Professional Documents
Culture Documents
Information Security
Laws
purpose
type
fine
purpose
section
Sarbanes-Oxley Act
Licensing
Safeguards Rule
Financial Privacy Rule
Pretexting Protection
purpose
type
End-user license agreement
(EULA)
contract
Electronic Contract
Computer crime
types of crimes
Civil law
Criminal law
Copyright
Offer,
Acceptance
Consideration.
definition
structure
trespass
Illegal interception without authority
Interference with computer data
without authorization
Interfering with a system without
authorization
child pornography
Industrial espionage
Harassment
Electronic Fraud
cyber vandalism
Theft of commercial documents
definition
purpose
example
definition
purpose
example
definition
purpose
example
UK -law Copyright, Designs and
Patents Act 1988
limited monopoly
Fair Use
Section 107 of the Act
definition
purpose
example
Patent Infringement
primary types of patents Utility patents
Design Patents
Plant Patents
innovation patent
Passing off
Trademarks
definition
purpose
example
Service Mark
Collective Mark
definition
example
definition
example
definition
example
definition
example
definition
purpose
example
definition
purpose
example
Certification Mark
Import/export Laws
definition
purpose
example
definition
purpose
example
encryption law
Tier 3 countries
Tier 4 countries
Liability
Privacy law
definition
purpose
example
standard
Upstream liability
Downstream liability
Spamming
Sexual Abuse of Children in Chat
Rooms
Child Pornography
Harassment
Identity Fraud
definition
purpose
example
Electronic Communications
Privacy Act of 2000
The Privacy Act of 1974. 5 U.S.C.
552a
The Fair Credit Reporting Act
(FCRA)
The Federal Right to Privacy Act
(1978)
The Video Privacy Protection Act
of 1988
The Cable Communications
Policy Act of 1984
PCI-DSS
COBIT
Monitoring employees
US law
physical security,
computer and network security,
the security of the network
infrastructure
the proper training of employees.
Litigation support
definition
purpose
example
The litigation process of
discovery
definition
purpose
example
definition of discoverable material
Early Attention to Electronic
Discovery Issues
Format of Production
Electronically Stored Information
from Sources that Are Not
Reasonably Accessible
Asserting Claim of Privilege or
Work Product Protection After
Production
Safe Harbor Provisions
Elements of
Investigations
Rule
26(a)(1)(B)
Rule 16(b)(5)
Rule
26(b)(2)(i),
(ii), and (iii)
Rule 26(b)(5)
Rule 37(f)
steps
types of information that should 1. Dates and times of incidentbe logged related phone calls.
2. Dates and times when incidentrelated events were discovered or
occurred.
3. Amount of time spent working
on incident-related tasks.
4. People you have contacted or
have contacted you.
5. Names of systems, programs or
networks that have been affected
dimensions to preparation Personnel,
Policy and procedure,
Software and hardware,
Data and communications,
Power and environmental
controls,
Transport,
Room to operate
Documentation
Incident response teams (CSIRT)
Evidence preservation
Document file names, dates, and
times on the system and create a
timeline
Chain of Custody
Digital Forensics
Identify and articulate probable
cause necessary to obtain a search
warrant and recognize the limits
of warrants.
Locate and recover relevant
electronic evidence from
10
sources of evidence
11
Medical records
Credit records or credit union
account information
Performance reviews
Documentation
SMART methodology Specific
Measurable
Achievable
Realistic
Time-based
Interviewing and fact-finding
goal Establish rapport
Stress that the interview is
seeking only the truth
Listen carefully
Evaluate the interviewees
responses to the questions with
care
Take first-rate notes
Remain objective and composed
list Interviewees - who was to be
interviewed
The order of the interviews
How much time has been allotted
per interview
Classify the interviewees (such as
by complainant, witness, subject)
Research and list the allegations
that pertain to each interviewee
and the relevant facts for each of
these
12
definition
purpose
example
13
examples of principles
Mission, Vision and Values
Statements
How do we do it?
For whom do we do it?
Provides a "reason for being".
Provides clarity and focus and
makes choices.
Is clear and concise.
Should be accepted by the wider
organization.
Helps guide people into doing the
right thing.
The Vision Statements
A plan for the future,
A source of inspiration,
The place to go when in need of
clear decision-making criteria,
The source to ensure that policy
aligns with the destination set by
the organization.
commitment It creates a sense of desire and
builds commitment.
Paints the ideal future.
Is an expression made in terms of
hope.
Is united with the values of the
organization.
A Statement of Values
Code of Ethics Preamble
Code of Ethics Canons
encourage Research
Teaching
14
15
The 10 Commandments of IT
Security
16