Friday, July 23, 2010

CISSP - Legal, Regulations, Investigations, and Compliance

Due Care - doing what is reasonably expected

Witness: has direct personal knowledge of the event

Expert Witness: opinion based on facts and expertise (not personal knowledge of the event)

Enticement: Getting a criminal to do something that can be tracked (think - making a file appear to be valuable and monitoring it, so that you will have evidence of the intruder)
Entrapment: Telling someone that they should try and get this file when they weren't already thinking about it.

FISMA: Federal Information Security Management Act -basically forces government agencies to have an information security program. Measures include inventory, assign risk level to systems, and implement pre-defined minimum security measures (FIPS 200). Process = System Documentation + Risk Assesment -> Reviewed -> Accredited -> Continous Monitoring + Change Management. Downside to FISMA is that it has turned into a checklist, which by itself isn't enough. The US Computer Security Act of 1987 was the first attempt to do this and was superceded by FISMA.

Computer Security Act: see FISMA

CFAA: Computer Fraud and Abuse Act of 1986 - makes it so that accessing a 'federal interest computer' is illegal. Must be across state boundaries and includes financial computers. This was part of the hacker crackdown.

FCPA: Foreign Corrupt Practices Act - civil / criminal if fail to maintain sufficient controls - think private organizations vs FISMA - which targets government

Gramm-Leach-Bliley - financial

HIPAA (1996) - AKA US Kennedy-Kassenbaum Act - Health Care

Federal Privacy Act (1996) - safeguards for Personally Identifiable Information

US National Information Infrastructure Protection Act (1996) - amendment to the Computer Fraud and Abuse Act - meant to clear up interpretation of government interest computer...

Habeas Corpus - unlawful detention

Data Diddling - changing records before / after transaction - charge the customer 99 cents but then record it as 50 cents and pocket the remainder

NIST: National Institute of Standards and Technology

Espionage: Getting secret information without permission.

Criminal, Civil/Tort (fines), Administrative

NSA is responsible for sensitive / classified systems, otherwise NIST (National Institute of Standards and Technology)

Event - noticeable occurrence

Incident - event that violates security policy or law


Acquisition, Authentication, Analysis

Evidence lifecycle - collection, analysis, storage, presentation, return to victim

Locard's Exchange principle - when two object come into contact there is at least trace evidence of this contact

Evidence - Real, Direct(witness), demonstrative (not quite real - pictures, most computer evidence), documentary (letters, contracts)

Best Evidence is usual contract like

admissible evidence must be reliable, sufficient, and relevant

RFC 1087 - Ethics and the Internet (short read)

(a) seeks to gain unauthorized access to the resources of the Internet,
(b) disrupts the intended use of the Internet,
(c) wastes resources (people, capacity, computer) through such actions,
(d) destroys the integrity of computer-based information,
(e) compromises the privacy of users.
Morris Worm is a great example of why this was written

(ISC)2 code of ethics


protect society, commonwealth, and the infrastructure

act honorably, honestly, justly, responsibly, and legally

provide diligent and competent service to principals

advance and protect the profession

Incident Response

Identify, coordinate, mitigate, investigate, educate


Red Box - simulates sound of coins

Blue Box - simulates control tones

Black Box - manipulate voltage (signal)

and tons more

No comments:

Post a Comment