Developing a Compliance-Driven Framework
Understanding your company's potential liability is the first step toward developing a compliance-driven framework. Identify and rank your compliance drivers--perhaps Sarbanes-Oxley first, followed by SB1386.
Read the Article
|
Community Policing on the Internet
Community policing has been applied to the physical world with good success. These programs establish a community partnership that attempts to solve the problems that lead to crime, and work to change these factors to mitigate the threat of crime. One of the main cruxes of community policing is crime prevention. This paper applies the principles of community policing and crime prevention to the Internet and details establishing relationships between law enforcement and potential victims, their individual roles and responsibilities, and some of the problems the relationship may alleviate such as fears a victim may have concerning the reporting of cybercrime.
Read the Article
|
An Uneven Playing Field: The Advantages of the Cyber Criminal vs. Law Enforcement-and Some Practical
This paper offers some observations of the disparities between the criminals manipulating digital data and law enforcement chasing after them; and tenders some suggestions in an effort to even the playing field.
Read the Article
|
Financial Institutions Required To Do Their Part To Fight Crime
This paper will briefly explain how the U.S. Patriot Act legislation came into existence, but its main focus will be to outline the requirements of the recently proposed Section 326.
Read the Article
|
Running an IT Investigation in the Corporate Environment
This paper describes the issues that are involved in conducting an IT investigation of an incident in a corporate environment. It helps to provide insight into the issues that many companies deal with.
Read the Article
|
The 2001 Patriot Act and Its Implications for the IT Security Professional
One could write volumes of encyclopedic magnitude discussing the ethical and moral implications of the USAPA. One could also spend an equal amount of time delving into criticism and the Big Brother.
Read the Article
|
Standards for Security Categorization of Federal Information and Information Systems
The E-Government Act of 2002 (Public Law 107-347), passed by the one hundred and seventh Congress and signed into law by the President in December 2002, recognized the importance of information security to the economic and national security interests of the United States. Title III of the EGovernment Act, entitled the Federal Information Security Management Act of 2002 (FISMA), tasked NIST with responsibilities for standards and guidelines.
Read the Article
|
Downstream Liability for Attack Relay and Amplification
While accessing the Internet at work, Jane finds a six-month old vulnerability in Megacorp's web server. Exploiting this vulnerability, Jane is able to gain privileged access to the system. From Megacorp's system, Jane then discovers a month-old vulnerability on the hospital system located in Washington state. She is able to exploit this as well and gains privileged access to the hospital server. Once Jane is a privileged user on the hospital's system, she is able to penetrate more deeply into the hospital's network wherein she finds a database server containing sensitive patient records. While browsing the database, Jane G. stumbles on Mr. Big Star's file and decides to download a copy.
Read the Article
|
National Cyber Defense: A Design for Securing our Future
This paper represents the base design for a national cyber defense system upon which can be largely expanded to suit the needs of the many evolving requirements of law enforcement, government, research groups, and other groups of people in the context of the internet.
Read the Article
|
Security Concerns in Licensing Agreements, Part One: Clickwrap and Shrinkwrap Agreements
This is the first of two articles that will discuss some security-related aspects of software licenses and agreements for Web-based information services. Part One will focus on shrinkwrap and clickwrap agreements. Part Two will emphasize individually negotiated agreements, with particular regard to the opportunities for information security professionals to work with legal counsel in the negotiation and preparation of such agreements.
Read the Article
|
