This preview shows page 1. Sign up to view the full content.
Unformatted text preview: IDS, harden the database
holding the customer account information, or use encryption for customer
• Cheapo, Inc., did not effectively protect its customers’ assets.
• Failure to conform to the required standard
• By not erecting the proper security policy and program and implementing
the necessary security controls, Cheapo, Inc., broke 12 federal regulations
used to govern financial institutions.
• Proximate causation and resulting injury or damage
• The financial institution’s failure to practice due care and implement the
basic requirements of online banking directly caused 22 clients to lose
$439,344.09. ch10.indd 878 12/4/2009 11:39:10 AM All-in-1 / CISSP All-in-One Exam Guide, 5th Ed. / Harris / 160217-8 Chapter 10: Legal, Regulations, Compliance, and Investigations 879
Eventually, a majority of the accounts were attacked and drained, a class action suit
was brought against Cheapo, Inc., a majority of the people got most of their money
back, and the facility Cheapo, Inc., was using as a financial institution is now used to
These scenarios are simplistic and described in a light-hearted manner, but failure
to implement computer and information security properly can expose a company and
its board of directors to litigation and legal punishment. Many times people cannot
hide behind the corporation and are held accountable individually and personally. The
board of directors can compromise its responsibilities to the stockholders, customers,
and employees by not ensuring that due care is practiced and that the company was not
being negligent in any way. Investigations
Since computer crimes are only increasing and will never really go away, it is important
that all security professionals understand how computer investigations should be carried out. This includes legal requirements for specific situations, understanding the
“chain of custody” for evidence, what type of evidence is admissible in court, incident
response procedures and escalation processes, and that security professionals are not
When a potential computer crim...
View Full Document
This note was uploaded on 06/01/2013 for the course NET 125 taught by Professor Hurst during the Fall '12 term at Wake Tech.
- Fall '12