-
BCP steps
- 1. Project initiation
- 2. BIA
- 3. Recovery Strategy
- 4. Plan design and development
- 5. Implementation
- 6. TEsting
- 7. Continual maitenance
-
Facility Recovery
- Hot site
- Warm site
- Cold site
- Recipricol agreements
- Redundant Sites
-
OECD
Organisation for Economic Co-operation and Dvelopment guidelines - moving of data across borders.
-
-
Common law
- • Civil or code law
- • Customary law
- • Religious law
- • Mixed law
-
-
Intellectual Property Laws
-
-
• Trademark - simple, marking, etc.
-
• Copyright - 75 years (weaker)
-
-
-
Privacy Laws
SOX
Federal Privacy Act 1974 - restricts what a government agency can collect about individual's information - need to know
GLBA 1999
HIPAA
Computer Fraud and Abuse Act
Basel II - Determine the actual exposure to risk of each financial instituion
PCI - Credit Card company initiative
Computer Security Act 1987 - federal government must identify computers with sensitive information and training and security program,
Economic Espionage Act of 1996 - defines trade secrets. An asset does not need to be tangible to be 'stolen'
-
Incident Response Procedures
- Triage
- Reaction - Containment, Analysis, Tracking
- Follow-up - Repair, Recovery, prevention
-
IOCE
International Organization of Computer Evidence - how to deal with digital evidence
-
Types of evidence
§Best Evidence
§Secondary Evidence
§Direct Evidence
§Conclusive Evidence
§Circumstantial Evidence
§Corroborative Evidence
§Opinion Evidence
§Hearsay Evidence
|
|