PC LAW, Examination AND Morals.

Uploaded on:
Source Code Software - Trade Secrets. Documentation - Copyrights ... Build up a PC morals approach to supplement the PC security strategy ...
Slide 1


Slide 2

Topics to Be Covered Computer Laws Computer Crime Computer Crime Investigations Computer Ethics

Slide 3


Slide 4

Proprietary Rights & Obligations Legal Forms of Protection Trade Secrets: Information that Provides a Competitive Advantage. Ensure Ideas. Copyrights: Right of an Author to Prevent Use or Copying Works of the Author. Secure Expression of Ideas. Licenses: Protect Results of Science, Technology & Engineering Business Needs Protect Developed Software Contractual Agreements Define Trade Secrets for Employees

Slide 5

Proprietary Rights & Obligations (proceeded with) Security Techniques to Protect Trade Secrets Numbering Copies Logging Document Issuance Checking Files & Workstations Secure Storage Controlled Distribution Limitations on Copying Contractual Commitments to Protect Proprietary Rights Licensing Agreements with Vendors Liability for Compliance

Slide 6

Proprietary Rights & Obligations (proceeded with) Enforcement Efforts Software Protection Association (SPA) Federation Against Software Theft (FAST) Business Software Alliance (BSA) Personal Computers Establish User Accountability Policy Development and Circulation Purging of Proprietary Software

Slide 7

Protection for Computer Objects Hardware - Patents Firmware Patents for Physical Devices Trade Secret Protection for Code Object Code Software - Copyrights Source Code Software - Trade Secrets Documentation - Copyrights

Slide 8

Management Problems Corporate Recordkeeping Accuracy of Computer Records: Potential Use in Court IRS Rules: Inadequate Controls May Impact Audit Findings Labor and Management Relations Collective Bargaining: Disciplinary Actions, Workplace Rules Work Stoppage Limitations on Background Investigations Limitations on Drug and Polygraph Testing Disgruntled Employees Non-Disclosure Requirements Immigration Laws Establishment and Enforcement of Security Rules

Slide 9

Management Problems (proceeded with) Data Communications: Disclosure through - Eavesdropping and Interception Loss of Confidential Information Outsourcing Contract Review of Contractor\'s Capabilities Impact of Downsizing Contractor Use of Proprietary Software

Slide 10

Management Problems (proceeded with) Personal Injury Employee Safety Carpal Tunnel Syndrome Radiation Injury Insurance Against Legal Liability Requirements for Security Precautions Right to Inspect Premises Cooperation with Insurance Company

Slide 11

Legal Liability Due Care: Minimum and Customary Practice of Responsible Protection of Assets Due Diligence: The Prudent Management and Execution of Due Care Programming Errors: Reasonable Precautions for - Loss of a Program Unauthorized Revisions Availability of Backup Versions Product Liability for Database Inaccuracies: Due to Security Breaches European Union: No Limits on Personal Liability for Personal Injury

Slide 12

Legal Liability (proceeded with) Defamation Libel Due to Inaccuracy of Data Unauthorized Release of Confidential Information Alteration of Visual Images Foreign Corrupt Practices Act Mandate for Security Controls or Cost/Benefit Analysis Potential SEC Litigation

Slide 13

Legal Liability (proceeded with) Failure to Observe Standards FIPS Pubs and CSL Bulletins Failure to conform to enactment Personal Liability Action or Inaction was Proximate Cause Financial Responsibility to Plaintiff Joint and Several Liability

Slide 14

Legal Liability (proceeded with) Federal Sentencing Guidelines Chapter 8 Added 1991 Applicable to Organizations Violations of Federal Law Specifies Levels of Fines Mitigation of Fines Through Implementation of Precautions

Slide 15

Privacy & Other Personal Rights The Federal Privacy Act Government Files Open to Public Unless Specified Act Applies to Executive Branch Only "Record" = Information around an Individual Must be Need to Maintain Records Disclosure Prohibited without Consent Requirements on Government Agencies Record Disclosures Public Notice of Existence of Records Ensure Security & Confidentiality of Records

Slide 16

Privacy and Other Personal Rights (proceeded with) State Acts and Regulations Fair Information Practices Acts: Define Information that Can be Collected Uniform Information Practices Code - National Conference of Commissioners on Uniform State Laws: Recommended Model Statutes Regulating Information Maintained by Private Organizations: e.g..., Health Care, Insurance

Slide 17

Privacy and Other Personal Rights (proceeded) Other Employee Rights Electronic Mail: Expectations of Privacy Drug Testing: Limited to Sensitive Positions Only Freedom From Hostile Work Environment International Privacy European Statutes Cover Both Government and Private Corporate Records Application Primarily to Computerized Data Banks Strict Rules on Disclosure Prohibitions of Transfer of Information Across National Boundaries

Slide 18

Privacy and Other Personal Rights (proceeded with) Management Responsibilities Regular Review with Legal Department Consider all Jurisdictions Prepare Policies for Compliance Enforce Policies Document Enforcement

Slide 19

Computer-Related Laws Criminal Law Victim is Society Purpose of Prosecution is Punishment Deterrent Effect of Punishment Burden of Proof is Reasonable Doubt Felonies - Jail > One Year Misdemeanors - Jail < One Year Federal and State Levels

Slide 20

Computer Crime Laws Federal Computer Fraud and Abuse Act (Title 18, U.S. Code, 1030) *Accessing Federal Interest Computer (FIC) to get national guard data Accessing a FIC to get budgetary data Accessing a FIC to preclude the utilization from claiming the PC *Accessing a FIC to influence a misrepresentation *Damaging or preventing use from claiming a FIC through transmission of code, system, data or summon Furthering an extortion by trafficking in passwords Economic Espionage Act of 1996: Obtaining competitive innovations to profit an outside element Electronic Funds Transfer Act: Covers use, transport, offer, get or outfit fake, adjusted, lost, stolen, or falsely got charge instruments in interstate or remote business.

Slide 21

Federal Computer Crime Laws (proceeded with) Child Pornography Prevention Act of 1996 (CPPA): Prohibits utilization of PC innovation to create tyke obscenity. PC Security Act of 1987: Requires Federal Executive organizations to Establish Computer Security Programs. Electronic Communications Privacy Act (ECPA): Prohibits unapproved capture or recovery of electronic interchanges Fair Credit Reporting Act: Governs sorts of information that organizations might be gathered on private natives & how it might be utilized. Remote Corrupt Practices Act: Covers uncalled for outside operations, however applies to all organizations enrolled with the SEC, and obliges organizations to foundation security programs. Flexibility of Information Act: Permits free to data gathered by the Federal Executive Branch.

Slide 22

Computer Laws (proceeded) Civil Law (Tort Law) Damage/Loss to an Individual or Business Type of Punishment Different: No Incarceration Primary Purpose is Financial Restitution Compensatory Damages: Actual Damages, Attorney Fees, Lost Profits, Investigation Costs Punitive Damages: Set by Jury to Punish Offender Statutory Damages: Established by Law Easier to Obtain Conviction: Preponderance of Evidence Impoundment Orders/Writs of Possession: Equivalent to Search Warrant

Slide 23

Computer Laws (proceeded with) International Laws Lack of Universal Cooperation Differences in Interpretations of Laws Outdated Laws Against Fraud Problems with Evidence Admissibility Extradition Low Priority

Slide 24

Computer Crime Computer Crime as a Separate Category Rules of Property: Lack of Tangible Assets Rules of Evidence: Lack of Original Documents Threats to Integrity and Confidentiality: Goes past typical meaning of a misfortune Value of Data: Difficult to Measure. Instances of Restitution just for Media Terminology: Statues have not kept pace. Is Computer Hardware "Apparatus"? Does Software quality as "Supplies".

Slide 25

Computer Crime (proceeded with) Computer Crime is Hard to Define Lack of Understanding Laws are Inadequate: Slow to Keep Pace with Rapidly Changing Technology Multiple Roles for Computers Object of a Crime: Target of an Attack Subject of a Crime: Used to assault (imitating a system hub) Medium of a Crime: Used as a Means to Commit a Crime (Trojan Horse)

Slide 26

Computer Crime (proceeded with) Difficulties in Prosecution Understanding: Judges, Lawyers, Police, Jurors Evidence: Lack of Tangible Evidence Forms of Assets: e.g., Magnetic Particles, Computer Time

Slide 27

Legal Aspects of Cryptography Prohibitions on Use Approach (e.g., France) Prohibitions on Export (e.g., USA, GB, CAN, GER) US Controls Export of Cryptography Implemented in Software Practically Impossible to Enforce

Slide 28

Nature and Extent of Computer-Related Crime Typology Input Tampering: Entry of Fraudulent or False Data Throughput Tampering: Altering Computer Instructions Output Tampering: Theft of Information Most Common Crimes Input and Output Type Fraudulent Disbursements Fabrication of Data

Slide 29

The Computer Criminal Typical Profile Male, White, Young No Prior Record Works in Data Processing or Accounting Myths Special Talents are Necessary Fraud has Increased Because of Computers

Slide 30

The Computer Criminal (proceeded with) Personal Motivations Economic Egocentric Ideological Psychotic

Slide 31

The Computer Criminal (proceeded) Environmental Motivations Work Environment Reward System Level of Interpersonal Trust Ethical Environment Stress Level Internal Controls Environment

Slide 32

The Control Environment Factors that Encourage Crime Motivation Personal Inducements Factors that Discourage Crime Prevention Measures Internal Controls Systems A

View more...