Upload
dale-cameron
View
214
Download
1
Embed Size (px)
Citation preview
ISA 562 1
Domain 10: Legal, Regulations, Compliance, & Investigations
ISA 562Internet Security Theory & Practice
2
Objectives
Discuss computer crime Discuss laws and regulation for IT Differences and similarities between
common law and Civil law Incident response technology Forensics And many more ….
Introduction Addresses computer crimes laws and
regulations Decide on a suitable set of investigation
procedures (involving techniques and measures) that can be used to determine if a crime has been committed
Have methods to gather evidence Develop a set of incident-handling
capabilities to react quickly and efficiently to malicious threats or suspicious incidents
3
Major Legal Systems Common Law
English roots Common law originally developed from court
decisions based on customs, traditions and precedents. The book has more details.
Common Law types: Criminal Law (for more info read book) Tort Law (for more info read book) Administrative Law (for more info read book)
4
Major Legal Systems Civil Law
Roots go back to roman empire and Napoleonic code of France
Body of laws established by state or nation for its own regulations (read the book)
Customary Law Reflects the society's norms and values
Religious Law Examples: The Islamic Law system.
Mixed Law Combining two or more legal systems Becomes relevant for inter-state or inter-national
crimes!
5
IT Laws and regulations Intellectual property law
Specifically designed to protect tangible items, intangible items and property from those wishing to copy or use it without due compensation to the inventor or creator, it has two categories
Industrial property Copyright
Some definitions Patent: an idea (protects novels, useful, etc) Copyright: an expression of an idea Trademark: a symbol representing an idea ( used to identify
goods and distinguish them from those made or sold by others)
Trade secrets: refers to proprietary business or technical information, processes, etc that are confidential and critical to business
Software Licensing types Freeware, Shareware, Commercial, Academic 6
IT Laws and regulations (continued) Privacy: address the rights and obligations of
individuals and organizations Initiatives
Generic approaches Horizontal enactment across all industries
Regulation by industry Vertical Enactment Requirements for financial sectors, healthcare, government
etc Privacy and the OECD Employees
Monitoring and usage policies (Internet, email, etc) Personal protection
End user responsibilities by encourage them to use specific technologies like : encryption , anti-virus, etc
7
Other Concerns Liability
Legal Responsibilities , etc Negligence
Acting without care Due Diligence
The degree of prudence that might be properly expected from a reasonable person put in the given circumstances
Computer Crimes Read more in the book on computer crime categories Computer crime examples
Insider abuse Stalking Financial fraud Hacking etc
International cooperation8
Incident Response Incident : any event that has the potential to
negatively impact the business or its assets The need for Incident response
Root cause analysis Discover a problem an resolving it Minimize damage Document the steps
Establish Capabilities to handle Compromises Policy (Escalation Process), procedures, guidelines and
management evidence Establish a Team
Virtual, permanent or a combination of the two Each situations has its pros and cons
9
Incident Response and handling Phases
Triage: done as the first step in incident handling Contains detection, classification and notification
Detection step recognizes false positives and false negatives Classification step assigns a severity for events (eg. high,
medium, low) Notification step, notifies identified entities depending on the
event’s severity Investigation: components include
Analysis : could be automated or manual Interpretation: explanation for the event Reaction: What to do in case of the event Recovery: Specific procedures to recovery from the event
10
Incident Response and handling (continued)
Objectives Reduce Impact Identify cause, etc
Considerations Law Policy, etc
Containment Reducing the potential impact of the incident Depends on the attack, what has been affected, etc Strategies used:
System Isolation System Disconnection Implementing a security product (like firewalls) Documentation for Handling procedures, source of
evidence, etc.
11
Computer forensics Evidence
Digital, electronic, storage or wire Computer forensics is very young only abut 25 years
old, latent fingerprint analysis goes back to the 1800s Deals with both evidence and legal issues Identified as
Crime scenes Evidence Potential containers of evidence
Acquiring evidence Criminalistic principles Minimize evidence contamination and destruction at the
sense Using scientific methods when acquiring
evidence Presenting comprehensible findings
12
Computer forensics (continued) Crime scene
Where potential evidence of the crime may exist Could be physical, virtual or cyber
Read more about Locards’s principle in the book Behaviors
Means, Opportunity and Motives (MOM) Modus Operandi (MO): Eg, Hacking - signature
behaviors The scene should be preserved, no
unauthorized individuals / procedures in place. Contamination cannot be undone!
13
Computer forensics (continued) Digital Evidence
Admissibility criteria varies Should have some probative value Relevant to the case at hand
Rules: Admissible and Authentic Complete, Accurate and Convincing
Hearsay An out of court statement offered as proof of an
assertion (second hand evidence) Normally not admissible One exception: computer generated information
14
Computer forensics (continued) Life span
Volatile May have short life span, etc
Chain of custody Evidence handling Who, what, where, when & how Requires following a formal process that is well
documented Accuracy and integrity
Examples are MD5 & SHA
15
Computer forensics (continued)
Guidelines for computer forensics All activity to the seizure, access, etc should
be fully document Minimize handling/corruption of original data Be prepared to testify Work fast Comply with evidence rules Act ethically, In good faith etc
16
References
ISC2 CBK Material
17