| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Government
|
|
Gramm Leach Bliley
|
|
HIPAA
|
|
Sarbanes Oxley
|
|
SB1386
|
|
The Art of Enforcement In the computer age, actions that take seconds to complete may take years to be defined, and even longer to become regulated by law. The use of Computer Code to automate transactions and transmissions has catapulted the application of Law into the 21st Century, often with almost comical results. A delicate balance of powers between the Public Agencies charged with enforcing the law, and the private corporations attempting to defend themselves with it, must be achieved for the common good of both. Those charged with defending either public or private entities against these types of cutting edge attacks are sometimes forced to call upon their own discretion and ingenuity in responding to these incidents. Combining the roles of the Corporate Security Investigator, the Corporate Incident Response Team, and the powers of the Public Agency Prosecutor can be incredibly beneficial to all, but can lead to pitfalls as well.
04/15/2004
|
|
Dangerous Technology: Management Beware The purpose of this paper is to inform management and upper level administration of the legal liabilities and loss of productivity due to the inappropriate use of the Internet, email, interconnected computer systems and pirated software. While it’s not the intent to cover all liabilities and associated laws, this paper will focus on the following and where applicable, provide resources to better educate the reader as to the tools and resources available to protect the employer should legal litigation arise and the employer’s investment in their employees.
04/15/2004
|
|
The Legal System and Ethics in Information Security You took the advice of the security experts, and hired a full time security administrator/analyst. With his help your company formulated and spelled out a security policy. You analyzed the risks and vulnerabilities prevalent in your environment, and identified your industry’s practices for due care. With this in mind, you set up a security infrastructure. You also laid out a plan for conducting periodic reviews and tests to analyze and enhance your security policy and infrastructure. Finally, you set up an intrusion detection system. Just as you start to wonder whether it was all worth it, lo and behold, your security administrator informs you, that after analyzing several suspicious logs and hack attempts, he was able to pin-point an intruder who had been trying to get to the core of the company’s data. Had it not been for the security systems in place, the organization could have lost millions.
04/15/2004
|
|
Implementing a Local Security Program to Protect National Infrastructure System Companies and Facili The purpose of my paper is to first review the macro-level issues involved in the need for a national level infrastructure protection program. In fact many of these major issues have already been very well examined in other SANS papers.3,4,5,6 However, I want to transition from these macro-level issues and then focus on those pertinent threats and developments that drive the need for specific security programs at the local infrastructure company level. These key infrastructure elements include the gas, oil, water, electricity, and transportation companies which are the life blood of our country and commerce.
04/14/2004
|
|
Crossing the Line: Ethics for the Security Professional We often hear of the “hacker”A who breaks into a system and steals credit card numbers, releases a destructive worm or maybe defaces a website. What do you think about his actions? Are they ethical? Unethical? I think most of us would agree that this constitutes unethical behavior. What about usB though? How are our actions viewed when we, in defense of our clients networks or our own networks, engage in activities similar to the above mentioned hacker. I will briefly talk about several systems of ethics and then we will apply them to situations that we as IT security personnel face. Hopefully this will give you a framework for making ethical decisions within the framework of this job. We will find through this analysis that we have to hold ourselves to an even higher standard than that to which we hold the average computer users or even hackers.
04/14/2004
|
|
Convention on Cybercrime: Overview Convention on Cybercrime: an overview. By Edgar Danielyan. Published in the login magazine (USENIX Association).
04/12/2004
|
|
Encryption Regulation: A First Amendment Perspective The methods by which we communicate with each other are changing rapidly. Advances in technology have allowed us to move away from traditional paper-based media to the digital communications of the Internet, which has in turn created new challenges to the security and privacy of the data flowing over it. Envelopes and locked filing cabinets are being replaced by cryptographic security techniques such as encryption in an attempt to keep private information private. Through the use of cryptography, communications and information transmitted and stored by computers can be protected from unauthorized access. Previously, businesses carried out electronic transactions over closed networks, pre-existing contractual relationships were often in existence, and there was little doubt as to the authenticity of the sender or receiver of information.
04/05/2004
|
|
A Survey of Recent Threats to Privacy Rights Ways in which governments have attempted to use specific technologies to deprive people of their right to privacy. Technology, though, can of course also be used to protect, enhance and extend our individual liberties. It is our responsibility as citizens to act and vote in ways that ensure this comes to pass. In Canada, the Constitution Act of 1982 incorporated the Charter of Rights and Freedoms, which expresses the fundamental right of all people to "freedom of thought, belief, opinion and expression, including freedom of the press and other media of communication"4. Extending these points, the Privacy Act (revised in 1985)5 and the Personal Information Protection and Electronic Documents Act of 2000 6 clarify public and private sector responsibilities regarding privacy, which the Canadian Supreme Court has called the "most important value… grounded on physical and moral autonomy…at the heart of liberty in a democratic state".
04/03/2004
|
|
South Africa – Computer Misuse Act, Proposed. In 1997 a Commission was started to investigate computer-related crime in South Africa (SA). The Commission released a very exciting proposal, called Discussion Paper 99, which if adopted will change the way the SA law system deals with computer misuse. This paper looks at this proposed act as well as its application in today’s computer environment. …imprisonment for a period not exceeding 5 years. …imprisonment for a period not exceeding 10 years. These are the promising proposed penalties of Discussion Paper 99 for different computer offences of a country that seems to be taking a stand on computer crimes in their different forms. With this type of proposed legislation and penalties one feels a lot more confident about technology performing critical functions in the different spheres of human life such as commerce, banking, health and government services.
04/03/2004
|
|
Malaysian Law and Computer Crime This paper attempts to describe the Malaysian Computer Crimes Act 1997 (CCA 1997) and provide important guidelines for a successful computer crime investigation. The enactment of the CCA 1997 is a step in the right direction for a developing country such as Malaysia as she attempts to push herself towards a Knowledge-based economy. However, having laws alone will not be sufficient to carry out trials against cyber criminals. We will be looking into other important elements in a computer crime case, which includes good criminal investigation and the need to maintain close cooperation between different organizations and countries. In addition, this paper will also briefly look at notable computer crime cases, especially those in the United States. By understanding the nature of these cases, we would be able to greatly appreciate some of the more “common” threats that are often neglected or taken for granted.
04/03/2004
|
|
Page: 1 2 345 |
