Witness: has direct personal knowledge of the event
Expert Witness: opinion based on facts and expertise (not personal knowledge of the event)
Enticement: Getting a criminal to do something that can be tracked (think - making a file appear to be valuable and monitoring it, so that you will have evidence of the intruder)
Entrapment: Telling someone that they should try and get this file when they weren't already thinking about it.
FISMA: Federal Information Security Management Act -basically forces government agencies to have an information security program. Measures include inventory, assign risk level to systems, and implement pre-defined minimum security measures (FIPS 200). Process = System Documentation + Risk Assesment -> Reviewed -> Accredited -> Continous Monitoring + Change Management. Downside to FISMA is that it has turned into a checklist, which by itself isn't enough. The US Computer Security Act of 1987 was the first attempt to do this and was superceded by FISMA.
Computer Security Act: see FISMA
CFAA: Computer Fraud and Abuse Act of 1986 - makes it so that accessing a 'federal interest computer' is illegal. Must be across state boundaries and includes financial computers. This was part of the hacker crackdown.
FCPA: Foreign Corrupt Practices Act - civil / criminal if fail to maintain sufficient controls - think private organizations vs FISMA - which targets government
Gramm-Leach-Bliley - financial
HIPAA (1996) - AKA US Kennedy-Kassenbaum Act - Health Care
Federal Privacy Act (1996) - safeguards for Personally Identifiable Information
US National Information Infrastructure Protection Act (1996) - amendment to the Computer Fraud and Abuse Act - meant to clear up interpretation of government interest computer...
Habeas Corpus - unlawful detention
Data Diddling - changing records before / after transaction - charge the customer 99 cents but then record it as 50 cents and pocket the remainder
NIST: National Institute of Standards and Technology
Espionage: Getting secret information without permission.
Criminal, Civil/Tort (fines), Administrative
NSA is responsible for sensitive / classified systems, otherwise NIST (National Institute of Standards and Technology)
Event - noticeable occurrence
Incident - event that violates security policy or law
Acquisition, Authentication, Analysis
Evidence lifecycle - collection, analysis, storage, presentation, return to victim
Locard's Exchange principle - when two object come into contact there is at least trace evidence of this contact
Evidence - Real, Direct(witness), demonstrative (not quite real - pictures, most computer evidence), documentary (letters, contracts)
Best Evidence is usual contract like
admissible evidence must be reliable, sufficient, and relevant
RFC 1087 - Ethics and the Internet (short read)
(a) seeks to gain unauthorized access to the resources of the Internet,Morris Worm is a great example of why this was written
(b) disrupts the intended use of the Internet,
(c) wastes resources (people, capacity, computer) through such actions,
(d) destroys the integrity of computer-based information,
(e) compromises the privacy of users.
(ISC)2 code of ethics
protect society, commonwealth, and the infrastructure
act honorably, honestly, justly, responsibly, and legally
provide diligent and competent service to principals
advance and protect the profession
Identify, coordinate, mitigate, investigate, educate
Red Box - simulates sound of coins
Blue Box - simulates control tones
Black Box - manipulate voltage (signal)
and tons more