Security+ SY0-301 Chapter 3

Cybercrime
involves studying how the computer is involved in the criminal act. Three types of computer crimes commonly occur: computer-assisted crime, computer-targeted crime, and computer-incidental crime.
Common Internet Crime Schemes
a list provided by the Internet Crime Complaint Center, an online clearinghouse that communicates issues associated with cybercrime.
Sources of Laws
three sources have an involvement in computer security: statutory laws, administrative rule making and common law.
Computer Trespass
is the unauthorized entry into a computer system via any means, including remote network connections. These crimes have introduced a new area of law that has both national and international consequences.
Convention on Cybercrime
is the first international treaty on crimes committed via the Internet and other computer networks. His main objective is to set out in the preamble, is to pursue a common criminal policy aimed at the protection of society against cybercrime, especially by adopting appropriate legislation and fostering international cooperation.
Electronic Communications Privacy Act (ECPA)
sections of this law address e-mail, cellular communications, workplace privacy, and a host of other issues related to communicating electronically.
Computer Fraud and Abuse Act (1986)
serves as the current foundation for criminalizing unauthorized access to computer systems.
Patriot Act
passed in response to the September 11 terrorist attack, extends the tap and trace provisions of existing wiretap statutes to the Internet and mandates certain technological modifications at ISPs to facilitate electronic wiretaps on the Internet.
Gramm-Leach-Bliley Act (GLB)
introduced the U.S. consumer to privacy notices, where firms must disclose what they collect, how they protect the information, and with whom they will share it.
Sarbanes-Oxley (SOX)
is a passed sweeping legislation overhauling the financial accounting standards for publicly traded firms in the United States.
Payment Card Industry Data Security Standards
is a private sector initiative to protect payment card information between banks and merchants, is a set of six control objectives, containing a total of 12 requirements.
Import/Export Encryption Restrictions
the control over those is a vital method of maintaining a level of control over encryption technology in general.
U.S. Law
the encryption export control policy continues to rest on three principles: review of encryption products prior to sale, streamlined post-export reporting, and license review of certain exports of strong encryption to foreign government end users.
Non-U.S. Laws
The Wassenaar Arrangement has been established in order to contribute to regional and international security and stability, by promoting transparency and greater responsibility in transfers of conventional arms and dual-use goods and technologies, thus preventing destabilizing accumulations.
Digital Signature Laws
E-Sign law implements a simple principle: a signature, contract, or other record may not be denied legal effect, validity, or enforceability solely because it is in electronic form.
Non-U.S. Signature Laws
is the United Nations Commission on International Trade Law (UNCITRAL) Model Law on E-Commerce. To implement specific technical aspects of this model law, more work on electronic signatures was needed.
Canadian Laws
the Uniform Electronic Commerce Act (UECA), allows the use of electronic signatures in communications with the government.
European Laws
Towards a European Framework for Digital Signatures and Encryption
Digital Rights Management
The ability of anyone with a PC to make a perfect copy of digital media has led to industry fears that individual piracy actions could cause major economic issues in the recording industry.
Digital Millennium Copyright Act (DMCA)
to amend title 17, United States Code, to implement the World Intellectual Property Organization Copyright Treaty and Performances and Phonograms Treaty, and for other purposes.”
Privacy
can be defined as the power to control what others know about you and what they can do with this information.
U.S. Privacy Laws
the Identity Theft and Assumption Deterrence Act makes it a violation of federal law to knowingly use another’s identity.
Health Insurance Portability & Accountability Act (HIPAA)
calls for sweeping changes in the way health and medical data is stored, exchanged, and used including security standards and electronic signature provisions.
California Senate Bill 1386 (SB 1386)
It mandates that Californians be notified whenever personally identifiable information is lost or disclosed.
European Laws
are known as data protection laws. These privacy statutes cover all personal data, whether collected and used by government or private firms.
Safe Harbor
is a mechanism for self-regulation that can be enforced through trade practice law via the FTC.
Ethics
the challenge in today’s business environment is to establish and communicate a code of ethics so that everyone associated with an enterprise can understand the standards of expected performance.
SANS Institute IT Code of Ethics
– I will strive to know myself and be honest about my capability.
– I will conduct my business in a manner that assures the IT profession is considered one of integrity and professionalism.
– I respect privacy and confidentiality.