CISSP - Legal and Regulation - PRACTICE

simulating a frequency tone, which allowed attackers to gain free long distance phone service.

• Collection and identification
• Storage, preservation, and transportation
• Presentation in court
• Return to victim or Owner

• Software protection Association and Business Software Association
• were formed to protect software vendors and their licenses against piracy

- same as Hippa?

- code of ethics

hearsay evidence

• 1. use federal computer in fraudulent activity
• 2. damaging federal computer
• 3. trafficking of passwords that affect commerce, or allows unauthorized access to government systems

- it can be proven that the company was actually at fault and responsible for negative activity

- personell attack

- operations attack

- physical security attack

• is an independant committe comprised of a wide variety of
• professionals.

• The board is divided into 2 groups
• (IETF) Internet Engineering tAsk force and
• IRTF (Internet Reasearch Task force)

Supports the belief that the Internet is a privilege and should be treated with respect

- criminal, civil, and administrative (regulatory) law.

• Enticement - legal - creating honeypot to attract attackers
• Entrapment - illegal - tricking a would-be attacker into committing a crime

- can obtain evidence without warrent - trying to destroy evidence

- Electronic Communications Privacy Act - 1986

• addressing white collar crimes related to technology,
• responsibilities of senior executives,
• maximum fines of 290 million per instance,
• fines can be avoided if company can prove due diligence and due care ... company-wide security policies

- embezzlement, fraud and wire tapping

- passive attack - not doing anything, but still illegal

- attacks on information infrastructure

- evidence created during the course of trial