Storing RDF Data in Hadoop And Retrieval by chenmeixiu

VIEWS: 5 PAGES: 47

									Legal, Regulations, Compliance
             and
        Investigations

     Dr. Bhavani Thuraisingham
The University of Texas at Dallas (UTD)

              June 2011
                  Domain Objectives
•   International Legal Issues
•   Incident Management
•   Forensic Investigation
•   Compliance
                       Jurisdiction
• Law, economics, beliefs and politics
• Sovereignty of nations
          International Cooperation
• Initiatives related to international cooperation in dealing with
  computer crime
• The Council of Europe (CoE) Cybercrime Convention
 Computer Crime vs. Traditional Crime
  Traditional Crime      Computer Crime
• Violent             • Real Property
• Property            • Virtual Property
• Public Order
       Intellectual Property Protection
• Organizations must protect intellectual property (IP)
   –   Theft
   –   Loss
   –   Corporate espionage
   –   Improper duplication
• Intellectual property must have value
   – Organization must demonstrate actions to protect IP
      Intellectual Property: Patent
• Definition
• Advantages
    Intellectual Property: Trademark
• Purpose of a trademark
• Characteristics of a trademark
   –   Word
   –   Name
   –   Symbol
   –   Color
   –   Sound
   –   Product shape
    Intellectual Property: Copyright
• Covers the expression of ideas
   – Writings
   – Recordings
   – Computer programs
• Weaker than patent protection
 Intellectual Property: Trade Secrets
• Must be confidential
• Protection of trade secret
              Import and Export Law
• Strong encryption
• No terrorist states
                             Liability
• Legal responsibility
• Penalties
• Negligence and liability
                        Negligence
• Acting without care
• Due care
              Transborder Data Flow
• Political boundaries
   – Privacy
   – Investigations
   – Jurisdiction
Personally Identifiable Information (PII)
• Identify or locate
• Not anonymous
• Global effort
       Privacy Laws and Regulations
• Rights and obligations of:
   – Individuals
   – Organizations
              International Privacy
• Organization for Economic Co-operation and Development
  (OECD)
• 8 core principles
             Privacy Law Examples
• Health Insurance Portability and Accountability Act (HIPAA)
• Personal Information Protection and Electronics Document Act
  (PIPEDA)
• European Union Data Protection Directive
                     Employee Privacy
• Employee monitoring
   –   Authorized usage policies
   –   Internet usage
   –   Email
   –   Telephone
• Training
                  Domain Objectives
•   International Legal Issues
•   Incident Management
•   Forensic Investigation
•   Compliance
             Incident Management

• Prepare, sustain, improve
• Protect infrastructure
• Prepare, detect respond
        Collection of Digital Evidence
•   Volatile and fragile
•   Short life span
•   Collect quickly
•   By order of volatility
•   Document, document, document!
       Chain of Custody for Evidence
•   Who
•   What
•   When
•   Where
•   How
                Investigation Process
•   Identify suspects
•   Identify witnesses
•   Identify system
•   Identify team
•   Search warrants
          Investigation Techniques
• Ownership and possession analysis
• Means, opportunity and motives (MOM)
    Behavior of Computer Criminals
• Computer criminals have specific MO’s
   – Hacking software / tools
   – Types of systems or networks attacked, etc.
   – Signature behaviors
• MO and signature behaviors
• Profiling
   Interviewing vs. Interrogation
• General gathering    • Specific aim
• Cooperation          • Hostile
• Seek truth           • Dangerous
                  Evidence: Hearsay
• Hearsay
   – Second hand evidence
   – Normally not admissible
• Business records exception
   – Computer generated information
   – Process of creation description
       Reporting and Documentation
•   Law
•   Court proceedings
•   Policy
•   Regulations
   Communication About the Incident
• Public disclosure
• Authorized personnel only
                  Domain Objectives
•   International Legal Issues
•   Incident Management
•   Forensic Investigation
•   Compliance
     Computer Forensics: Evidence

• Potential evidence
• Evidence and legal system
                 Computer Forensics
• Key components
   – Crime scenes
   – Digital evidence
   – Guidelines
       Computer Forensics: Evidence
• Identification of evidence
• Collection of evidence
   –   Use appropriate collection techniques
   –   Reduce contamination
   –   Protect scene
   –   Maintain the chain of custody and authentication
      Computer Forensics: Evidence
• Scientific methods for analysis
   – Characteristics of the evidence
   – Comparison of evidence
• Presentation of findings
   – Interpretation and analysis
   – Format appropriate for the intended audience
        Forensic Evidence Procedure
•   Receive media
•   Disk write blocker
•   Bit for bit image
•   Cryptographic checksum
•   Store the source drive
Forensic Evidence Analysis Procedure
•   Recent activity
•   Keyword search
•   Slack space
•   Documented
                     Media Analysis
•   Recognizing operating system artifacts
•   File system
•   Timeline analysis
•   Searching data
                  Software Analysis
• What it does
• What files it creates
                 Network Analysis
• Data on the wire
• Ports
• Traffic hiding
                  Domain Objectives
•   International Legal Issues
•   Incident Management
•   Forensic Investigation
•   Compliance
                          Compliance
• Knowing legislation
• Following legislation
  Regulatory Environment Examples
• Sarbanes-Oxley (SOX))
• Gramm-Leach-Bliley Act (GLBA)
• Basel II
                 Compliance Audit
• Audit = a formal written examination of controls
• Auditor role = 3rd party evaluator
• Continuous auditing = automation
                 Audit Report Format
• Introduction
    – Background
    – Audit perspective
    – Scope and objectives
•   Executive summary
•   Internal audit opinion
•   Detail report including auditee responses
•   Appendix
•   Exhibits
    Key Performance Indicators (KPI)
• Illegal software
• Privacy
• Security related incidents
                       Domain Summary
• This domain reviewed the areas a CISSP candidate should know
  regarding :
   –   International legal issues
   –   Incident management
   –   Forensic investigation
   –   Compliance

								
To top