties Regarding Cybersecurity & Privacy
Do You Wannacry: Your Ethical and Legal Duties Regarding Cybersecurity & PrivacyDo You Wannacry: Your Ethical and Legal Duties Regarding Cybersecurity & Privacy
Do You Wannacry: Your Ethical and Legal Duties Regarding Cybersecurity & Privacy
 
Developing a Legal Framework to Combat Cybercrime
Developing a Legal Framework to Combat CybercrimeDeveloping a Legal Framework to Combat Cybercrime
Developing a Legal Framework to Combat Cybercrime
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability Presentation
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislation
 
Legal aspects of IT security
Legal aspects of IT securityLegal aspects of IT security
Legal aspects of IT security
 
Computer Misuse Act
Computer Misuse ActComputer Misuse Act
Computer Misuse Act
 

Viewers also liked

Chapter#2
Chapter#2Chapter#2
Chapter#2p080011
 
Prof.dr.halit hami oz enginering ethics-course-unit-02
Prof.dr.halit hami oz enginering ethics-course-unit-02Prof.dr.halit hami oz enginering ethics-course-unit-02
Prof.dr.halit hami oz enginering ethics-course-unit-02Prof. Dr. Halit Hami Öz
 
Cours DU Ethique 2016 Université de Rouen
Cours DU Ethique 2016 Université de RouenCours DU Ethique 2016 Université de Rouen
Cours DU Ethique 2016 Université de RouenJan-Cedric Hansen
 
Prof.dr.halit hami oz enginering ethics-course-unit-06
Prof.dr.halit hami oz enginering ethics-course-unit-06Prof.dr.halit hami oz enginering ethics-course-unit-06
Prof.dr.halit hami oz enginering ethics-course-unit-06Prof. Dr. Halit Hami Öz
 
Prof.dr.halit hami oz enginering ethics-course-unit-05
Prof.dr.halit hami oz enginering ethics-course-unit-05Prof.dr.halit hami oz enginering ethics-course-unit-05
Prof.dr.halit hami oz enginering ethics-course-unit-05Prof. Dr. Halit Hami Öz
 
Prof.dr.halit hami oz enginering ethics-course-unit-09
Prof.dr.halit hami oz enginering ethics-course-unit-09Prof.dr.halit hami oz enginering ethics-course-unit-09
Prof.dr.halit hami oz enginering ethics-course-unit-09Prof. Dr. Halit Hami Öz
 
Prof.dr.halit hami oz enginering ethics-course-unit-07
Prof.dr.halit hami oz enginering ethics-course-unit-07Prof.dr.halit hami oz enginering ethics-course-unit-07
Prof.dr.halit hami oz enginering ethics-course-unit-07Prof. Dr. Halit Hami Öz
 
Prof.dr.halit hami oz enginering ethics-course-unit-04
Prof.dr.halit hami oz enginering ethics-course-unit-04Prof.dr.halit hami oz enginering ethics-course-unit-04
Prof.dr.halit hami oz enginering ethics-course-unit-04Prof. Dr. Halit Hami Öz
 
Ethics of the exercise of civil engineering
Ethics of the exercise of civil engineeringEthics of the exercise of civil engineering
Ethics of the exercise of civil engineeringjhucelis vera
 
Prof.dr.halit hami oz enginering ethics-course-unit-01
Prof.dr.halit hami oz enginering ethics-course-unit-01Prof.dr.halit hami oz enginering ethics-course-unit-01
Prof.dr.halit hami oz enginering ethics-course-unit-01Prof. Dr. Halit Hami Öz
 
KXEX2165_Moral & Ethics_Assignment 2
KXEX2165_Moral & Ethics_Assignment 2KXEX2165_Moral & Ethics_Assignment 2
KXEX2165_Moral & Ethics_Assignment 2Max Lee
 
Prof.dr.halit hami oz enginering ethics-course-unit-08
Prof.dr.halit hami oz enginering ethics-course-unit-08Prof.dr.halit hami oz enginering ethics-course-unit-08
Prof.dr.halit hami oz enginering ethics-course-unit-08Prof. Dr. Halit Hami Öz
 
Prof.dr.halit hami oz enginering ethics-course-unit-10
Prof.dr.halit hami oz enginering ethics-course-unit-10Prof.dr.halit hami oz enginering ethics-course-unit-10
Prof.dr.halit hami oz enginering ethics-course-unit-10Prof. Dr. Halit Hami Öz
 
Engineering Ethics
Engineering EthicsEngineering Ethics
Engineering EthicsDon W. Lewis
 
Professional ethics as an engineer
Professional ethics as an engineerProfessional ethics as an engineer
Professional ethics as an engineerlaxman kunwor
 

Viewers also liked (20)

Chapter#2
Chapter#2Chapter#2
Chapter#2
 
Prof.dr.halit hami oz enginering ethics-course-unit-02
Prof.dr.halit hami oz enginering ethics-course-unit-02Prof.dr.halit hami oz enginering ethics-course-unit-02
Prof.dr.halit hami oz enginering ethics-course-unit-02
 
Cours DU Ethique 2016 Université de Rouen
Cours DU Ethique 2016 Université de RouenCours DU Ethique 2016 Université de Rouen
Cours DU Ethique 2016 Université de Rouen
 
Aide-mémoire : créer et animer une structure de réflexion éthique
Aide-mémoire : créer et animer une structure de réflexion éthiqueAide-mémoire : créer et animer une structure de réflexion éthique
Aide-mémoire : créer et animer une structure de réflexion éthique
 
Prof.dr.halit hami oz enginering ethics-course-unit-06
Prof.dr.halit hami oz enginering ethics-course-unit-06Prof.dr.halit hami oz enginering ethics-course-unit-06
Prof.dr.halit hami oz enginering ethics-course-unit-06
 
Prof.dr.halit hami oz enginering ethics-course-unit-05
Prof.dr.halit hami oz enginering ethics-course-unit-05Prof.dr.halit hami oz enginering ethics-course-unit-05
Prof.dr.halit hami oz enginering ethics-course-unit-05
 
Ethics
EthicsEthics
Ethics
 
Ethics 1
Ethics 1Ethics 1
Ethics 1
 
Prof.dr.halit hami oz enginering ethics-course-unit-09
Prof.dr.halit hami oz enginering ethics-course-unit-09Prof.dr.halit hami oz enginering ethics-course-unit-09
Prof.dr.halit hami oz enginering ethics-course-unit-09
 
Prof.dr.halit hami oz enginering ethics-course-unit-07
Prof.dr.halit hami oz enginering ethics-course-unit-07Prof.dr.halit hami oz enginering ethics-course-unit-07
Prof.dr.halit hami oz enginering ethics-course-unit-07
 
Prof.dr.halit hami oz enginering ethics-course-unit-04
Prof.dr.halit hami oz enginering ethics-course-unit-04Prof.dr.halit hami oz enginering ethics-course-unit-04
Prof.dr.halit hami oz enginering ethics-course-unit-04
 
Ethics of the exercise of civil engineering
Ethics of the exercise of civil engineeringEthics of the exercise of civil engineering
Ethics of the exercise of civil engineering
 
Prof.dr.halit hami oz enginering ethics-course-unit-01
Prof.dr.halit hami oz enginering ethics-course-unit-01Prof.dr.halit hami oz enginering ethics-course-unit-01
Prof.dr.halit hami oz enginering ethics-course-unit-01
 
KXEX2165_Moral & Ethics_Assignment 2
KXEX2165_Moral & Ethics_Assignment 2KXEX2165_Moral & Ethics_Assignment 2
KXEX2165_Moral & Ethics_Assignment 2
 
Prof.dr.halit hami oz enginering ethics-course-unit-08
Prof.dr.halit hami oz enginering ethics-course-unit-08Prof.dr.halit hami oz enginering ethics-course-unit-08
Prof.dr.halit hami oz enginering ethics-course-unit-08
 
Codes of ethics
Codes of ethicsCodes of ethics
Codes of ethics
 
Prof.dr.halit hami oz enginering ethics-course-unit-10
Prof.dr.halit hami oz enginering ethics-course-unit-10Prof.dr.halit hami oz enginering ethics-course-unit-10
Prof.dr.halit hami oz enginering ethics-course-unit-10
 
Ethics ppt
Ethics pptEthics ppt
Ethics ppt
 
Engineering Ethics
Engineering EthicsEngineering Ethics
Engineering Ethics
 
Professional ethics as an engineer
Professional ethics as an engineerProfessional ethics as an engineer
Professional ethics as an engineer
 

Similar to Law, Investigations and Ethics Guide

Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdfMeshalALshammari12
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in ITAnushka Perera
 
Cybercrime
CybercrimeCybercrime
Cybercrimepromit
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age padler01
 
Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...David Cunningham
 
Legal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information SecurityLegal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information SecurityGamentortc
 
Chapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptxChapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptxNargis Parveen
 
CCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.pptCCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.pptSamir Jha
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Chapter2
Chapter2Chapter2
Chapter2Pibi Lu
 
Law and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptxLaw and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptxEdFeranil
 
The New Massachusetts Privacy Rules (February 2, 2010)
The New Massachusetts Privacy Rules (February 2, 2010)The New Massachusetts Privacy Rules (February 2, 2010)
The New Massachusetts Privacy Rules (February 2, 2010)stevemeltzer
 
An Indian Outline on Database Protection
An Indian Outline on Database ProtectionAn Indian Outline on Database Protection
An Indian Outline on Database ProtectionSinghania2015
 
Business Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicBusiness Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicDhiren Gala
 
BTEC National in ICT: Unit 3 - Legal Constraints
BTEC National in ICT: Unit 3 - Legal ConstraintsBTEC National in ICT: Unit 3 - Legal Constraints
BTEC National in ICT: Unit 3 - Legal Constraintsmrcox
 
Stallings ch18 privacy
Stallings ch18 privacyStallings ch18 privacy
Stallings ch18 privacysalehnia
 

Similar to Law, Investigations and Ethics Guide (20)

Data Security Law and Management.pdf
Data Security Law and Management.pdfData Security Law and Management.pdf
Data Security Law and Management.pdf
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in IT
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Cyber Risks
Cyber RisksCyber Risks
Cyber Risks
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age
 
Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Legal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information SecurityLegal, Ethical and professional issues in Information Security
Legal, Ethical and professional issues in Information Security
 
Chapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptxChapter1 Cyber security Law & policy.pptx
Chapter1 Cyber security Law & policy.pptx
 
CCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.pptCCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.ppt
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
 
Chapter2
Chapter2Chapter2
Chapter2
 
Law and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptxLaw and Ethics in Information Security.pptx
Law and Ethics in Information Security.pptx
 
The New Massachusetts Privacy Rules (February 2, 2010)
The New Massachusetts Privacy Rules (February 2, 2010)The New Massachusetts Privacy Rules (February 2, 2010)
The New Massachusetts Privacy Rules (February 2, 2010)
 
An Indian Outline on Database Protection
An Indian Outline on Database ProtectionAn Indian Outline on Database Protection
An Indian Outline on Database Protection
 
Chapter3.ppt
Chapter3.pptChapter3.ppt
Chapter3.ppt
 
Business Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicBusiness Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer Forensic
 
BTEC National in ICT: Unit 3 - Legal Constraints
BTEC National in ICT: Unit 3 - Legal ConstraintsBTEC National in ICT: Unit 3 - Legal Constraints
BTEC National in ICT: Unit 3 - Legal Constraints
 
TAMUC LO 7
TAMUC LO 7TAMUC LO 7
TAMUC LO 7
 
Stallings ch18 privacy
Stallings ch18 privacyStallings ch18 privacy
Stallings ch18 privacy
 

More from 7wounders

8. operations security
8. operations security8. operations security
8. operations security7wounders
 
7. physical sec
7. physical sec7. physical sec
7. physical sec7wounders
 
6. cryptography
6. cryptography6. cryptography
6. cryptography7wounders
 
5. telecomm & network security
5. telecomm & network security5. telecomm & network security
5. telecomm & network security7wounders
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models7wounders
 
2. access control
2. access control2. access control
2. access control7wounders
 
1. security management practices
1. security management practices1. security management practices
1. security management practices7wounders
 

More from 7wounders (8)

Cissp why
Cissp whyCissp why
Cissp why
 
8. operations security
8. operations security8. operations security
8. operations security
 
7. physical sec
7. physical sec7. physical sec
7. physical sec
 
6. cryptography
6. cryptography6. cryptography
6. cryptography
 
5. telecomm & network security
5. telecomm & network security5. telecomm & network security
5. telecomm & network security
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models
 
2. access control
2. access control2. access control
2. access control
 
1. security management practices
1. security management practices1. security management practices
1. security management practices
 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 

Recently uploaded (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 

Law, Investigations and Ethics Guide

  • 2. Objectives To review computer crime laws and regulations; investigative measures and techniques used to determine if a crime has been committed and methods to gather evidence; and the ethical constraints that provide a code of conduct for the security professional. To review the methods for determining if a computer crime has been committed; the laws that would be applicable for the crime; laws prohibiting specific types of computer crime; methods to gather and preserve evidence of a computer crime, investigative methods and techniques; and ways in which RFC 1087 and the (ISC)2 Code of Ethics can be applied to resolve ethical dilemmas.
  • 3. Law Investigation and Ethics  Laws  Security incidents  Recognition skills  Response skills  Technical skills  Investigations  Incident handling  Code of Ethics
  • 4. Major categories of computer crime  Computer assisted crime - Criminal activities that are not unique to computers but merely use computers as tools to assist the criminal endeavor (e.g., fraud, child pornography)  Computer specific or targeted crime - Crimes directed at computers, networks, and the information stored on these systems (e.g., denial of service, sniffers, attacking passwords)  Computer is incidental - The computer is incidental to the criminal activity (e.g., customer lists for traffickers)
  • 5. Laws Criminal Law - Individual conduct violating government laws enacted for the protection of the public Unauthorized access Exceeding authorized access Intellectual property theft or misuse of information Pornography Theft of computing services Forgery using a computer Property theft (e.g., computer hardware and chips) Invasion of privacy Denial-of-services Computer fraud Releasing viruses and other malicious code Sabotage (i.e., data alteration or malicious destruction) Extortion by computer Embezzlement using a computer Espionage involving computers Terrorism involving computers Identity theft
  • 6. Laws Cont…  Civil Law (Tort)  Wrong against an individual or business, typically resulting in damage or loss to that individual or business  There is no jail sentence under the civil law system  Administrative Law (Regulatory law)  Establishes the standards of performance and conduct for organizations conducting business in various industries  Violations of these laws can result in financial penalties or imprisonment
  • 7. Proprietary Rights & Obligations  Legal Forms of Protection  Trade Secrets: Information that Provides a Competitive Advantage. Protect Ideas.  Copyrights: Right of an Author to Prevent Use or Copying Works of the Author. Protect Expression of Ideas.  Patents: Protect Results of Science, Technology & Engineering  Business Needs  Protect Developed Software  Contractual Agreements  Define Trade Secrets for Employees
  • 8. Proprietary Rights & Obligations Cont…  Security Techniques to Protect Trade Secrets  Numbering Copies  Logging Document Issuance  Checking Files & Workstations  Secure Storage  Controlled Distribution  Limitations on Copying  Contractual Commitments to Protect Proprietary Rights  Licensing Agreements with Vendors  Liability for Compliance
  • 9. Proprietary Rights & Obligations Cont…  Enforcement Efforts  Software Protection Association (SPA)  Federation Against Software Theft (FAST)  Business Software Alliance (BSA)  Personal Computers  Establish User Accountability  Policy Development and Circulation  Purging of Proprietary Software
  • 10. Protection for Computer Objects  Hardware - Patents  Firmware  Patents for Physical Devices  Trade Secret Protection for Code  Object Code Software - Copyrights  Source Code Software - Trade Secrets  Documentation - Copyrights
  • 11. Management Problems  Corporate Recordkeeping  Accuracy of Computer Records: Potential Use in Court  IRS Rules: Inadequate Controls May Impact Audit Findings  Labor and Management Relations  Collective Bargaining: Disciplinary Actions, Workplace Rules  Work Stoppage  Limitations on Background Investigations  Limitations on Drug and Polygraph Testing  Disgruntled Employees  Non-Disclosure Requirements  Immigration Laws  Establishment and Enforcement of Security Rules
  • 12. Management Problems Cont…  Data Communications: Disclosure thru -  Eavesdropping and Interception  Loss of Confidential Information  Outsourcing  Contract Review  Review of Contractor’s Capabilities  Impact of Downsizing  Contractor Use of Proprietary Software
  • 13. Management Problems Cont…  Personal Injury  Employee Safety  Carpal Tunnel Syndrome  Radiation Injury  Insurance Against Legal Liability  Requirements for Security Precautions  Right to Inspect Premises  Cooperation with Insurance Company
  • 14. Legal Liability  Due Care - Minimum and Customary Practice of Responsible Protection of Assets  Due Diligence - The Prudent Management and Execution of Due Care  Programming Errors - Reasonable Precautions for -  Loss of a Program  Unauthorized Revisions  Availability of Backup Versions  Product Liability  Liability for Database Inaccuracies: Due to Security Breaches  European Union: No Limits on Personal Liability for Personal Injury
  • 15. Legal Liability Cont…  Defamation  Libel Due to Inaccuracy of Data  Unauthorized Release of Confidential Information  Alteration of Visual Images  Foreign Corrupt Practices Act  Mandate for Security Controls or Cost/Benefit Analysis  Potential SEC Litigation
  • 16. Legal Liability Cont…  Failure to Observe Standards  FIPS Pubs and CSL Bulletins  Failure to Comply Used in Litigation  Personal Liability  Action or Inaction was Proximate Cause  Financial Responsibility to Plaintiff  Joint and Several Liability
  • 17. Legal Liability Cont…  Federal Sentencing Guidelines  Chapter 8 Added 1991  Applicable to Organizations  Violations of Federal Law  Specifies Levels of Fines  Mitigation of Fines Through Implementation of Precautions
  • 18. Privacy & Other Personal Rights  The Federal Privacy Act  Government Files Open to Public Unless Specified  Act Applies to Executive Branch Only  “Record” = Information about an Individual  Must be Need to Maintain Records  Disclosure Prohibited without Consent  Requirements on Government Agencies  Record Disclosures  Public Notice of Existence of Records  Ensure Security & Confidentiality of Records
  • 19. Privacy and Other Personal Rights Cont…  State Acts and Regulations  Fair Information Practices Acts: Define Information that Can be Collected  Uniform Information Practices Code - National Conference of Commissioners on Uniform State Laws: Recommended Model  Statutes Regulating Information Maintained by Private Organizations: e.g..., Health Care, Insurance
  • 20. Privacy and Other Personal Rights Cont…  Other Employee Rights  Electronic Mail: Expectations of Privacy  Drug Testing: Limited to Sensitive Positions Only  Freedom From Hostile Work Environment  International Privacy  European Statutes Cover Both Government and Private Corporate Records  Application Primarily to Computerized Data Banks  Strict Rules on Disclosure  Prohibitions of Transfer of Information Across National Boundaries
  • 21. Privacy and Other Personal Rights Cont…  Management Responsibilities  Regular Review with Legal Department  Consider all Jurisdictions  Prepare Policies for Compliance  Enforce Policies  Document Enforcement
  • 22. Computer Crime Laws  Federal  Computer Fraud and Abuse Act (Title 18, U.S. Code, 1030)  *Accessing Federal Interest Computer (FIC) to acquire national defense information  Accessing an FIC to obtain financial information  Accessing an FIC to deny the use of the computer  *Accessing an FIC to affect a fraud  *Damaging or denying use of an FIC thru transmission of code, program, information or command  Furthering a fraud by trafficking in passwords  Economic Espionage Act of 1996: Obtaining trade secrets to benefit a foreign entity  Electronic Funds Transfer Act: Covers use, transport, sell, receive or furnish counterfeit, altered, lost, stolen, or fraudulently obtained debit instruments in interstate or foreign commerce.
  • 23. Federal Computer Crime Laws Cont…  Child Pornography Prevention Act of 1996 (CPPA): Prohibits use of computer technology to produce child pornography.  Computer Security Act of 1987: Requires Federal Executive agencies to Establish Computer Security Programs.  Electronic Communications Privacy Act (ECPA): Prohibits unauthorized interception or retrieval of electronic communications  Fair Credit Reporting Act: Governs types of data that companies may be collected on private citizens & how it may be used.  Foreign Corrupt Practices Act: Covers improper foreign operations, but applies to all companies registered with the SEC, and requires companies to institute security programs.  Freedom of Information Act: Permits public access to information collected by the Federal Executive Branch.
  • 24. Computer Laws Cont…  International Laws  Lack of Universal Cooperation  Differences in Interpretations of Laws  Outdated Laws Against Fraud  Problems with Evidence Admissibility  Extradition  Low Priority
  • 25. Computer Crime  Computer Crime as a Separate Category  Rules of Property: Lack of Tangible Assets  Rules of Evidence: Lack of Original Documents  Threats to Integrity and Confidentiality: Goes beyond normal definition of a loss  Value of Data: Difficult to Measure. Cases of Restitution only for Media  Terminology: Statues have not kept pace. Is Computer Hardware “Machinery”? Does Software quality as “Supplies”.
  • 26. Computer Crime Cont…  Computer Crime is Hard to Define  Lack of Understanding  Laws are Inadequate: Slow to Keep Pace with Rapidly Changing Technology  Multiple Roles for Computers  Object of a Crime: Target of an Attack  Subject of a Crime: Used to attack (impersonating a network node)  Medium of a Crime: Used as a Means to Commit a Crime (Trojan Horse)  Difficulties in Prosecution  Understanding: Judges, Lawyers, Police, Jurors  Evidence: Lack of Tangible Evidence  Forms of Assets: e.g., Magnetic Particles, Computer Time  Juveniles:  Many Perpetrators are Juveniles  Adults Don’t Take Juvenile Crime Seriously
  • 27. Nature and Extent of Computer-Related Crime  Typology  Input Tampering: Entry of Fraudulent or False Data  Throughput Tampering: Altering Computer Instructions  Output Tampering: Theft of Information  Most Common Crimes  Input and Output Type  Fraudulent Disbursements  Fabrication of Data
  • 28. The Computer Criminal  Typical Profile  Male, White, Young  No Prior Record  Works in Data Processing or Accounting  Myths  Special Talents are Necessary  Fraud has Increased Because of Computers
  • 29. The Criminal Motivation  Personal Motivations  Economic  Egocentric  Ideological  Psychotic  Environmental Motivations  Work Environment  Reward System  Level of Interpersonal Trust  Ethical Environment  Stress Level  Internal Controls Environment
  • 30. The Control Environment  Factors that Encourage Crime  Motivation  Personal Inducements  Factors that Discourage Crime  Prevention Measures  Internal Controls Systems  Access Control Systems  Detection Measures  Auditing  Supervision
  • 31. Crime Investigation  Detection and Containment  Accidental Discovery  Audit Trail Review  Real-Time Intrusion Monitoring  Limit Further Loss  Reduction in Liability  Report to Management  Immediate Notification  Limit Knowledge of Investigation  Use Out-of-Band Communications
  • 32. Crime Investigation Cont…  Preliminary Investigation  Determine if a Crime has Occurred  Review Complaint  Inspect Damage  Interview Witnesses  Examine Logs  Identify Investigation Requirements
  • 33. Crime Investigation Cont…  Disclosure Determination  Determine if Disclosure is Required by Law  Determine if Disclosure is Desired  Caution in Dealing with the Media  Courses of Action  Do Nothing  Surveillance  Eliminate Security Holes  Is Police Report Required?  Is Prosecution a Goal?
  • 34. Crime Investigation Cont…  Conducting the Investigation  Investigative Responsibility  Internal Investigation  External Private Consultant Investigation  Local/State/Federal Investigation  Factors  Cost  Legal Issues (Privacy, Evidence, Search & Seizure)  Information Dissemination  Investigative Control
  • 35. Crime Investigation Cont…  Execute the Plan  Secure and Control Scene  Protect Evidence  Don’t Touch Keyboard  Videotape Process  Capture Monitor Display  Unplug System  Remove Cover  Disks and Drives  Search Premises (for Magnetic Media and Documentation)  Seize Other Devices (that may contain information)
  • 36. Crime Investigation Cont…  Conduct Surveillance  Physical: Determine Subject’s Habits, Associates, Life Style  Computer: Audit Logs or Electronic Monitoring  Other Information Sources  Personnel Files  Telephone and Fax Logs  Security Logs  Time Cards  Investigative Reporting  Document Known Facts  Statement of Final Conclusions
  • 37. Computer Forensics  Conduct a Disk Image Backup of Suspect System: Bit level Copy of the Disk, Sector by Sector  Authenticate the File System: Create Message Digest for all Directories, Files & Disk Sectors  Analyze Restored Data: Conduct Forensic Analysis in a Controlled Environment  Search Tools: Quick View Plus, Expert Witness, Super Sleuth  Searching for Obscure Data: Hidden Files/Directories, Erased or Deleted Files, Encrypted Data, Overwritten Files  Steganography: Hiding a Piece of Information within Another  Review Communications Programs: Links to Others
  • 38. Computer Forensics Cont…  Reassemble and Boot Suspect System with Clean Operating System  Target System May Be Infected  Obtain System Time as Reference  Run Complete System Analysis Report  Boot Suspect System with Original Operating System  Identify Rogue Programs  Identify Background Programs  Identify What System Interrupts have Been Set
  • 39. Computer Forensics Cont…  Search Backup Media: Don’t Forget Off-Site Storage  Search Access Controlled Systems and Encrypted Files  Password Cracking  Publisher Back Door  Documentary Clues  Ask the Suspect  Case Law on Obtaining Passwords from Suspects
  • 40. The Evidence  Types of Evidence  Direct: Oral Testimony by Witness  Real: Tangible Objects/Physical Evidence  Documentary: Printed Business Records, Manuals, Printouts  Demonstrative: Used to Aid the Jury (Models, Illustrations, Charts  Best Evidence Rule: To Limit Potential for Alteration  Exclusionary Rule: Evidence Must be Gathered Legally or it Can’t Be Used  Hearsay Rule: Key for Computer Generated Evidence  Second Hand Evidence  Admissibility Based on Veracity and Competence of Source  Exceptions: Rule 803 of Federal Rules of Evidence (Business Documents created at the time by person with knowledge, part of regular business, routinely kept, supported by testimony)
  • 41. The Evidence Cont…  Chain of Evidence (Chain of Custody) - Accountability & Protection  Who Obtained Evidence  Where and When it was Obtained  Who Secured it  Who Controlled it  Account for Everyone Who Had Access to or Handled the Evidence  Assurance Against Tampering
  • 42. The Evidence Cont…  Admissibility of Evidence: Computer-generated Evidence is Always Suspect  Relevancy: Must Prove a Fact that is Material to the Case  Reliability: Prove Reliability of Evidence and the Process for Producing It  Evidence Life Cycle  Collection and Identification  Storage, Preservation, and Transportation  Presentation in Court  Return to Victim (Owner)
  • 43. Legal Proceedings  Discovery  Defense Granted Access to All Investigative Materials  Protective Order Limits Who Has Access  Grand Jury and Preliminary Hearings  Witnesses Called  Assign Law Enforcement Liaison  Trial: Unknown Results  Recovery of Damages: Thru Civil Courts
  • 44. Legal Proceedings Cont…  Post Mortem Review: Analyze Attack and Close Security Holes  Incident Response Plan  Information Dissemination Policy  Incident Reporting Policy  Electronic Monitoring Statement  Audit Trail Policy  Warning Banner (Prohibit Unauthorized Access and Give Notice of Monitoring)  Need for Additional Personnel Security Controls
  • 45. Ethics  Differences Between Law vs. Ethics: Must vs. Should  Origins  Common Good  National Interest  Individual Rights  Enlightened Self-Interest  Law  Tradition/Culture  Religion  Fundamental Changes to Society  No Sandbox Training
  • 46. Referential Resources  National Computer Ethics and Responsibilities Campaign (NCERC)  Computer Ethics Resource Guide  National Computer Security Association (NCSA)  Computer Ethics Institute  1991 – Ten Commandments of Computer Ethics  End User’s Basic Tenants of Responsible Computing  Four Primary Values  Considerations for Conduct  The Code of Fair Information Practices  Unacceptable Internet Activities (RFC 1087)
  • 47. (ISC)2 Code of Ethics  Code of Ethics Preamble  Safety of the commonwealth, duty to our principals, and to each other requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior.  Therefore, strict adherence to this Code is a condition of certification  Code of Ethics Canons  Protect society, the commonwealth, and the infrastructure.  Act honorably, honestly, justly, responsibly, and legally.  Provide diligent and competent service to principals.  Advance and protect the profession.
  • 48. Competitive Intelligence  Published Material & Public Documents  Disclosures by Competitor Employees (without Subterfuge)  Market Surveys & Consultant’s Reports  Financial Reports & Broker’s Research Surveys  Trade Fairs, Exhibits, & Competitor Literature  Analysis of Competitor Products  Reports of Own Personnel  Legitimate Employment Interviews with Competitor Employees
  • 49. Industrial Espionage  Camouflaged Questioning of Competitor’s Employees  Direct Observation under Secret Conditions  False Job Interviews  False Negotiations  Use of Professional Investigators  Hiring Competitor’s Employees  Trespassing  Bribing Suppliers and Employees  Planting Agent on Competitor Payroll  Eavesdropping  Theft of Information  Blackmail and Extortion
  • 50. Plan of Action  Develop organizational guide to computer ethics  Develop a computer ethics policy to supplement the computer security policy  Include computer ethics information in the employee handbook  Expand business ethics policy to include computer ethics  Foster user awareness of computer ethics  Establish an E-mail privacy policy and promote user awareness of it
  • 51. ?

Editor's Notes

  1. Will address: Laws Computer Crime Computer Crime Investigations Ethics
  2. From CISSP Study Guide