Ethics
ISC2: Code of Ethics Canons –
– Protect society, the commonwealth and the infrastructure
– Act honorably, honestly, justly, responsibly and legally
– Provide diligent and competent service to principals.
– Advance and protect the profession.
IAB – Internet Activites Board: Unethical and unacceptable behaviour –
– Purposely seeking to gain unauthorized access to Internet resources
– Disrupting the intended use of the Internet.
– Wasting resources through purposeful actions
– Destroying the integrity of computer-based information.
– Compromising the privacy of others.
– Involving negligence in the conduct of Internet-wide experiments
GASSP – Generally Accepted System Security Principles: Seeks to develop and maintain GASSP with guidance from security professionals, IT product developers, information owners and other organizations having extensive experience in defining and stating the principles of information security.
MOM – Motivations, Opportunities and Means: Motivations – Who and why of a crime
Opportunities – Where and when of a crime
Means – The capabilities a criminal would need to be successful.
Operations security
Salami: Involving subtracting a small amount of funds from an account with the hope that such an insignificant amount would be unnoticed
Data Diddling: Refers to the alteration of existing data and many times this modi-fication happens before it is entered into an application or as soon as it completes processing and is outputted from an application
Excessive Privileges: Occurs when a user has more computer rights, permissions and privileges than what is
required for the tasks she needs to fulfill.
Password Sniffing: Sniffing network traffic in the hopes of capturing passwords being sent between computers.
IP Spoofing: Manually change the IP address within a packet to point to another address.
Denial of Service – DoS: Denying others the service that the victim system usually provides.
Dumpster Diving: Refers to someone rummaging through another person’s garbage for discarded document, information and other precious items that could then be used against that person or company.
Emanations Capturing: Eavesdropping of the electrical waves emitted by every electrical device.
Wiretapping: Eavesdropping of communication signals.
Social Engineering: The art of tricking people and using the information they know unknowingly supply in a malicious way.
Masquerading: A method that an attacker can use to fool others of her real identity
Liability and Its Ramifications
Due Care: Steps that are taken to show that a company has taken responsibility for the activities that take place within the corporation and have taken the necessary steps to help protect the company, its resources and employees.
Due Diligence: Continual activities that make sure the protection mechanisms are continually maintained and
operational.
Prudent man rule: To perform duties that prudent people would exercise in similar circumstances.
Downstream liabilities: When companies come together to work in an integrated manner, special care must be taken to ensure that each party promises to provide the necessary level of protection, liability and responsibility needed which should be clearly defined in the contracts that each party signs.
Legally recognized obligation: There is a stand of conduct expected of the company to protect others from unreasonable risks. The company must fail to conform to this standard, which results in injury or damage to
another.
Proximate causation: Someone can prove that the damage that was caused was the company’s fault.
Types of Laws
Civil law: Also called Tort. Deals with wrongs against individuals or companies that result in damages or loss. A civil lawsuit would result in financial restitution instead of jail sentences.
Criminal law: Is used when an individual’s conduct violates the government’s laws, which have been developed to protect the public. Jail sentences are commonly the punishment.
Administrative law: Deals with regulatory standards that regulate performance and conduct. Government agencies create these standards, which are usually applied to companies and individuals, within those companies.
Intellectual Property Laws
Trade secret: The resource that is claimed to be a trade secret must be confidential and protected with certain security precautions and actions.
Copyright: Protects the expression of the idea of the resource.
Trademark: Is used to protect a word, name, symbol, sound, shape, colour, device or combination of these.
Patent: Are given to individuals or companies to grant the owner legal ownership and enable the owner to exclude others from using and copying the innovation covered by the patent. A patent grants a limited property right for 17 years.
Computer Crime Investigations
Incident response team:
Basic items –
– List of outside agencies and resources to contact or report to.
– List of computer of forensics experts to contact.
– Steps on how to secure and preserve evidence.
– Steps on how to search for evidence
– List of items that should be included on the report.
– A list that indicates how the different systems should be treated in this type of situation.
Computer Forensics:
Forensics investigation –
1st step: Make a sound image of the attacked system and perform forensic analysis on this copy. This will ensure that the evidence stays unharmed on the original system in case some steps in the investigation actually corrupt or destroy data. Also the memory of the system should be dumped to a file before doing any work on the system or powering it down.
2nd step / Chain of custody: Must follow a very strict and organized procedure when collecting and tagging evidence. Dictates that all evidence be labeled with information indication who secured and validated it. The chain of custody is a history that shows how evidence was collected, analyzed, transported and preserved in order to be presented as evidence in court. Because electronic evidence can be easily modified, a clearly defined chain of custody demonstrates that the evidence is trustworthy.
The life cycle of evidence:
Includes following
– Collection and identification
– Storage, preservation and transportation.
– Presentation in court
– Being returned to victim or owner.
Evidence:
Best evidence – Is the primary evidence used in a trial because it provides the most reliability. Is used for documentary evidence such as contracts.
Secondary evidence – Is not viewed as reliable and strong in proving innocence or guilt when compared to best evidence.
Direct evidence – Can prove fact all by itself instead of needing backup information to refer to.
Conclusive evidence – Is irrefutable and cannot be contradicted.
Circumstantial evidence – Can prove an intermediate fact that can then be used to deduce or assume the existence of another fact.
Corroborative evidence – Is supporting evidence used to help prove an idea or point. It cannot stand on its own, but is used as a supplementary tool to help prove a primary piece of evidence.
Opinion evidence – When a witness testifies, the opinion rule dictates that she must testify to only the facts of the issue and not her opinion of the facts.
Hearsay evidence – Pertains to oral or written evidence that is presented in court that is secondhand and that has no firsthand proof of accuracy or reliability.
Characteristics of evidence
Must be:
Sufficient – It must be persuasive enough to convince a reasonable person of the validity of the findings. Means also that it cannot be easily doubted.
Reliable / Competent – It must be consistent with fact, must be factual and not circumstantial.
Relevant – It must have a reasonable and sensible relationship to the findings.
Legally permissible – It was obtained in a legal way.
Enticement <-> Entrapment:
Enticement – Is legal and ethical.
Entrapment – Is neither legal nor ethical.
Phone Phreakers
Blue boxing – A device that simulates a tone that tricks the telephone company’s system into thinking the user is authorized for long distance service, which enables him to make the call.
Red boxes – Simulates the sound of coins being dropped into a payphone.
Black boxes – Manipulates the line voltage to receive a toll-free call.