This preview shows page 1. Sign up to view the full content.
Unformatted text preview: e the attacker. This is a huge contributing factor as to why cybercriminals get
away with their activities. Some regulated organizations—for instance, federal institutions—by law, must report breaches. However, most organizations do not have to report breaches or computer crimes. No company wants their dirty laundry out in the
open for everyone to see. The customer base will lose confidence, as will the shareholders and investors. We do not actually have true computer crime statistics because most
are not reported.
Although regulations, laws, and attacks help make senior management more aware
of security issues, when their company ends up in the headlines and it’s told how they
lost control of over 100,000 credit card numbers, security suddenly becomes very important to them.
CAUTION Even though financial institutions must, by law, report security
breaches and crimes, that does not mean they all follow this law. Some of these
institutions, just like many other organizations, often simply fix the vulnerability
and sweep the details of the attack under the carpet. ch10.indd 850 12/4/2009 11:39:05 AM All-in-1 / CISSP All-in-One Exam Guide, 5th Ed. / Harris / 160217-8 Chapter 10: Legal, Regulations, Compliance, and Investigations 851
Another complexity that the digital world has brought upon society is defining what
has to be protected and to what extent. We have gone through a shift in the business
world pertaining to assets that need to be protected. Fifteen years ago and more, the
assets that most companies concerned themselves with protecting were tangible ones
(equipment, building, manufacturing tools, inventory). Now companies must add data
to their list of assets, and data are usually at the very top of that list: product blueprints,
Social Security numbers, medical information, credit card numbers, personal information, trade secrets, military deployment and strategies, and so on. Although the military
has always had to worry about k...
View Full Document
This note was uploaded on 06/01/2013 for the course NET 125 taught by Professor Hurst during the Fall '12 term at Wake Tech.
- Fall '12