第六版-法律、规章、合规和调查.pdf

Legal,Regulations,Investigation and Compliance法律、法规、调查与符合性法律、法规、调查与符合性Ethics 道德规范道德规范Operations security 操作安全操作安全Liability and Its Ramifications义务和后果义务和后果Types of Laws 法律类别法律类别Intellectual Property Laws 知识产权法知识产权法Computer Crime InvestigationsEthicsl(ISC)2:Code of Ethics Canons 道德规范准则：n Protect society,the commonwealth and the infrastructure保护社会、公共财产和基础设施nAct honorably,honestly,justly,responsibly and legally正直，诚实，公正，负责和守法nProvide diligent and competent service to principals.为委托人提供勤勉的和能胜任的服务nAdvance and protect the profession.推进和保护行业IAB-Internet Activites Board 因特网体系结构委员会因特网体系结构委员会:Unethical and unacceptable behaviour 不道德和不可接受的行为：不道德和不可接受的行为：nPurposely seeking to gain unauthorized access to Internet resources故意寻求访问未授权的因特网资源n Disrupting the intended use of the Internet.破坏因特网的使用n Wasting resources through purposeful actions通过有目的的行为浪费资源n Destroying the integrity of computer-based information.破坏计算机信息的完整性n Compromising the privacy of others.危害他人的隐私安全n Involving negligence in the conduct of Internet-wide experiments在进行因特网实验时出现过失 GASSP-Generally Accepted System Security Principles通用公认的系统安全原则通用公认的系统安全原则:Seeks to develop and maintain GASSP with guidance from security professionals,IT product developers,information owners and other organizations having extensive experience in defining and stating the principles of information security.GASSP委员会寻求在安全从业者、IT产品开发者、信息所有者和其他拥有定义和描述安全原则广泛经验的组织的指导下来开发和维持GASSP。MOM-Motivations,Opportunities and Means:动机、机会和方式动机、机会和方式n Motivations-Who and why of a crime“谁”和“为什么”n Opportunities-Where and when of a crime“何地”和“何时”n Means-The capabilities a criminal would need to be successful.关系到罪犯获得成功所需要的能力Operations security l Salami 意大利香肠攻击意大利香肠攻击Involving subtracting a small amount of funds from an account with the hope that such an insignificant amount would be unnoticed每次从账户中拿走一点点儿，希望没人注意到如此微不足道的数量l Data Diddling 数据欺骗数据欺骗Refers to the alteration of existing data and many times this modification happens before it is entered into an application or as soon as it completes processing and is outputted from an application对现有数据进行更改，很多时候这种更改发生在进入应用以前，或在处理刚刚结束即将输出结果之时。l Excessive Privileges 过度特权过度特权Occurs when a user has more computer rights,permissions and privileges than what is required for the tasks she needs to fulfill.发生在一个用户拥有比完成任务所需的更多的权利、许可和特权时。l Password Sniffing 口令嗅探口令嗅探Sniffing network traffic in the hopes of capturing passwords being sent between computers.l IP Spoofing IP欺骗欺骗Manually change the IP address within a packet to point to another address.l Denial of Service-DoSDenying others the service that the victim system usually provides.l Dumpster Diving 垃圾箱潜水垃圾箱潜水Refers to someone rummaging through another persons garbage for discarded document,information and other precious items that could then be used against that person or company.合法，但不道德l Emanations Capturing 放射捕捉放射捕捉Eavesdropping of the electrical waves emitted by every electrical device.l Wiretapping 搭线窃听搭线窃听Eavesdropping of communication signals.l Social Engineering 社会工程学社会工程学The act of tricking another person into providing confidential information by posing as an individual who is authorized to receive that information.愚弄人们的一种艺术，通过冒充一名已被授权的人来获得机密信息l Masquerading 伪装伪装A method that an attacker can use to fool others of her real identity攻击者在自己的真实身份方面愚弄别人的一种方法Liability and Its RamificationsDue Care:Steps that are taken to show that a company has taken responsibility for the activities that take place within the corporation and have taken the necessary steps to help protect the company,its resources and employees.Due Diligence:Continual activities that make sure the protection mechanisms are continually maintained and operational.Liability and Its Ramifications例子:火灾例子:火灾（纵火犯）（纵火犯）公司义务公司义务：火灾探测和抑制系统、防火建筑材料、警报器、安全出口、灭火器、重要信息的备份利益相关人利益相关人：员工、股东、客户、所有影响的人后果后果：起诉-玩忽职守罪、罚金(个人最高2.9亿美元）l Prudent man rule 谨慎个人规则谨慎个人规则To perform duties that prudent people would exercise in similar circumstances.要求执行谨慎的人在类似条件下可能采取的行动l Downstream liabilities 下游义务下游义务When companies come together to work in an integrated manner,special care must be taken to ensure that each party promises toprovide the necessary level of protection,liability and responsibility needed which should be clearly defined in the contracts that each party signs.当几个公司结合起来共同工作时，必须采取适当措施来保证每一方都同意承担所需的适当水平的保护、义务和责任。这些应该在各方签定的合同中清晰定义。几个公司都应该保证他们的活动不会对合作伙伴产生负面的影响，一般称作下游责任。Types of Laws Civil law 民法民法Also called Tort也称为民事侵权行为.Deals with wrongs against individuals or companies that result in damages or loss处理个人或公司导致破坏和损失的不法行为A civil lawsuit would result in financial restitution instead of jail sentences.处罚结果将是经济赔偿，而不是坐牢知识产权知识产权编编著作权法（著作权法（1991）商标法（）商标法（1993修正）专利法（修正）专利法（2008年修订）年修订）Criminal law 刑法刑法Is used when an individuals conduct violates the governments laws,which have been developed to protect the public.在一个违反政府法律时被用于保护民众Jail sentences are commonly the punishment.判决通常是坐牢刑法 第六章 妨碍社会管理秩序罪 第一节扰乱公共秩序罪 第285、286、287条285条：非法侵入计算机信息系统罪；非法获取计算机信息系统数据、非法控制条：非法侵入计算机信息系统罪；非法获取计算机信息系统数据、非法控制计算机信息系统罪；提供侵入、非法控制计算机信息系统程序、工具罪。计算机信息系统罪；提供侵入、非法控制计算机信息系统程序、工具罪。286条：破坏计算机信息系统罪。条：破坏计算机信息系统罪。287条：利用计算机实施犯罪的提示性规定。条：利用计算机实施犯罪的提示性规定。利用计算机实施金融诈骗、盗窃、贪污、挪用公款、窃取国家秘密或者其他犯罪的，依照本法有关规定定罪处罚 Administrative law 行政法行政法covers standards of performance or conduct expected by government agencies from companies,industries,and certainofficials.是政府机构对公司、行业和某些官员的行为的期望标准。Intellectual Property LawslTrade secret 商业秘密商业秘密The resource that is claimed to be a trade secret must be confidential and protected with certain security precautions and actions.被称为商业秘密的资源必须是机密的，并应以某些安全防范措施和行为进行保护lCopyright 版权版权Protects the expression of the idea of the resource.保护思想的表达（方式）Trademark 商标商标Is used to protect a word,name,symbol,sound,shape,colour,device or combination of these.用来保护一个单词、名字、符号、声音、形状、颜色、设备或这些的组合。Patent 专利专利Are given to individuals or companies to grant the owner legal ownership and enable the owner to exclude others from using and copying the innovation covered by the patent.是授予个人或公司的法律所有权，使所有权人能拒绝他人使用或复制专利所指的发明。进出口法律进出口法律国家在出口边界限制的主要技术是加密。一些国家限制国家之间使用的或不同国家之间可以买卖的加密的强度或类型。这是因为政府想要在某些时候，窃听所怀疑非法行为的通信内容。隐私法隐私法Federal Privacy Act 联邦隐私法案联邦隐私法案Gramm-Leach-bliley Act of 1999 金融现代化法案金融现代化法案HIPAA(Health Insurance Portability and Accountability Act)联邦健康保险流通和责任法案联邦健康保险流通和责任法案联邦隐私法规定，收集数据都必须以公平合法的方式进行。数据只能用于收集它的目的，并只能在一个合理的时间内使用。大多数国家的隐私法都声称信息必须是正确的、最新的，并不得透露给第三方。人们同样有权改正他们的个人信息。隐私法隐私法如果公司想获得适当保护，必须仔细考虑并处理几种员工隐私事项：如果公司想获得适当保护，必须仔细考虑并处理几种员工隐私事项：要对击键、email等进行监控，要事先让员工知道。需要通过标语或培训方式向员工解释。最好是让员工阅读一份文件，描述他们可能受到的监控，这被认为是可接受的。员工签署的文件，在未来必要时可作为法律文件。还应就此目的开发一个专门的策略，规定哪些人可以阅读监控的信息。公司不应向员工允诺隐私，这一点很重要，否则可能导致诉讼。监控必须是工作相关的。监控还要以一致的方式进行，全体人员都要受到监控，而不只是一两个人。Computer Crime InvestigationsIncident response team事件响应小组事件响应小组Basic items 基本事项：基本事项：n List of outside agencies and resources to contact or report to.可联系或报告的外部机构和资源列表n List of computer of forensics experts to contact.可联系的计算机取证专家列表n Steps on how to secure and preserve evidence.如何保护及保存证据的步骤n Steps on how to search for evidence如何收集证据的步骤n List of items that should be included on the report.报告中包含的条款列表n A list that indicates how the different systems should be treated in this type of situation.在这种情况下，不同系统应如何对待的列表 Computer Forensics 计算机取证计算机取证Forensics investigation-1st step:Make a sound image of the attacked system and perform forensic analysis on this copy.This will ensure that the evidence stays unharmed on the original system in case some steps in the investigation actually corrupt or destroy data.Also the memory of the system should be dumped to a file before doing any work on the system or powering it down.第一步：第一步：对被攻击系统做一个良好的镜像，对此复制系统进行取证分析。这确保原系统上的证据不被破坏。另外，在对系统做任何工作或断电前，应将系统内存信息存入一个文件。计算机取证设备计算机取证设备 2nd step/Chain of custody:Must follow a very strict and organized procedure when collecting and tagging evidence.当收集证据和贴标签时，必须遵循严格的和有组织的程序。Dictates that all evidence be labeled with information indication who secured and validated it.规定所有的证据都必须贴上信息标签，指明谁对其进行保护及确认。The chain of custody is a history that shows how evidence was collected,analyzed,transported and preserved in order to be presented as evidence in court.保管链是一个历史，它展示如何收集、分析、传输及保存证据，从而在法庭上作为证据。Because electronic evidence can be easily modified,a clearly defined chain of custody demonstrates that the evidence is trustworthy.由于电子证据很容易被修改，清晰定义的保管链证明证据是可信的可信的。The life cycle of evidenceIncludes following：-Collection and identification收集和确认-Storage,preservation and transportation存储、保管和运输-Presentation in court法庭出示-Being returned to victim or owner返还给受害者或所有者Evidence:Best evidence 最佳证据最佳证据Is the primary evidence used in a trial because it provides the most reliability.Is used for documentary evidence such as contracts.是法庭采用的主要证据，因为它提供最大的可靠性。书面证据，如合同。Secondary evidence 二手证据二手证据Is not viewed as reliable and strong in proving innocence or guilt when compared to best evidence.与最佳证据相比，在证明无辜或有罪时并不那么可靠和强大。Direct evidence 直接证据直接证据Can prove fact all by itself instead of needing backup information to refer to.本身就能证明一些事实，不必参考备用信息。Conclusive evidence 确凿证据确凿证据/决定性证据决定性证据Is irrefutable and cannot be contradicted.无可辩驳的，不可驳倒的Circumstantial evidence 间接证据间接证据Can prove an intermediate fact that can then be used to deduce or assume the existence of another fact.可提供中间事实，用来推想或假设另一事实的存在Corroborative evidence 补强性证据补强性证据/佐证佐证Is supporting evidence used to help prove an idea or point.It cannot stand on its own,but is used as a supplementary tool to help prove a primary piece of evidence.是支持性证据，用来帮助证明一个想法或观点。它不能独自成立，用来帮助证明一条主要证据。Opinion evidence 观点证据观点证据When a witness testifies,the opinion rule dictates that she must testify to only the facts of the issue and not her opinion of the facts.当一个证人作证时，观点规则观点规则要求他必须仅对事实凭证上，而不要加入他自己的观点This is slightly different from when an expert witness is used,because an expert is used primarily for his educated opinion.这与使用专家证人有一点区别，因为专家主人使用他自己受教育的观点。Hearsay evidence 传闻证据传闻证据Pertains to oral or written evidence that is presented in court that is secondhand and that has no firsthand proof of accuracy or reliability.指在法庭上陈述的口头或书面的证据，是二手的，没有准确性和可靠性的第一手证明。Characteristics of evidence:Must be Sufficient 充分的充分的It must be persuasive enough to convince a reasonable person of the validity of the findings.Means also that it cannot be easily doubted.必须有充分的说服力来使一个讲道理的人相信调查的真实性。也意味着它不容易被怀疑。Reliable/Competent 可靠的可靠的It must be consistent with fact,must be factual and not circumstantial.必须与事实相符，是实际的而不是随环境改变的Relevant 相关的相关的It must have a reasonable and sensible relationship to the findings.Legally permissible-It was obtained in a legal way.必须与调查有着合理的关系。法律上允许的，以合法的方式获得。Enticement Entrapment Enticement 诱骗诱骗Is legal and ethical.Entrapment圈套圈套Is neither legal nor ethical.Phone Phreakers Blue boxesA device that simulates a tone that tricks the telephone companys system into thinking the user is authorized for long distance service,which enables him to make the call.一种设备，模拟一个音调，欺骗电话公司的系统，使其以为用户已经被授权可以拨打长途电话，于是允许他进行拨叫。Red boxesSimulates the sound of coins being dropped into a payphone.模拟硬币投入币口的声音 Black boxes Manipulates the line voltage to receive a toll-free call 操控电压来获得免费拨叫