CISSPEssentials:MasteringtheCommonBodyofKnowledgeClass8:Law,investigationandethicsLecturerShonHarris,CISSP,MCSEPresident,LogicalSecurity•CISSPEssentialsLibrary:•www.searchsecurity.com/CISSPessentials•Class8Quiz:•www.searchsecurity.com/Class8quiz•Class8Spotlight:•www.searchsecurity.com/Class8spotlightCISSPEssentials:MasteringtheCommonBodyofKnowledgeLaw,investigationandethicsobjectivesTypesofcomputercrimesandcriminalprofilesPrivacyissuesandlawsTypesoflawsIntellectualpropertylawsInvestigationofcomputercrimesTypesofevidenceandhowtohandleitSetsofethicsNotjustfunandgamesSeriousnessofcomputercrimes•Continuallyontherise•Costorganizationsaroundtheworldbillionsofdollarseachyear•Wedonothaverepresentativestatistics•Crimesgounnoticedorunreported•AffectsthepublicandgovernmentsectorsExamplesofcomputercrimesJustafew…•ILOVEYOU,SoBIG.f,Morrisworm,Blaster,Klezmalware•DDoSthatbroughtdownExcite,Yahoo!andotherlargesites•Extortionattemptsafterstealingcreditcardnumbers•Theftofcreditcardinformation•Stealingfundsfromfinancialaccounts•Internalemployeefraud•Stealingmilitarysecretsandcriticalinformation•Competitorsstealingeachother’scustomerinformationAfewattacktypesSalami•Carryingoutsmallercrimeswiththehopethatthelargercrimewillgounnoticed•TakingasmallamountofmoneyfromeachaccounteachmonthDatadiddling•Modifyingdatabeforeitisenteredintoacomputerorassoonasitcomesout•Tryingtoaltertherealityofasituation•“Changingthebooks”Dumpsterdiving•Obtaininginformationinthetrashthatcanbeusedagainstthevictim•Unethical,butnotillegalPrivacyofsensitivedataUnitedStatesandEuropeanlegalapproachesMovingsensitivedataacrossinternationalboundariesEmployeeprivacytopicsPrivacyissues–U.S.lawsasexamplesPrivacyActof1974•DataheldonindividualsbygovernmentagenciesElectronicCommunicationsPrivacyActof1986•Prohibitsunauthorizedeavesdroppingorinterceptionofmessageswithoutpropercourtapproval•ProtectsdatawhilestoredorintransitHealthInsurancePortabilityandAccountabilityAct(HIPAA)•Protectingtheprivac...
