Official (ISC)2® Guide to the ISSMP® CBK®

339

Chapter 5

Law Investigation,

Forensics, and Ethics

Craig Steven Wright

Contents

Information Security Laws ................................................................................341

e Gramm-Leach-Bliley Act .......................................................................341

e Health Insurance Portability and Accountability Act ............................. 342

e Sarbanes-Oxley Act ............................................................................... 342

Licensing ................................................................................................. 342

Computer Crime .....................................................................................353

Intellectual Property .................................................................................355

Import/Export Laws ................................................................................ 364

Liability....................................................................................................365

Privacy Law ..............................................................................................369

Monitoring Employees .............................................................................373

Litigation Support ....................................................................................374

Elements of Investigations .................................................................................378

Incident Handling and Response ..................................................................378

Incident Response Procedures ..................................................................381

Incident Response Teams (CSIRT) ...........................................................382

Evidence Preservation ...................................................................................383

Digital Forensics ...........................................................................................384

Processes ..................................................................................................385

Documentation ........................................................................................388

340 ◾ Ofﬁcial (ISC)

® Guide to the ISSMP® CBK®

A security manager may be responsible for many investigations, resolving ethical

queries, and ensuring that the organization is responding appropriately to regu-

lations and laws. In this role, a security manager is expected to know about the

current legal environment, the rules of evidence, trustworthy forensic actions, and

how to conduct an investigation in a credible and eective manner, protecting the

organization and individuals from undue harm or danger. Also, a security manager

is often required to assist in the establishment, communications, and enforcement

of ethical standards and guidelines. Key areas of knowledge include the following:

◾ Identifying international laws that pertain to information systems security

◾ Understanding the parameters of investigations

◾ Understanding forensic procedures

◾ Understanding professional ethics

is chapter incorporates the management of the domain covering legal, regu-

latory, compliance, and investigation issues within information technology. ese

address computer crime and civil issues in law as well as the ethical issues surround-

ing the management of information systems. is is focused on the management

of the event and understanding the investigation of an incident. is chapter has

an international focus and addresses the general points of law that are found across

many jurisdictions. is is a conceptual look at the issues and concerns from a man-

agement perspective. As such, it does not address the technical issues of how to

implement controls to address these concerns and processes within an organization.

Interviewing and Fact-Finding ......................................................................390

Searches (and the Fourth Amendment) ....................................................393

Warrants ..................................................................................................394

Anton Piller (Civil Search) .......................................................................394

Professional Ethics .............................................................................................395

Mission, Vision, and Values Statements ........................................................396

e Mission Statement .............................................................................396

e Vision Statements ..............................................................................397

A Statement of Values ..............................................................................397

Interpreting Policy as a Security Professional—Ethics ...................................399

e 10 Commandments of IT Security ....................................................... 400

Hacker Code of Ethics ............................................................................ 400

Human Resource Issues ............................................................................... 400

Compliance with Legal Requirements ...........................................................401

Questions ..........................................................................................................402

FAQs ............................................................................................................402

Review Questions .........................................................................................403

Get Official (ISC)2® Guide to the ISSMP® CBK® now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Official (ISC)2® Guide to the ISSMP® CBK® by Joseph Steinberg, Harold F. Tipton

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly