Unformatted text preview: held for a reasonable amount of time, and must
be accurate and timely.
• If companies are going to use any type of monitoring, they need to make sure
it is legal in their business sector and must inform all employees that they may
be subjected to monitoring. ch10.indd 911 12/4/2009 11:39:14 AM All-in-1 / CISSP All-in-One Exam Guide, 5th Ed. / Harris / 160217-8 CISSP All-in-One Exam Guide 912
• Employees need to be informed regarding what is expected behavior
pertaining to the use of the company’s computer systems, network, e-mail
system, and phone system. They need to also know what the ramifications
are for not meeting those expectations. These requirements are usually
communicated through policies.
• Logon banners should be used to inform users of what could happen if they
do not follow the rules pertaining to using company resources. This provides
legal protection for the company.
• Countries differ in their view of the seriousness of computer crime and have
different penalties for certain crimes. This makes enforcing laws much harder
across country borders.
• The three main types of harm addressed in computer crime laws pertain to
unauthorized intrusion, unauthorized alteration or destruction, and using
• Law enforcement and the courts have a hard time with computer crimes
because of the newness of the types of crimes, the complexity involved,
jurisdictional issues, and evidence collection. New laws are being written
to properly deal with cybercrime.
• If a company does not practice due care in its efforts to protect itself from
computer crime, it can be found to be negligent and legally liable for
• Elements of negligence include not fulfilling a legally recognized obligation,
failure to conform to a standard of care that results in injury or damage, and
• Most computer crimes are not reported because the victims are not aware
of the crime or are too embarrassed to let anyone else know.
• Theft is no longer restricted to physical constrai...
View Full Document