Presentation is loading. Please wait.

Presentation is loading. Please wait.

Legal, Regulations, Compliance and Investigations

Published byPhoebe Nichols Modified over 6 years ago

Similar presentations

Presentation on theme: "Legal, Regulations, Compliance and Investigations"— Presentation transcript:

1 Legal, Regulations, Compliance and Investigations
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2012 Legal, Regulations, Compliance and Investigations

2 Domain Objectives International Legal Issues Incident Management
Forensic Investigation Compliance

3 Jurisdiction Law, economics, beliefs and politics
Sovereignty of nations

4 International Cooperation
Initiatives related to international cooperation in dealing with computer crime The Council of Europe (CoE) Cybercrime Convention

5 Computer Crime vs. Traditional Crime
Violent Property Public Order Computer Crime Real Property Virtual Property

6 Intellectual Property Protection
Organizations must protect intellectual property (IP) Theft Loss Corporate espionage Improper duplication Intellectual property must have value Organization must demonstrate actions to protect IP

7 Intellectual Property: Patent
Definition Advantages

8 Intellectual Property: Trademark
Purpose of a trademark Characteristics of a trademark Word Name Symbol Color Sound Product shape

9 Intellectual Property: Copyright
Covers the expression of ideas Writings Recordings Computer programs Weaker than patent protection

10 Intellectual Property: Trade Secrets
Must be confidential Protection of trade secret

11 Import and Export Law Strong encryption No terrorist states

12 Liability Legal responsibility Penalties Negligence and liability

13 Negligence Acting without care Due care

14 Transborder Data Flow Political boundaries Privacy Investigations
Jurisdiction

15 Personally Identifiable Information (PII)
Identify or locate Not anonymous Global effort

16 Privacy Laws and Regulations
Rights and obligations of: Individuals Organizations

17 International Privacy
Organization for Economic Co-operation and Development (OECD) 8 core principles

18 Privacy Law Examples Health Insurance Portability and Accountability Act (HIPAA) Personal Information Protection and Electronics Document Act (PIPEDA) European Union Data Protection Directive

19 Employee Privacy Employee monitoring Training
Authorized usage policies Internet usage Telephone Training

20 Domain Objectives International Legal Issues Incident Management
Forensic Investigation Compliance

21 Incident Management Prepare, sustain, improve Protect infrastructure
Prepare, detect respond

22 Collection of Digital Evidence
Volatile and fragile Short life span Collect quickly By order of volatility Document, document, document!

23 Chain of Custody for Evidence
Who What When Where How

24 Investigation Process
Identify suspects Identify witnesses Identify system Identify team Search warrants

25 Investigation Techniques
Ownership and possession analysis Means, opportunity and motives (MOM)

26 Behavior of Computer Criminals
Computer criminals have specific MO’s Hacking software / tools Types of systems or networks attacked, etc. Signature behaviors MO and signature behaviors Profiling

27 Interviewing vs. Interrogation
General gathering Cooperation Seek truth Specific aim Hostile Dangerous

28 Evidence: Hearsay Hearsay Business records exception
Second hand evidence Normally not admissible Business records exception Computer generated information Process of creation description

29 Reporting and Documentation
Law Court proceedings Policy Regulations

30 Communication About the Incident
Public disclosure Authorized personnel only

31 Domain Objectives International Legal Issues Incident Management
Forensic Investigation Compliance

32 Computer Forensics: Evidence
Potential evidence Evidence and legal system

33 Computer Forensics Key components Crime scenes Digital evidence
Guidelines

34 Computer Forensics: Evidence
Identification of evidence Collection of evidence Use appropriate collection techniques Reduce contamination Protect scene Maintain the chain of custody and authentication

35 Computer Forensics: Evidence
Scientific methods for analysis Characteristics of the evidence Comparison of evidence Presentation of findings Interpretation and analysis Format appropriate for the intended audience

36 Forensic Evidence Procedure
Receive media Disk write blocker Bit for bit image Cryptographic checksum Store the source drive

37 Forensic Evidence Analysis Procedure
Recent activity Keyword search Slack space Documented

38 Media Analysis Recognizing operating system artifacts File system
Timeline analysis Searching data

39 Software Analysis What it does What files it creates

40 Network Analysis Data on the wire Ports Traffic hiding

41 Domain Objectives International Legal Issues Incident Management
Forensic Investigation Compliance

42 Compliance Knowing legislation Following legislation

43 Regulatory Environment Examples
Sarbanes-Oxley (SOX)) Gramm-Leach-Bliley Act (GLBA) Basel II

44 Compliance Audit Audit = a formal written examination of controls
Auditor role = 3rd party evaluator Continuous auditing = automation

45 Audit Report Format Introduction Executive summary
Background Audit perspective Scope and objectives Executive summary Internal audit opinion Detail report including auditee responses Appendix Exhibits

46 Key Performance Indicators (KPI)
Illegal software Privacy Security related incidents

47 Domain Summary This domain reviewed the areas a CISSP candidate should know regarding : International legal issues Incident management Forensic investigation Compliance

Download ppt "Legal, Regulations, Compliance and Investigations"

Similar presentations

Practical Application of Computer Forensics Lisa Outlaw, CISA, CISSP, ITIL Certified.

Practical Application of Computer Forensics Lisa Outlaw, CISA, CISSP, ITIL Certified.
IT Security Policy Framework

IT Security Policy Framework
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Eneken Tikk // EST. Importance of Legal Framework  Law takes the principle of territoriality as point of departure;  Cyber security tools and targets.

Eneken Tikk // EST. Importance of Legal Framework  Law takes the principle of territoriality as point of departure;  Cyber security tools and targets.
We’ve got what it takes to take what you got! NETWORK FORENSICS.

We’ve got what it takes to take what you got! NETWORK FORENSICS.
EXAMINING CYBER/COMPUTER LAW BUSINESS LAW. EXPLAIN CYBER LAW AND THE VARIOUS TYPES OF CYBER CRIMES.

EXAMINING CYBER/COMPUTER LAW BUSINESS LAW. EXPLAIN CYBER LAW AND THE VARIOUS TYPES OF CYBER CRIMES.
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Legal, Regulations, Compliance and Investigations.

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Legal, Regulations, Compliance and Investigations.
Security Controls – What Works

Security Controls – What Works
Forensic and Investigative Accounting

Forensic and Investigative Accounting
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Chapter Two Ethical & Legal Issues.

Chapter Two Ethical & Legal Issues.
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
Security in Practice Enterprise Security. Business Continuity Ability of an organization to maintain its operations and services in the face of a disruptive.

Security in Practice Enterprise Security. Business Continuity Ability of an organization to maintain its operations and services in the face of a disruptive.
Tackling IT crime in a global context: the Convention on Cybercrime 3 years after Julio Pérez Gil University of Burgos, Spain.

Tackling IT crime in a global context: the Convention on Cybercrime 3 years after Julio Pérez Gil University of Burgos, Spain.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.
Legal, Regulations, Investigations and Compliance.

Legal, Regulations, Investigations and Compliance.
11/13/2012ISC329 Isabelle Bichindaritz1 Professional, Legal, and Ethical Concerns in Data Management.

11/13/2012ISC329 Isabelle Bichindaritz1 Professional, Legal, and Ethical Concerns in Data Management.

Similar presentations

Ads by Google