Docstoc

Storing RDF Data in Hadoop And Retrieval

Document Sample
Storing RDF Data in Hadoop And Retrieval Powered By Docstoc
					Legal, Regulations, Compliance
             and
        Investigations

     Dr. Bhavani Thuraisingham
The University of Texas at Dallas (UTD)

              June 2011
                  Domain Objectives
•   International Legal Issues
•   Incident Management
•   Forensic Investigation
•   Compliance
                       Jurisdiction
• Law, economics, beliefs and politics
• Sovereignty of nations
          International Cooperation
• Initiatives related to international cooperation in dealing with
  computer crime
• The Council of Europe (CoE) Cybercrime Convention
 Computer Crime vs. Traditional Crime
  Traditional Crime      Computer Crime
• Violent             • Real Property
• Property            • Virtual Property
• Public Order
       Intellectual Property Protection
• Organizations must protect intellectual property (IP)
   –   Theft
   –   Loss
   –   Corporate espionage
   –   Improper duplication
• Intellectual property must have value
   – Organization must demonstrate actions to protect IP
      Intellectual Property: Patent
• Definition
• Advantages
    Intellectual Property: Trademark
• Purpose of a trademark
• Characteristics of a trademark
   –   Word
   –   Name
   –   Symbol
   –   Color
   –   Sound
   –   Product shape
    Intellectual Property: Copyright
• Covers the expression of ideas
   – Writings
   – Recordings
   – Computer programs
• Weaker than patent protection
 Intellectual Property: Trade Secrets
• Must be confidential
• Protection of trade secret
              Import and Export Law
• Strong encryption
• No terrorist states
                             Liability
• Legal responsibility
• Penalties
• Negligence and liability
                        Negligence
• Acting without care
• Due care
              Transborder Data Flow
• Political boundaries
   – Privacy
   – Investigations
   – Jurisdiction
Personally Identifiable Information (PII)
• Identify or locate
• Not anonymous
• Global effort
       Privacy Laws and Regulations
• Rights and obligations of:
   – Individuals
   – Organizations
              International Privacy
• Organization for Economic Co-operation and Development
  (OECD)
• 8 core principles
             Privacy Law Examples
• Health Insurance Portability and Accountability Act (HIPAA)
• Personal Information Protection and Electronics Document Act
  (PIPEDA)
• European Union Data Protection Directive
                     Employee Privacy
• Employee monitoring
   –   Authorized usage policies
   –   Internet usage
   –   Email
   –   Telephone
• Training
                  Domain Objectives
•   International Legal Issues
•   Incident Management
•   Forensic Investigation
•   Compliance
             Incident Management

• Prepare, sustain, improve
• Protect infrastructure
• Prepare, detect respond
        Collection of Digital Evidence
•   Volatile and fragile
•   Short life span
•   Collect quickly
•   By order of volatility
•   Document, document, document!
       Chain of Custody for Evidence
•   Who
•   What
•   When
•   Where
•   How
                Investigation Process
•   Identify suspects
•   Identify witnesses
•   Identify system
•   Identify team
•   Search warrants
          Investigation Techniques
• Ownership and possession analysis
• Means, opportunity and motives (MOM)
    Behavior of Computer Criminals
• Computer criminals have specific MO’s
   – Hacking software / tools
   – Types of systems or networks attacked, etc.
   – Signature behaviors
• MO and signature behaviors
• Profiling
   Interviewing vs. Interrogation
• General gathering    • Specific aim
• Cooperation          • Hostile
• Seek truth           • Dangerous
                  Evidence: Hearsay
• Hearsay
   – Second hand evidence
   – Normally not admissible
• Business records exception
   – Computer generated information
   – Process of creation description
       Reporting and Documentation
•   Law
•   Court proceedings
•   Policy
•   Regulations
   Communication About the Incident
• Public disclosure
• Authorized personnel only
                  Domain Objectives
•   International Legal Issues
•   Incident Management
•   Forensic Investigation
•   Compliance
     Computer Forensics: Evidence

• Potential evidence
• Evidence and legal system
                 Computer Forensics
• Key components
   – Crime scenes
   – Digital evidence
   – Guidelines
       Computer Forensics: Evidence
• Identification of evidence
• Collection of evidence
   –   Use appropriate collection techniques
   –   Reduce contamination
   –   Protect scene
   –   Maintain the chain of custody and authentication
      Computer Forensics: Evidence
• Scientific methods for analysis
   – Characteristics of the evidence
   – Comparison of evidence
• Presentation of findings
   – Interpretation and analysis
   – Format appropriate for the intended audience
        Forensic Evidence Procedure
•   Receive media
•   Disk write blocker
•   Bit for bit image
•   Cryptographic checksum
•   Store the source drive
Forensic Evidence Analysis Procedure
•   Recent activity
•   Keyword search
•   Slack space
•   Documented
                     Media Analysis
•   Recognizing operating system artifacts
•   File system
•   Timeline analysis
•   Searching data
                  Software Analysis
• What it does
• What files it creates
                 Network Analysis
• Data on the wire
• Ports
• Traffic hiding
                  Domain Objectives
•   International Legal Issues
•   Incident Management
•   Forensic Investigation
•   Compliance
                          Compliance
• Knowing legislation
• Following legislation
  Regulatory Environment Examples
• Sarbanes-Oxley (SOX))
• Gramm-Leach-Bliley Act (GLBA)
• Basel II
                 Compliance Audit
• Audit = a formal written examination of controls
• Auditor role = 3rd party evaluator
• Continuous auditing = automation
                 Audit Report Format
• Introduction
    – Background
    – Audit perspective
    – Scope and objectives
•   Executive summary
•   Internal audit opinion
•   Detail report including auditee responses
•   Appendix
•   Exhibits
    Key Performance Indicators (KPI)
• Illegal software
• Privacy
• Security related incidents
                       Domain Summary
• This domain reviewed the areas a CISSP candidate should know
  regarding :
   –   International legal issues
   –   Incident management
   –   Forensic investigation
   –   Compliance

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:5
posted:11/25/2011
language:English
pages:47