339
© 2011 by Taylor & Francis Group, LLC
Chapter 5
Law Investigation,
Forensics, and Ethics
Craig Steven Wright
Contents
Information Security Laws ................................................................................341
e Gramm-Leach-Bliley Act .......................................................................341
e Health Insurance Portability and Accountability Act ............................. 342
e Sarbanes-Oxley Act ............................................................................... 342
Licensing ................................................................................................. 342
Computer Crime .....................................................................................353
Intellectual Property .................................................................................355
Import/Export Laws ................................................................................ 364
Liability....................................................................................................365
Privacy Law ..............................................................................................369
Monitoring Employees .............................................................................373
Litigation Support ....................................................................................374
Elements of Investigations .................................................................................378
Incident Handling and Response ..................................................................378
Incident Response Procedures ..................................................................381
Incident Response Teams (CSIRT) ...........................................................382
Evidence Preservation ...................................................................................383
Digital Forensics ...........................................................................................384
Processes ..................................................................................................385
Documentation ........................................................................................388
340 ◾ Official (ISC)
2
® Guide to the ISSMP® CBK®
© 2011 by Taylor & Francis Group, LLC
A security manager may be responsible for many investigations, resolving ethical
queries, and ensuring that the organization is responding appropriately to regu-
lations and laws. In this role, a security manager is expected to know about the
current legal environment, the rules of evidence, trustworthy forensic actions, and
how to conduct an investigation in a credible and eective manner, protecting the
organization and individuals from undue harm or danger. Also, a security manager
is often required to assist in the establishment, communications, and enforcement
of ethical standards and guidelines. Key areas of knowledge include the following:
◾ Identifying international laws that pertain to information systems security
◾ Understanding the parameters of investigations
◾ Understanding forensic procedures
◾ Understanding professional ethics
is chapter incorporates the management of the domain covering legal, regu-
latory, compliance, and investigation issues within information technology. ese
address computer crime and civil issues in law as well as the ethical issues surround-
ing the management of information systems. is is focused on the management
of the event and understanding the investigation of an incident. is chapter has
an international focus and addresses the general points of law that are found across
many jurisdictions. is is a conceptual look at the issues and concerns from a man-
agement perspective. As such, it does not address the technical issues of how to
implement controls to address these concerns and processes within an organization.
Interviewing and Fact-Finding ......................................................................390
Searches (and the Fourth Amendment) ....................................................393
Warrants ..................................................................................................394
Anton Piller (Civil Search) .......................................................................394
Professional Ethics .............................................................................................395
Mission, Vision, and Values Statements ........................................................396
e Mission Statement .............................................................................396
e Vision Statements ..............................................................................397
A Statement of Values ..............................................................................397
Interpreting Policy as a Security Professional—Ethics ...................................399
e 10 Commandments of IT Security ....................................................... 400
Hacker Code of Ethics ............................................................................ 400
Human Resource Issues ............................................................................... 400
Compliance with Legal Requirements ...........................................................401
Questions ..........................................................................................................402
FAQs ............................................................................................................402
Review Questions .........................................................................................403
Get Official (ISC)2® Guide to the ISSMP® CBK® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.