CHAPTER
10
Legal, Regulations,
Compliance, and
Investigations
This chapter presents the following:
• Computer crimes and computer laws
• Motives and profiles of attackers
• Various types of evidence
• Laws and acts put into effect to fight computer crime
• Computer crime investigation process and evidence collection
• Incident-handling procedures
• Ethics pertaining to information security professionals and best practices
Computer and associated information crimes are the natural response of criminals to
society’s increasing use of, and dependence upon, technology. For example, stalking
can now take place in the virtual world with stalkers pursuing victims through social
web sites or chat rooms. However, crime has always taken place, with or without a com-
puter. A computer is just another tool and, like other tools before it, it can be used for
good or evil.
Fraud, theft, and embezzlement have always been part of life, but the computer age
has brought new opportunities for thieves and crooks. Organized crime can take advan-
tage of the Internet to exploit people through phishing attacks, 419 scams (also called
Nigerian Letter scams) and financial dealings. A new degree of complexity has been
added to accounting, recordkeeping, communications, and funds transfer. This degree
of complexity brings along its own set of vulnerabilities, which many crooks are all too
eager to take advantage of.
Companies are being blackmailed by cybercriminals who discover vulnerabilities
in their networks. Company trade secrets and confidential information are being stolen
when security breaches take place. Online banks are seeing a rise in fraud, and retailers’
databases are being attacked and robbed of their credit card information. In addition,
identity theft is the fastest growing white-collar crime as of the writing of this book.
845
This
preview
has intentionally blurred sections.
Sign up to view the full version.
CISSP All-in-One Exam Guide
846
As e-commerce and online business become enmeshed in today’s business world,
these types of issues become more important and more dangerous. Hacking and attacks
are continually on the rise, and companies are well aware of it. The legal system and law
enforcement are behind in their efforts to track down cybercriminals and successfully
prosecute them (although they are getting better each year). New technologies to fight
many types of attacks are on the way, but a great need still exists for proper laws, poli-
cies, and methods in actually catching the perpetrators and making them pay for the
damage they cause. This chapter looks at some of these issues.
The Many Facets of Cyberlaw
Legal issues are very important to companies because a violation of legal commitments
can be damaging to a company’s bottom line and its reputation. A company has many
ethical and legal responsibilities it is liable for in regard to computer fraud. The more
knowledge one has about these responsibilities, the easier it is to stay within the proper
boundaries.

This is the end of the preview.
Sign up
to
access the rest of the document.
- Fall '12
- Hurst
- Law, Common Law, All-in-One Exam Guide, CISSP All-in-One Exam
-
Click to edit the document details