Legal,Regulations,InvestigationandCompliance法律、法规、调查与符合性•Ethics道德规范•Operationssecurity操作安全•LiabilityandItsRamifications义务和后果•TypesofLaws法律类别•IntellectualPropertyLaws知识产权法•ComputerCrimeInvestigationsEthicsl(ISC)2:CodeofEthicsCanons道德规范准则:nProtectsociety,thecommonwealthandtheinfrastructure保护社会、公共财产和基础设施nActhonorably,honestly,justly,responsiblyandlegally正直,诚实,公正,负责和守法nProvidediligentandcompetentservicetoprincipals.为委托人提供勤勉的和能胜任的服务nAdvanceandprotecttheprofession.推进和保护行业•IAB-InternetActivitesBoard因特网体系结构委员会:Unethicalandunacceptablebehaviour不道德和不可接受的行为:nPurposelyseekingtogainunauthorizedaccesstoInternetresources故意寻求访问未授权的因特网资源nDisruptingtheintendeduseoftheInternet.破坏因特网的使用nWastingresourcesthroughpurposefulactions通过有目的的行为浪费资源nDestroyingtheintegrityofcomputer-basedinformation.破坏计算机信息的完整性nCompromisingtheprivacyofothers.危害他人的隐私安全nInvolvingnegligenceintheconductofInternet-wideexperiments在进行因特网实验时出现过失•GASSP-GenerallyAcceptedSystemSecurityPrinciples通用公认的系统安全原则:SeekstodevelopandmaintainGASSPwithguidancefromsecurityprofessionals,ITproductdevelopers,informationownersandotherorganizationshavingextensiveexperienceindefiningandstatingtheprinciplesofinformationsecurity.GASSP委员会寻求在安全从业者、IT产品开发者、信息所有者和其他拥有定义和描述安全原则广泛经验的组织的指导下来开发和维持GASSP。•MOM-Motivations,OpportunitiesandMeans:动机、机会和方式nMotivations-Whoandwhyofacrime“谁”和“为什么”nOpportunities-Whereandwhenofacrime“何地”和“何时”nMeans-Thecapabilitiesacriminalwouldneedtobesuccessful.关系到罪犯获得成功所需要的能力OperationssecuritylSalami意大利香肠攻击Involvingsubtractingasmallamountoffundsfromanaccountwiththehopethatsuchaninsignificantamountwouldbeunnoticed每次从账户中拿走一点点儿,希望没人注意到如此微不足道的数量lDataDiddling数据欺骗Referstothealterationofexistingdataand...
