Download presentation
Presentation is loading. Please wait.
1
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Legal, Regulations, Compliance and Investigations
2
Domain Objectives International Legal Issues Incident Management Forensic Investigation Compliance
3
Jurisdiction Law, economics, beliefs and politics Sovereignty of nations
4
International Cooperation Initiatives related to international cooperation in dealing with computer crime The Council of Europe (CoE) Cybercrime Convention
5
Computer Crime vs. Traditional Crime Traditional Crime Violent Property Public Order Computer Crime Real Property Virtual Property
6
Intellectual Property Protection Organizations must protect intellectual property (IP) – Theft – Loss – Corporate espionage – Improper duplication Intellectual property must have value – Organization must demonstrate actions to protect IP
7
Intellectual Property: Patent Definition Advantages
8
Intellectual Property: Trademark Purpose of a trademark Characteristics of a trademark – Word – Name – Symbol – Color – Sound – Product shape
9
Intellectual Property: Copyright Covers the expression of ideas – Writings – Recordings – Computer programs Weaker than patent protection
10
Intellectual Property: Trade Secrets Must be confidential Protection of trade secret
11
Import and Export Law Strong encryption No terrorist states
12
Liability Legal responsibility Penalties Negligence and liability
13
Negligence Acting without care Due care
14
Transborder Data Flow Political boundaries – Privacy – Investigations – Jurisdiction
15
Personally Identifiable Information (PII) Identify or locate Not anonymous Global effort
16
Privacy Laws and Regulations Rights and obligations of: – Individuals – Organizations
17
International Privacy Organization for Economic Co-operation and Development (OECD) 8 core principles
18
Privacy Law Examples Health Insurance Portability and Accountability Act (HIPAA) Personal Information Protection and Electronics Document Act (PIPEDA) European Union Data Protection Directive
19
Employee Privacy Employee monitoring – Authorized usage policies – Internet usage – Email – Telephone Training
20
Domain Objectives International Legal Issues Incident Management Forensic Investigation Compliance
21
Incident Management Prepare, sustain, improve Protect infrastructure Prepare, detect respond
22
Collection of Digital Evidence Volatile and fragile Short life span Collect quickly By order of volatility Document, document, document!
23
Chain of Custody for Evidence Who What When Where How
24
Investigation Process Identify suspects Identify witnesses Identify system Identify team Search warrants
25
Investigation Techniques Ownership and possession analysis Means, opportunity and motives (MOM)
26
Behavior of Computer Criminals Computer criminals have specific MO’s – Hacking software / tools – Types of systems or networks attacked, etc. – Signature behaviors MO and signature behaviors Profiling
27
Interviewing vs. Interrogation General gathering Cooperation Seek truth Specific aim Hostile Dangerous
28
Evidence: Hearsay Hearsay – Second hand evidence – Normally not admissible Business records exception – Computer generated information – Process of creation description
29
Reporting and Documentation Law Court proceedings Policy Regulations
30
Communication About the Incident Public disclosure Authorized personnel only
31
Domain Objectives International Legal Issues Incident Management Forensic Investigation Compliance
32
Computer Forensics: Evidence Potential evidence Evidence and legal system
33
Computer Forensics Key components – Crime scenes – Digital evidence – Guidelines
34
Computer Forensics: Evidence Identification of evidence Collection of evidence – Use appropriate collection techniques – Reduce contamination – Protect scene – Maintain the chain of custody and authentication
35
Computer Forensics: Evidence Scientific methods for analysis – Characteristics of the evidence – Comparison of evidence Presentation of findings – Interpretation and analysis – Format appropriate for the intended audience
36
Forensic Evidence Procedure Receive media Disk write blocker Bit for bit image Cryptographic checksum Store the source drive
37
Forensic Evidence Analysis Procedure Recent activity Keyword search Slack space Documented
38
Media Analysis Recognizing operating system artifacts File system Timeline analysis Searching data
39
Software Analysis What it does What files it creates
40
Network Analysis Data on the wire Ports Traffic hiding
41
Domain Objectives International Legal Issues Incident Management Forensic Investigation Compliance
42
Knowing legislation Following legislation
43
Regulatory Environment Examples Sarbanes-Oxley (SOX)) Gramm-Leach-Bliley Act (GLBA) Basel II
44
Compliance Audit Audit = a formal written examination of controls Auditor role = 3 rd party evaluator Continuous auditing = automation
45
Audit Report Format Introduction – Background – Audit perspective – Scope and objectives Executive summary Internal audit opinion Detail report including auditee responses Appendix Exhibits
46
Key Performance Indicators (KPI) Illegal software Privacy Security related incidents
47
Domain Summary This domain reviewed the areas a CISSP candidate should know regarding : – International legal issues – Incident management – Forensic investigation – Compliance
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.