{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

ch10 - All-in-1 CISSP All-in-One Exam Guide 5th Ed Harris...

Info icon This preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
CHAPTER 10 Legal, Regulations, Compliance, and Investigations This chapter presents the following: • Computer crimes and computer laws • Motives and profiles of attackers • Various types of evidence • Laws and acts put into effect to fight computer crime • Computer crime investigation process and evidence collection • Incident-handling procedures • Ethics pertaining to information security professionals and best practices Computer and associated information crimes are the natural response of criminals to society’s increasing use of, and dependence upon, technology. For example, stalking can now take place in the virtual world with stalkers pursuing victims through social web sites or chat rooms. However, crime has always taken place, with or without a com- puter. A computer is just another tool and, like other tools before it, it can be used for good or evil. Fraud, theft, and embezzlement have always been part of life, but the computer age has brought new opportunities for thieves and crooks. Organized crime can take advan- tage of the Internet to exploit people through phishing attacks, 419 scams (also called Nigerian Letter scams) and financial dealings. A new degree of complexity has been added to accounting, recordkeeping, communications, and funds transfer. This degree of complexity brings along its own set of vulnerabilities, which many crooks are all too eager to take advantage of. Companies are being blackmailed by cybercriminals who discover vulnerabilities in their networks. Company trade secrets and confidential information are being stolen when security breaches take place. Online banks are seeing a rise in fraud, and retailers’ databases are being attacked and robbed of their credit card information. In addition, identity theft is the fastest growing white-collar crime as of the writing of this book. 845
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
CISSP All-in-One Exam Guide 846 As e-commerce and online business become enmeshed in today’s business world, these types of issues become more important and more dangerous. Hacking and attacks are continually on the rise, and companies are well aware of it. The legal system and law enforcement are behind in their efforts to track down cybercriminals and successfully prosecute them (although they are getting better each year). New technologies to fight many types of attacks are on the way, but a great need still exists for proper laws, poli- cies, and methods in actually catching the perpetrators and making them pay for the damage they cause. This chapter looks at some of these issues. The Many Facets of Cyberlaw Legal issues are very important to companies because a violation of legal commitments can be damaging to a company’s bottom line and its reputation. A company has many ethical and legal responsibilities it is liable for in regard to computer fraud. The more knowledge one has about these responsibilities, the easier it is to stay within the proper boundaries.
Image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}