Published on


Published in: Technology, Business
  • Thank you so much for presenting such a comprehensive documentation. Highly informative and helpful.
    Are you sure you want to  Yes  No
    Your message goes here
  • Impressive presentation of 'COMPUTER LAW, INVESTIGATION AND ETHICS DOMAIN'. You’ve shown your credibility on presentation with this slideshow. This one deserves thumbs up. I’m John, owner of . Hope to see more quality slides from you.

    Best wishes.
    Are you sure you want to  Yes  No
    Your message goes here
  • As a management instructor I appreciate viewing the work of others. This is probably the best demonstration on planning I have viewed.
    Are you sure you want to  Yes  No
    Your message goes here
  • is the place to resolve the price problem. Buy now and make a deal for you.
    Are you sure you want to  Yes  No
    Your message goes here
  • moldova lawyerwatched this video.
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Will address: Laws Computer Crime Computer Crime Investigations Ethics

    2. 2. Objectives <ul><li>To review computer crime laws and regulations ; investigative measures and techniques used to determine if a crime has been committed and methods to gather evidence; and the ethical constraints that provide a code of conduct for the security professional. </li></ul><ul><li>To review the methods for determining if a computer crime has been committed ; the laws that would be applicable for the crime; laws prohibiting specific types of computer crime; methods to gather and preserve evidence of a computer crime, investigative methods and techniques ; and ways in which RFC 1087 and the (ISC) 2 Code of Ethics can be applied to resolve ethical dilemmas. </li></ul>
    3. 3. References Used <ul><li>Handbook of Information Security Management 1999 - Krause & Tipton </li></ul><ul><li>Computer Security Handbook, Third Edition - Hutt, Bosworth & Hoyt </li></ul><ul><li>Security in Computing - Pfleeger </li></ul><ul><li>(ISC) 2 CBK Review Materials </li></ul><ul><li>Computer Crime - Icove, Seger & VonStorch </li></ul><ul><li>Computer, Ethics, and Society - Ermann, Williams & Shauf </li></ul><ul><li>An Introduction to Computer Security: The NIST Handbook </li></ul>
    4. 4. Topics to Be Covered <ul><li>Computer Laws </li></ul><ul><li>Computer Crime </li></ul><ul><li>Computer Crime Investigations </li></ul><ul><li>Computer Ethics </li></ul>
    6. 6. Proprietary Rights & Obligations <ul><li>Legal Forms of Protection </li></ul><ul><ul><li>Trade Secrets: Information that Provides a Competitive Advantage. Protect Ideas. </li></ul></ul><ul><ul><li>Copyrights: Right of an Author to Prevent Use or Copying Works of the Author. Protect Expression of Ideas. </li></ul></ul><ul><ul><li>Patents: Protect Results of Science, Technology & Engineering </li></ul></ul><ul><li>Business Needs </li></ul><ul><ul><li>Protect Developed Software </li></ul></ul><ul><ul><li>Contractual Agreements </li></ul></ul><ul><ul><li>Define Trade Secrets for Employees </li></ul></ul>
    7. 7. Proprietary Rights & Obligations (continued) <ul><li>Security Techniques to Protect Trade Secrets </li></ul><ul><ul><li>Numbering Copies </li></ul></ul><ul><ul><li>Logging Document Issuance </li></ul></ul><ul><ul><li>Checking Files & Workstations </li></ul></ul><ul><ul><li>Secure Storage </li></ul></ul><ul><ul><li>Controlled Distribution </li></ul></ul><ul><ul><li>Limitations on Copying </li></ul></ul><ul><li>Contractual Commitments to Protect Proprietary Rights </li></ul><ul><ul><li>Licensing Agreements with Vendors </li></ul></ul><ul><ul><li>Liability for Compliance </li></ul></ul>
    8. 8. Proprietary Rights & Obligations (continued) <ul><li>Enforcement Efforts </li></ul><ul><ul><li>Software Protection Association (SPA) </li></ul></ul><ul><ul><li>Federation Against Software Theft (FAST) </li></ul></ul><ul><ul><li>Business Software Alliance (BSA) </li></ul></ul><ul><li>Personal Computers </li></ul><ul><ul><li>Establish User Accountability </li></ul></ul><ul><ul><li>Policy Development and Circulation </li></ul></ul><ul><ul><li>Purging of Proprietary Software </li></ul></ul>
    9. 9. Protection for Computer Objects <ul><li>Hardware - Patents </li></ul><ul><li>Firmware </li></ul><ul><ul><li>Patents for Physical Devices </li></ul></ul><ul><ul><li>Trade Secret Protection for Code </li></ul></ul><ul><li>Object Code Software - Copyrights </li></ul><ul><li>Source Code Software - Trade Secrets </li></ul><ul><li>Documentation - Copyrights </li></ul>
    10. 10. Management Problems <ul><li>Corporate Recordkeeping </li></ul><ul><ul><li>Accuracy of Computer Records: Potential Use in Court </li></ul></ul><ul><ul><li>IRS Rules: Inadequate Controls May Impact Audit Findings </li></ul></ul><ul><li>Labor and Management Relations </li></ul><ul><ul><li>Collective Bargaining: Disciplinary Actions, Workplace Rules </li></ul></ul><ul><ul><li>Work Stoppage </li></ul></ul><ul><ul><li>Limitations on Background Investigations </li></ul></ul><ul><ul><li>Limitations on Drug and Polygraph Testing </li></ul></ul><ul><ul><li>Disgruntled Employees </li></ul></ul><ul><ul><li>Non-Disclosure Requirements </li></ul></ul><ul><ul><li>Immigration Laws </li></ul></ul><ul><ul><li>Establishment and Enforcement of Security Rules </li></ul></ul>
    11. 11. Management Problems (continued) <ul><li>Data Communications: Disclosure thru - </li></ul><ul><ul><li>Eavesdropping and Interception </li></ul></ul><ul><ul><li>Loss of Confidential Information </li></ul></ul><ul><li>Outsourcing </li></ul><ul><ul><li>Contract Review </li></ul></ul><ul><ul><li>Review of Contractor’s Capabilities </li></ul></ul><ul><ul><li>Impact of Downsizing </li></ul></ul><ul><ul><li>Contractor Use of Proprietary Software </li></ul></ul>
    12. 12. Management Problems (continued) <ul><li>Personal Injury </li></ul><ul><ul><li>Employee Safety </li></ul></ul><ul><ul><li>Carpal Tunnel Syndrome </li></ul></ul><ul><ul><li>Radiation Injury </li></ul></ul><ul><li>Insurance Against Legal Liability </li></ul><ul><ul><li>Requirements for Security Precautions </li></ul></ul><ul><ul><li>Right to Inspect Premises </li></ul></ul><ul><ul><li>Cooperation with Insurance Company </li></ul></ul>
    13. 13. Legal Liability <ul><li>Due Care: Minimum and Customary Practice of Responsible Protection of Assets </li></ul><ul><li>Due Diligence: The Prudent Management and Execution of Due Care </li></ul><ul><li>Programming Errors: Reasonable Precautions for - </li></ul><ul><ul><li>Loss of a Program </li></ul></ul><ul><ul><li>Unauthorized Revisions </li></ul></ul><ul><ul><li>Availability of Backup Versions </li></ul></ul><ul><li>Product Liability </li></ul><ul><ul><li>Liability for Database Inaccuracies: Due to Security Breaches </li></ul></ul><ul><ul><li>European Union: No Limits on Personal Liability for Personal Injury </li></ul></ul>
    14. 14. Legal Liability (continued) <ul><li>Defamation </li></ul><ul><ul><li>Libel Due to Inaccuracy of Data </li></ul></ul><ul><ul><li>Unauthorized Release of Confidential Information </li></ul></ul><ul><ul><li>Alteration of Visual Images </li></ul></ul><ul><li>Foreign Corrupt Practices Act </li></ul><ul><ul><li>Mandate for Security Controls or Cost/Benefit Analysis </li></ul></ul><ul><ul><li>Potential SEC Litigation </li></ul></ul>
    15. 15. Legal Liability (continued) <ul><li>Failure to Observe Standards </li></ul><ul><ul><li>FIPS Pubs and CSL Bulletins </li></ul></ul><ul><ul><li>Failure to Comply Used in Litigation </li></ul></ul><ul><li>Personal Liability </li></ul><ul><ul><li>Action or Inaction was Proximate Cause </li></ul></ul><ul><ul><li>Financial Responsibility to Plaintiff </li></ul></ul><ul><ul><li>Joint and Several Liability </li></ul></ul>
    16. 16. Legal Liability (continued) <ul><li>Federal Sentencing Guidelines </li></ul><ul><ul><li>Chapter 8 Added 1991 </li></ul></ul><ul><ul><li>Applicable to Organizations </li></ul></ul><ul><ul><li>Violations of Federal Law </li></ul></ul><ul><ul><li>Specifies Levels of Fines </li></ul></ul><ul><ul><li>Mitigation of Fines Through Implementation of Precautions </li></ul></ul>
    17. 17. Privacy & Other Personal Rights <ul><li>The Federal Privacy Act </li></ul><ul><ul><li>Government Files Open to Public Unless Specified </li></ul></ul><ul><ul><li>Act Applies to Executive Branch Only </li></ul></ul><ul><ul><li>“ Record” = Information about an Individual </li></ul></ul><ul><ul><li>Must be Need to Maintain Records </li></ul></ul><ul><ul><li>Disclosure Prohibited without Consent </li></ul></ul><ul><ul><li>Requirements on Government Agencies </li></ul></ul><ul><ul><ul><li>Record Disclosures </li></ul></ul></ul><ul><ul><ul><li>Public Notice of Existence of Records </li></ul></ul></ul><ul><ul><ul><li>Ensure Security & Confidentiality of Records </li></ul></ul></ul>
    18. 18. Privacy and Other Personal Rights (continued) <ul><li>State Acts and Regulations </li></ul><ul><ul><li>Fair Information Practices Acts: Define Information that Can be Collected </li></ul></ul><ul><ul><li>Uniform Information Practices Code - National Conference of Commissioners on Uniform State Laws: Recommended Model </li></ul></ul><ul><ul><li>Statutes Regulating Information Maintained by Private Organizations: e.g..., Health Care, Insurance </li></ul></ul>
    19. 19. Privacy and Other Personal Rights (continued) <ul><li>Other Employee Rights </li></ul><ul><ul><li>Electronic Mail: Expectations of Privacy </li></ul></ul><ul><ul><li>Drug Testing: Limited to Sensitive Positions Only </li></ul></ul><ul><ul><li>Freedom From Hostile Work Environment </li></ul></ul><ul><li>International Privacy </li></ul><ul><ul><li>European Statutes Cover Both Government and Private Corporate Records </li></ul></ul><ul><ul><li>Application Primarily to Computerized Data Banks </li></ul></ul><ul><ul><li>Strict Rules on Disclosure </li></ul></ul><ul><ul><li>Prohibitions of Transfer of Information Across National Boundaries </li></ul></ul>
    20. 20. Privacy and Other Personal Rights (continued) <ul><li>Management Responsibilities </li></ul><ul><ul><li>Regular Review with Legal Department </li></ul></ul><ul><ul><li>Consider all Jurisdictions </li></ul></ul><ul><ul><li>Prepare Policies for Compliance </li></ul></ul><ul><ul><li>Enforce Policies </li></ul></ul><ul><ul><li>Document Enforcement </li></ul></ul>
    21. 21. Computer-Related Laws <ul><li>Criminal Law </li></ul><ul><ul><li>Victim is Society </li></ul></ul><ul><ul><li>Purpose of Prosecution is Punishment </li></ul></ul><ul><ul><li>Deterrent Effect of Punishment </li></ul></ul><ul><ul><li>Burden of Proof is Reasonable Doubt </li></ul></ul><ul><ul><li>Felonies - Jail > One Year </li></ul></ul><ul><ul><li>Misdemeanors - Jail < One Year </li></ul></ul><ul><ul><li>Federal and State Levels </li></ul></ul><ul><ul><ul><li>Elements of Proof Vary Between and Among </li></ul></ul></ul><ul><ul><ul><li>Specific vs. General Applicability </li></ul></ul></ul>
    22. 22. Computer Crime Laws <ul><li>Federal </li></ul><ul><ul><li>Computer Fraud and Abuse Act (Title 18, U.S. Code, 1030) </li></ul></ul><ul><ul><ul><li>*Accessing Federal Interest Computer (FIC) to acquire national defense information </li></ul></ul></ul><ul><ul><ul><li>Accessing an FIC to obtain financial information </li></ul></ul></ul><ul><ul><ul><li>Accessing an FIC to deny the use of the computer </li></ul></ul></ul><ul><ul><ul><li>*Accessing an FIC to affect a fraud </li></ul></ul></ul><ul><ul><ul><li>*Damaging or denying use of an FIC thru transmission of code, program, information or command </li></ul></ul></ul><ul><ul><ul><li>Furthering a fraud by trafficking in passwords </li></ul></ul></ul><ul><ul><li>Economic Espionage Act of 1996: Obtaining trade secrets to benefit a foreign entity </li></ul></ul><ul><ul><li>Electronic Funds Transfer Act: Covers use, transport, sell, receive or furnish counterfeit, altered, lost, stolen, or fraudulently obtained debit instruments in interstate or foreign commerce. </li></ul></ul>
    23. 23. Federal Computer Crime Laws (continued) <ul><ul><li>Child Pornography Prevention Act of 1996 (CPPA): Prohibits use of computer technology to produce child pornography. </li></ul></ul><ul><ul><li>Computer Security Act of 1987: Requires Federal Executive agencies to Establish Computer Security Programs. </li></ul></ul><ul><ul><li>Electronic Communications Privacy Act (ECPA): Prohibits unauthorized interception or retrieval of electronic communications </li></ul></ul><ul><ul><li>Fair Credit Reporting Act: Governs types of data that companies may be collected on private citizens & how it may be used. </li></ul></ul><ul><ul><li>Foreign Corrupt Practices Act: Covers improper foreign operations, but applies to all companies registered with the SEC, and requires companies to institute security programs. </li></ul></ul><ul><ul><li>Freedom of Information Act: Permits public access to information collected by the Federal Executive Branch. </li></ul></ul>
    24. 24. Computer Laws (continued) <ul><li>Civil Law (Tort Law) </li></ul><ul><ul><li>Damage/Loss to an Individual or Business </li></ul></ul><ul><ul><li>Type of Punishment Different: No Incarceration </li></ul></ul><ul><ul><li>Primary Purpose is Financial Restitution </li></ul></ul><ul><ul><ul><li>Compensatory Damages: Actual Damages, Attorney Fees, Lost Profits, Investigation Costs </li></ul></ul></ul><ul><ul><ul><li>Punitive Damages: Set by Jury to Punish Offender </li></ul></ul></ul><ul><ul><ul><li>Statutory Damages: Established by Law </li></ul></ul></ul><ul><ul><li>Easier to Obtain Conviction: Preponderance of Evidence </li></ul></ul><ul><ul><li>Impoundment Orders/Writs of Possession: Equivalent to Search Warrant </li></ul></ul>
    25. 25. Computer Laws (continued) <ul><li>International Laws </li></ul><ul><ul><li>Lack of Universal Cooperation </li></ul></ul><ul><ul><li>Differences in Interpretations of Laws </li></ul></ul><ul><ul><li>Outdated Laws Against Fraud </li></ul></ul><ul><ul><li>Problems with Evidence Admissibility </li></ul></ul><ul><ul><li>Extradition </li></ul></ul><ul><ul><li>Low Priority </li></ul></ul>
    26. 26. Computer Crime <ul><li>Computer Crime as a Separate Category </li></ul><ul><ul><li>Rules of Property: Lack of Tangible Assets </li></ul></ul><ul><ul><li>Rules of Evidence: Lack of Original Documents </li></ul></ul><ul><ul><li>Threats to Integrity and Confidentiality: Goes beyond normal definition of a loss </li></ul></ul><ul><ul><li>Value of Data: Difficult to Measure. Cases of Restitution only for Media </li></ul></ul><ul><ul><li>Terminology: Statues have not kept pace. Is Computer Hardware “Machinery”? Does Software quality as “Supplies”. </li></ul></ul>
    27. 27. Computer Crime (continued) <ul><li>Computer Crime is Hard to Define </li></ul><ul><ul><li>Lack of Understanding </li></ul></ul><ul><ul><li>Laws are Inadequate: Slow to Keep Pace with Rapidly Changing Technology </li></ul></ul><ul><ul><li>Multiple Roles for Computers </li></ul></ul><ul><ul><ul><li>Object of a Crime: Target of an Attack </li></ul></ul></ul><ul><ul><ul><li>Subject of a Crime: Used to attack (impersonating a network node) </li></ul></ul></ul><ul><ul><ul><li>Medium of a Crime: Used as a Means to Commit a Crime (Trojan Horse) </li></ul></ul></ul>
    28. 28. Computer Crime (continued) <ul><li>Difficulties in Prosecution </li></ul><ul><ul><li>Understanding: Judges, Lawyers, Police, Jurors </li></ul></ul><ul><ul><li>Evidence: Lack of Tangible Evidence </li></ul></ul><ul><ul><li>Forms of Assets: e.g., Magnetic Particles, Computer Time </li></ul></ul><ul><ul><li>Juveniles: </li></ul></ul><ul><ul><ul><li>Many Perpetrators are Juveniles </li></ul></ul></ul><ul><ul><ul><li>Adults Don’t Take Juvenile Crime Seriously </li></ul></ul></ul>
    29. 29. Legal Aspects of Cryptography <ul><li>Prohibitions on Use Approach (e.g., France) </li></ul><ul><li>Prohibitions on Export (e.g., USA, GB, CAN, GER) </li></ul><ul><ul><li>US Controls Export of Cryptography Implemented in Software </li></ul></ul><ul><ul><li>Practically Impossible to Enforce </li></ul></ul>
    30. 30. Nature and Extent of Computer-Related Crime <ul><li>Typology </li></ul><ul><ul><li>Input Tampering: Entry of Fraudulent or False Data </li></ul></ul><ul><ul><li>Throughput Tampering: Altering Computer Instructions </li></ul></ul><ul><ul><li>Output Tampering: Theft of Information </li></ul></ul><ul><li>Most Common Crimes </li></ul><ul><ul><li>Input and Output Type </li></ul></ul><ul><ul><li>Fraudulent Disbursements </li></ul></ul><ul><ul><li>Fabrication of Data </li></ul></ul>
    31. 31. The Computer Criminal <ul><li>Typical Profile </li></ul><ul><ul><li>Male, White, Young </li></ul></ul><ul><ul><li>No Prior Record </li></ul></ul><ul><ul><li>Works in Data Processing or Accounting </li></ul></ul><ul><li>Myths </li></ul><ul><ul><li>Special Talents are Necessary </li></ul></ul><ul><ul><li>Fraud has Increased Because of Computers </li></ul></ul>
    32. 32. The Computer Criminal (continued) <ul><li>Personal Motivations </li></ul><ul><ul><li>Economic </li></ul></ul><ul><ul><li>Egocentric </li></ul></ul><ul><ul><li>Ideological </li></ul></ul><ul><ul><li>Psychotic </li></ul></ul>
    33. 33. The Computer Criminal (continued) <ul><li>Environmental Motivations </li></ul><ul><ul><li>Work Environment </li></ul></ul><ul><ul><li>Reward System </li></ul></ul><ul><ul><li>Level of Interpersonal Trust </li></ul></ul><ul><ul><li>Ethical Environment </li></ul></ul><ul><ul><li>Stress Level </li></ul></ul><ul><ul><li>Internal Controls Environment </li></ul></ul>
    34. 34. The Control Environment <ul><li>Factors that Encourage Crime </li></ul><ul><ul><li>Motivation </li></ul></ul><ul><ul><li>Personal Inducements </li></ul></ul><ul><li>Factors that Discourage Crime </li></ul><ul><ul><li>Prevention Measures </li></ul></ul><ul><ul><ul><li>Internal Controls Systems </li></ul></ul></ul><ul><ul><ul><li>Access Control Systems </li></ul></ul></ul><ul><ul><li>Detection Measures </li></ul></ul><ul><ul><ul><li>Auditing </li></ul></ul></ul><ul><ul><ul><li>Supervision </li></ul></ul></ul>
    36. 36. Investigation Steps <ul><li>Detection and Containment </li></ul><ul><ul><li>Accidental Discovery </li></ul></ul><ul><ul><li>Audit Trail Review </li></ul></ul><ul><ul><li>Real-Time Intrusion Monitoring </li></ul></ul><ul><ul><li>Limit Further Loss </li></ul></ul><ul><ul><li>Reduction in Liability </li></ul></ul><ul><li>Report to Management </li></ul><ul><ul><li>Immediate Notification </li></ul></ul><ul><ul><li>Limit Knowledge of Investigation </li></ul></ul><ul><ul><li>Use Out-of-Band Communications </li></ul></ul>
    37. 37. Investigation Steps (continued) <ul><li>Preliminary Investigation </li></ul><ul><ul><li>Determine if a Crime has Occurred </li></ul></ul><ul><ul><li>Review Complaint </li></ul></ul><ul><ul><li>Inspect Damage </li></ul></ul><ul><ul><li>Interview Witnesses </li></ul></ul><ul><ul><li>Examine Logs </li></ul></ul><ul><ul><li>Identify Investigation Requirements </li></ul></ul>
    38. 38. Investigation Steps (continued) <ul><li>Disclosure Determination </li></ul><ul><ul><li>Determine if Disclosure is Required by Law </li></ul></ul><ul><ul><li>Determine if Disclosure is Desired </li></ul></ul><ul><ul><li>Caution in Dealing with the Media </li></ul></ul><ul><li>Courses of Action </li></ul><ul><ul><li>Do Nothing </li></ul></ul><ul><ul><li>Surveillance </li></ul></ul><ul><ul><li>Eliminate Security Holes </li></ul></ul><ul><ul><li>Is Police Report Required? </li></ul></ul><ul><ul><li>Is Prosecution a Goal? </li></ul></ul>
    39. 39. Investigation Steps (continued) <ul><li>Conducting the Investigation </li></ul><ul><ul><li>Investigative Responsibility </li></ul></ul><ul><ul><ul><li>Internal Investigation </li></ul></ul></ul><ul><ul><ul><li>External Private Consultant Investigation </li></ul></ul></ul><ul><ul><ul><li>Local/State/Federal Investigation </li></ul></ul></ul><ul><ul><li>Factors </li></ul></ul><ul><ul><ul><li>Cost </li></ul></ul></ul><ul><ul><ul><li>Legal Issues (Privacy, Evidence, Search & Seizure) </li></ul></ul></ul><ul><ul><ul><li>Information Dissemination </li></ul></ul></ul><ul><ul><ul><li>Investigative Control </li></ul></ul></ul>
    40. 40. Investigative Process <ul><li>Identify Potential Suspects </li></ul><ul><ul><li>Insiders </li></ul></ul><ul><ul><li>Outsiders </li></ul></ul><ul><ul><li>Collaboration </li></ul></ul><ul><li>Identify Potential Witnesses </li></ul><ul><ul><li>Who to Interview </li></ul></ul><ul><ul><li>Who to Conduct Interview </li></ul></ul>
    41. 41. Investigative Process (continued) <ul><li>Identify Type of System to be Seized </li></ul><ul><ul><li>Network, Hardware & Software Configuration </li></ul></ul><ul><ul><li>System Experts </li></ul></ul><ul><ul><li>Security System in Place </li></ul></ul><ul><ul><li>Location of System </li></ul></ul><ul><ul><li>Elements of Proof </li></ul></ul><ul><ul><li>Probable Cause/Warrant </li></ul></ul><ul><ul><li>Location of Analysis </li></ul></ul>
    42. 42. Investigative Process (continued) <ul><li>Identify Search and Seizure Team Members </li></ul><ul><ul><li>Lead Investigator </li></ul></ul><ul><ul><li>Information Security Representative </li></ul></ul><ul><ul><li>Legal Representative </li></ul></ul><ul><ul><li>Technical Representatives </li></ul></ul><ul><li>Obtain and Serve Search Warrants </li></ul><ul><li>Determine if System Is at Risk </li></ul><ul><ul><li>Access of Suspect </li></ul></ul><ul><ul><li>Potential Destruction of Evidence </li></ul></ul>
    43. 43. Investigation Steps (continued) <ul><li>Execute the Plan </li></ul><ul><ul><li>Secure and Control Scene </li></ul></ul><ul><ul><li>Protect Evidence </li></ul></ul><ul><ul><li>Don’t Touch Keyboard </li></ul></ul><ul><ul><li>Videotape Process </li></ul></ul><ul><ul><li>Capture Monitor Display </li></ul></ul><ul><ul><li>Unplug System </li></ul></ul><ul><ul><li>Remove Cover </li></ul></ul><ul><ul><li>Disks and Drives </li></ul></ul><ul><ul><li>Search Premises (for Magnetic Media and Documentation) </li></ul></ul><ul><ul><li>Seize Other Devices (that may contain information) </li></ul></ul>
    44. 44. Investigation Steps (continued) <ul><li>Conduct Surveillance </li></ul><ul><ul><li>Physical: Determine Subject’s Habits, Associates, Life Style </li></ul></ul><ul><ul><li>Computer: Audit Logs or Electronic Monitoring </li></ul></ul><ul><li>Other Information Sources </li></ul><ul><ul><li>Personnel Files </li></ul></ul><ul><ul><li>Telephone and Fax Logs </li></ul></ul><ul><ul><li>Security Logs </li></ul></ul><ul><ul><li>Time Cards </li></ul></ul><ul><li>Investigative Reporting </li></ul><ul><ul><li>Document Known Facts </li></ul></ul><ul><ul><li>Statement of Final Conclusions </li></ul></ul>
    45. 45. Computer Forensics <ul><li>Conduct a Disk Image Backup of Suspect System: Bit level Copy of the Disk, Sector by Sector </li></ul><ul><li>Authenticate the File System: Create Message Digest for all Directories, Files & Disk Sectors </li></ul><ul><li>Analyze Restored Data: Conduct Forensic Analysis in a Controlled Environment </li></ul><ul><ul><li>Search Tools: Quick View Plus, Expert Witness, Super Sleuth </li></ul></ul><ul><ul><li>Searching for Obscure Data: Hidden Files/Directories, Erased or Deleted Files, Encrypted Data, Overwritten Files </li></ul></ul><ul><ul><li>Steganography: Hiding a Piece of Information within Another </li></ul></ul><ul><ul><li>Review Communications Programs: Links to Others </li></ul></ul>
    46. 46. Computer Forensics (continued) <ul><li>Reassemble and Boot Suspect System with Clean Operating System </li></ul><ul><ul><li>Target System May Be Infected </li></ul></ul><ul><ul><li>Obtain System Time as Reference </li></ul></ul><ul><ul><li>Run Complete System Analysis Report </li></ul></ul><ul><li>Boot Suspect System with Original Operating System </li></ul><ul><ul><li>Identify Rogue Programs </li></ul></ul><ul><ul><li>Identify Background Programs </li></ul></ul><ul><ul><li>Identify What System Interrupts have Been Set </li></ul></ul>
    47. 47. Computer Forensics (continued) <ul><li>Search Backup Media: Don’t Forget Off-Site Storage </li></ul><ul><li>Search Access Controlled Systems and Encrypted Files </li></ul><ul><ul><li>Password Cracking </li></ul></ul><ul><ul><li>Publisher Back Door </li></ul></ul><ul><ul><li>Documentary Clues </li></ul></ul><ul><ul><li>Ask the Suspect </li></ul></ul><ul><ul><li>Case Law on Obtaining Passwords from Suspects </li></ul></ul>
    48. 48. Rules of Evidence <ul><li>Types of Evidence </li></ul><ul><ul><li>Direct: Oral Testimony by Witness </li></ul></ul><ul><ul><li>Real: Tangible Objects/Physical Evidence </li></ul></ul><ul><ul><li>Documentary: Printed Business Records, Manuals, Printouts </li></ul></ul><ul><ul><li>Demonstrative: Used to Aid the Jury (Models, Illustrations, Charts </li></ul></ul><ul><li>Best Evidence Rule: To Limit Potential for Alteration </li></ul><ul><li>Exclusionary Rule: Evidence Must be Gathered Legally or it Can’t Be Used </li></ul><ul><li>Hearsay Rule: Key for Computer Generated Evidence </li></ul><ul><ul><li>Second Hand Evidence </li></ul></ul><ul><ul><li>Admissibility Based on Veracity and Competence of Source </li></ul></ul><ul><ul><li>Exceptions: Rule 803 of Federal Rules of Evidence (Business Documents created at the time by person with knowledge, part of regular business, routinely kept, supported by testimony) </li></ul></ul>
    49. 49. Rules of Evidence (continued) <ul><li>Chain of Evidence: Accountability & Protection </li></ul><ul><ul><li>Who Obtained Evidence </li></ul></ul><ul><ul><li>Where and When it was Obtained </li></ul></ul><ul><ul><li>Who Secured it </li></ul></ul><ul><ul><li>Who Controlled it </li></ul></ul><ul><ul><li>Account for Everyone Who Had Access to or Handled the Evidence </li></ul></ul><ul><ul><li>Assurance Against Tampering </li></ul></ul>
    50. 50. Rules of Evidence (continued) <ul><li>Admissibility of Evidence: Computer-generated Evidence is Always Suspect </li></ul><ul><ul><li>Relevancy: Must Prove a Fact that is Material to the Case </li></ul></ul><ul><ul><li>Reliability: Prove Reliability of Evidence and the Process for Producing It </li></ul></ul><ul><li>Evidence Life Cycle </li></ul><ul><ul><li>Collection and Identification </li></ul></ul><ul><ul><li>Storage, Preservation, and Transportation </li></ul></ul><ul><ul><li>Presentation in Court </li></ul></ul><ul><ul><li>Return to Victim (Owner) </li></ul></ul>
    51. 51. Legal Proceedings <ul><li>Discovery </li></ul><ul><ul><li>Defense Granted Access to All Investigative Materials </li></ul></ul><ul><ul><li>Protective Order Limits Who Has Access </li></ul></ul><ul><li>Grand Jury and Preliminary Hearings </li></ul><ul><ul><li>Witnesses Called </li></ul></ul><ul><ul><li>Assign Law Enforcement Liaison </li></ul></ul><ul><li>Trial: Unknown Results </li></ul><ul><li>Recovery of Damages: Thru Civil Courts </li></ul>
    52. 52. Legal Proceedings (continued) <ul><li>Post Mortem Review: Analyze Attack and Close Security Holes </li></ul><ul><ul><li>Incident Response Plan </li></ul></ul><ul><ul><li>Information Dissemination Policy </li></ul></ul><ul><ul><li>Incident Reporting Policy </li></ul></ul><ul><ul><li>Electronic Monitoring Statement </li></ul></ul><ul><ul><li>Audit Trail Policy </li></ul></ul><ul><ul><li>Warning Banner (Prohibit Unauthorized Access and Give Notice of Monitoring) </li></ul></ul><ul><ul><li>Need for Additional Personnel Security Controls </li></ul></ul>
    54. 54. Ethics Origins and Outlook <ul><li>Differences Between Law and Ethics: Must vs. Should </li></ul><ul><li>Origins </li></ul><ul><ul><li>Common Good </li></ul></ul><ul><ul><li>National Interest </li></ul></ul><ul><ul><li>Individual Rights </li></ul></ul><ul><ul><li>Enlightened Self-Interest </li></ul></ul><ul><ul><li>Law </li></ul></ul><ul><ul><li>Tradition/Culture </li></ul></ul><ul><ul><li>Religion </li></ul></ul><ul><li>Fundamental Changes to Society </li></ul><ul><li>No Sandbox Training </li></ul>
    55. 55. Common Fallacies of the Computer Generation <ul><li>The Computer Game Fallacy: Computer Designed to Prevent Abuse </li></ul><ul><li>The Law-Abiding Citizen Fallacy: Constitutional Rights </li></ul><ul><li>The Shatterproof Fallacy: Limited Effects </li></ul><ul><li>The Candy-from-a-Baby Fallacy: It’s Easy So It Must be OK </li></ul><ul><li>The Hacker’s Fallacy: Means of Learning </li></ul><ul><li>The Free Information Fallacy: Information Wants to Be Free </li></ul>
    56. 56. Resources <ul><li>National Computer Ethics and Responsibilities Campaign (NCERC) </li></ul><ul><li>Computer Ethics Resource Guide </li></ul><ul><li>National Computer Security Association (NCSA) </li></ul><ul><li>Computer Ethics Institute </li></ul><ul><ul><li>1991 – Ten Commandments of Computer Ethics </li></ul></ul><ul><ul><li>End User’s Basic Tenants of Responsible Computing </li></ul></ul><ul><ul><li>Four Primary Values </li></ul></ul><ul><ul><li>Considerations for Conduct </li></ul></ul><ul><ul><li>The Code of Fair Information Practices </li></ul></ul><ul><ul><li>Unacceptable Internet Activities (RFC 1087) </li></ul></ul>
    57. 57. (ISC) 2 Code of Ethics <ul><li>Conduct to meet highest standards of moral, ethical, and legal behavior </li></ul><ul><li>Maintain personal reputation and that of the profession </li></ul><ul><li>Report unlawful activities and cooperate in investigation </li></ul><ul><li>Promote prudent information security measures </li></ul><ul><li>Provide competent service and avoid conflicts of interest </li></ul><ul><li>Execute responsibilities in keeping with highest professional standards </li></ul><ul><li>Use information properly </li></ul><ul><li>Maintain confidentiality of information </li></ul>
    58. 58. Ethical Responsibilities <ul><li>Collectors of Data to Data Subjects for: </li></ul><ul><ul><li>Integrity </li></ul></ul><ul><ul><li>Confidentiality </li></ul></ul><ul><li>Custodians of Data to Owners of Data for: </li></ul><ul><ul><li>Availability </li></ul></ul><ul><ul><li>Integrity </li></ul></ul><ul><li>Users of Data to Data Subjects and Owners for: </li></ul><ul><ul><li>Confidentiality </li></ul></ul><ul><ul><li>Integrity </li></ul></ul>
    59. 59. Competitive Intelligence <ul><li>Published Material & Public Documents </li></ul><ul><li>Disclosures by Competitor Employees (without Subterfuge) </li></ul><ul><li>Market Surveys & Consultant’s Reports </li></ul><ul><li>Financial Reports & Broker’s Research Surveys </li></ul><ul><li>Trade Fairs, Exhibits, & Competitor Literature </li></ul><ul><li>Analysis of Competitor Products </li></ul><ul><li>Reports of Own Personnel </li></ul><ul><li>Legitimate Employment Interviews with Competitor Employees </li></ul>
    60. 60. Industrial Espionage <ul><li>Camouflaged Questioning of Competitor’s Employees </li></ul><ul><li>Direct Observation under Secret Conditions </li></ul><ul><li>False Job Interviews </li></ul><ul><li>False Negotiations </li></ul><ul><li>Use of Professional Investigators </li></ul><ul><li>Hiring Competitor’s Employees </li></ul><ul><li>Trespassing </li></ul><ul><li>Bribing Suppliers and Employees </li></ul><ul><li>Planting Agent on Competitor Payroll </li></ul><ul><li>Eavesdropping </li></ul><ul><li>Theft of Information </li></ul><ul><li>Blackmail and Extortion </li></ul>
    61. 61. Plan of Action <ul><li>Develop organizational guide to computer ethics </li></ul><ul><li>Develop a computer ethics policy to supplement the computer security policy </li></ul><ul><li>Include computer ethics information in the employee handbook </li></ul><ul><li>Expand business ethics policy to include computer ethics </li></ul><ul><li>Foster user awareness of computer ethics </li></ul><ul><li>Establish an E-mail privacy policy and promote user awareness of it </li></ul>
    62. 62. QUESTIONS?