SlideShare une entreprise Scribd logo

File000168

Desmond Devendran
Desmond Devendran
Technologie
1  sur  35
Télécharger pour lire hors ligne
Module LV - Computer Forensics and Legal Compliance
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: Computer Forensics Specialist Is Able to Disprove a Claim Involving Improper Use of Data As more and more business is conducted electronically, the legal community has become aware of the need to properly archive data that might be required as evidence in litigation. Computer forensics investigation certainly plays a key role in the electronic discovery process. As Boston attorney Michael J. McHugh recently learned, however, computer forensics specialists like Ispirian's Tom Smith, a forensic scientist and a member of the American College of Forensic Examiners Institute of Forensic Science, can also aid companies and their legal counsel in addressing claims regarding the improper use or destruction of data. “We often use IT people for litigation support. Usually it boils down to how you produce electronic files under the new federal rules for electronic discovery,” McHugh said. “I had the privilege of working with Tom recently and seeing how he can actually re-create what had occurred inside a computer with a particular set of data over a period of time. This was the first time that the actual inner workings of the computer were relevant to an issue that I had in a case. “I had a general idea of what takes place inside a computer but I had never had the need to retain someone like Tom who could prepare a report that detailed it step by step.” In electronic discovery, computer forensics ensures that digital evidence isn’t corrupted or contaminated from a legal standpoint. However, the same techniques can be used to prove — or, in this case, disprove — that computer devices have been used for improper or illegal activities. Source: http://www.hgexperts.com/
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Objective • Compliance and Computer Forensics • Information Security Compliance Assessment • Principle of Legal Compliance • Elements of an Effective Compliance Program • Compliance Program Structure • Creating Effective Compliance Training Program • Copyright Protection • Copyright Licensing • Criminal Prosecution • Due Diligence • Evidence Collection and Preservation • Fraud, Waste, and Abuse This module will familiarize you with:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow Compliance and Computer Forensics Elements of an Effective Compliance Program Principle of Legal Compliance Copyright LicensingCopyright Protection Creating Effective Compliance Training Program Compliance Program Structure Information Security Compliance Assessment Criminal Prosecution Due DiligenceFraud, Waste, and Abuse Evidence Collection and Preservation
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Legal Compliance
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Regulatory Compliance and Computer Forensics Private and confidential information used and shared without authorization, increases the possibility of identity theft and other unauthorized usage The Regulatory compliance refers to systems or departments at corporations and public agencies to ensure that personnel are aware of and take steps to comply with relevant laws and regulations Acts for compliance with information security: • Sarbanes Oxley Act • Gramm-Leach Bliley (GLB) Act • HIPPA Act • California SB 1386 Act
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Legal and Liability Issues Failure to follow proper legal procedure will result ruling out the evidence in the court The confidence of the public in law enforcement may be lost, if the investigator fails to behave in ethical manner The tension between privacy rights and law enforcement’s need to search and seize digital evidence may cause problem in investigation
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Information Security Compliance Assessment • Laws and regulations help in preparing the project plan • It guides through collecting, analyzing and presenting the information Step 1: Find out related laws and regulations • The plan provides schedule, task, and objective of the project Step 2: Prepare the project plan • This step includes document review, asset identification, and meeting with the management Step 3: Collect information and identify assets • In this step, information collected is integrated for risk analysis Step 4: Perform risk analysis Information security compliance assessment is a unified approach that uses efficient and consistent method to achieve and maintain the information’s security
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Information Security Compliance Assessment (cont’d) • The report contains threats and vulnerabilities found in the risk analysis process • The report includes particular portion or section of applicable security regulations to demonstrate due diligence Step 5: Document all findings and recommendations • It includes the procedure for selecting security system sellers and installing security tools Step 6: Set-up the implementation plan for safeguards that are identified in the risk analysis • It safeguards against known or potential risks Step 7: Test and modify the information security program periodically
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Legal Compliance Program
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Principles of Legal Compliance Program • To create an effective legal compliance program, there must be a commitment among the local voted members, senior management, and staff • Local authority’s commitment to compliance should be publicly recorded in an apparent and clear-cut manner Commitment: • Legal compliance and the processes which support it are to be owned by all persons within the local authority • There must be changeable roles and responsibilities for different people within the local authority Ownership: • The legal compliance program should be discussed in an open council, prior to adoption Demonstration:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Principles of Legal Compliance Program (cont’d) • Legal compliance processes should hold legislation and case law as well as a obviously defined ambit of other standards, codes of practice, or other authoritative pronouncements: • Act of parliaments such as public act, private act, etc. • Local authority by-laws Comprehensive: • There must be a systematic approach to sustain and maintain legal compliance activities • It should be embedded into the existing management systems Systematic: • It ensures that the goal and objective of legal compliance remain applicable and effective Ongoing Development:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Elements of an Effective Compliance Program • Clear and unequivocal senior management support is the foundation of a successful compliance program • Senior management plays an important role in establishing a climate of respect within the company towards the Act Senior management support: • Development of good compliance policies and procedures tailored to the organization’s business operations are critical to the success of the compliance program • Laws and policies need to be regularly updated to reflect changes in the organization’s operations Relevant policies and procedures: A successful compliance program contains the following fundamental elements:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Role of Senior Management in Compliance Program • Responsible for receiving periodic operation report of the compliance program from those who have primary responsibility for operating it • Responsible for finding reasonable oversight regarding the implementation and efficiency of the program Directors: • Senior management’s main responsibility is to ensure that an organization has useful compliance program • Responsible for accountability and effectiveness of the compliance program Senior management: • Responsible for day-to-day implementation of the compliance program • Responsible for reporting to the senior management about the effectiveness of the compliance program Designated individuals: There are multiple layers of management involved in the compliance program
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Importance of Compliance and Ethics Programs Compliance and ethics programs provide a structural foundation to the organization which helps to reduce illegal conduct Prevention and detection of criminal conduct as facilitated by an successful compliance program helps an organization in encouraging ethical conduct and in complying fully with all valid and related laws It helps organizations in restricting public liability arising due to misconduct or illegal activities of employees
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Benefits of Compliance Program Educates employee and senior management about the needs of the Act and the existing enforcement policies Reduces the exposure of directors and employees, and the organization itself, to criminal and civil liability Develops valuable internal procedures to ensure compliance with regulations, payment policies, and coding rules Reduces costs associated to litigation, penalties, and disruption to operations resulting from investigations and court hearings Increases the consciousness of probable anti-competitive conduct by competitors, suppliers, or customers and thereby increases the probability of achieving a suitable remedy
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Best Practices for Successful Implementation of a Compliance Program Determine the goals and expected budget • Determine training goals • Determine the expected training budget Gather the members and meet with program team/steering committee Create a code of conduct for employees Decide the compliance training program plan for three to five years Determine technology, development strategy, and preferences Perform system integration and design communication plan Start training initiative and drive completion rates
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Compliance Program Checklist Checklist to assess whether the organization is in need of effective compliance program: • Does the organization implement due diligence to prevent and detect criminal or illegal conduct? • Does the organization promote its culture that supports ethical conduct and assurance compliance with law? • Does the management put a high priority on safety, loss prevention, and other regulatory compliance requirements? • Has an organization set up and published ‘code of conduct’ document and distributed copies to employees? • Does organization hold all the required resources to effectively develop and maintain a good safety compliance program? • Are organization employees involved in safety and health effort?
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Compliance with Consent Decrees Consent decree is a judicial decree by the judge that expresses a voluntary agreement by participants in a suit Sometimes terms written in consent decree cannot ensure compliance because most of them may not effectively communicate with the employee Organization faces problems while dealing with the cases where an employee disobeys the organization’s policy It is vital for organization with a continuing decree to make certain that it communicates the particular term of the order to all employee who might be impacted Organization needs to establish a procedure that prevents violation of a policy which may lead to violation of regional law
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Memoranda of Understanding/ Agreement (MOU/MOA) A memorandum of understanding (MoU) is a document describing a bilateral or multilateral agreement between parties It expresses a convergence between the parties, indicating an intended common line of action A memorandum of agreement (MOA) is a document written between parties to cooperatively work together on an agreed upon project or meet an agreed upon objective The MOA can also be a legal document that is binding and hold the parties responsible to their commitment
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Enterprise Compliance and Risk Analysis Customer interactions are a valuable asset to enterprise information, but they can also be a liability to an organization The risk of capturing customer interactions is growing exponentially, especially as they are now being targeted for legal compliance and investigation Organization needs to monitor voice, email, and chat interaction of the customer to meet compliance, governance, and liability requirements Organization needs to use advanced monitoring, recording, and analysis techniques that automate the storage and retrieves speech information for compliance and litigation processes
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Creating Effective Compliance Training Program The effective compliance training program is one that motivates its employee and senior management to live by a code of business conduct that supports organization’s business values such as integrity, respect, and fairness It safeguards the organization’s ethical culture • Be familiar with the compliance program and standard code of conduct • Identify potential compliance issues and conditions requiring guidance from the compliance department It helps the employee to:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Responsibilities of Senior Systems Managers • Provides architectural analysis and design support for implementing technical capabilities that satisfy functional requirements • Establishes effective communication systems and management structures • Engage the workforce in the promotion and achievement of legal practices in ethical way • Access and follow competent advice, and monitor, report and review performance Senior System Manager:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Legal Compliance to Prevent Fraud, Waste, and Abuse Legal compliance provide guidance and policy advice to the organizations and employees It helps to protect the organizations from fraud and abuse from the external sources Legal compliance also helps to prevent the unwanted waste of human resources and energy
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Terms Related to Legal Compliance
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Copyright Protection • It refers to a collection of exclusive rights conferred by the copyright acts in relation to the original works Copyright: • It is the protection of exclusive rights conferred by the copyright acts to original works of authorship fixed in any tangible medium of expression for a certain period of time • Work of authorship includes: • Literary works • Musical works • Broadcasts • Artistic works • Sound recordings etc. Copyright Protection:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Copyright Licensing Copyright Licensing is an agreement in which the owner of a work (“licensor”) permits the other person (“licensee”) to use his copyright protected work • The time period of the licensing agreement • Allocation of rights to derivative works • Specifications for sublicensing • Provision for changed circumstances • Price and payment terms • Provisions respecting bankruptcy during the contract period Copyright licensing agreements include:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Criminal Prosecution Victim may contact law-enforcement personnel or law-enforcement agency, if someone has taken its private information without permission Prior to starting the criminal investigation, law-enforcement agency prosecutor examines the crime scene Prosecutor examines the following things about the crime: • If any laws have been broken • Seriousness of the crime • Availability of the trained investigators • Probability of the conviction After examining the crime scene, if law enforcement agency believe that the crime is properly investigated by the Federal government, they suggest the victim to contact Federal authorities
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Due Diligence Due diligence is a process of investigating and examining the business, legal, and financial operations of an organization in advance of litigation, investment, commercial transaction, or other business activity Due diligence report is a detailed and methodological examination of the organization in all its aspects It has three constituent components: • Financial/Commercial due diligence: • Audit of an organization to determine its financial situation • Legal due diligence: • Review of the legislation establishing the organization and the provisions for its governance • Human resources due diligence: • Detailed examination of the employee s’ commitment towards the organization at all levels
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Evidence Collection and Preservation Forensics investigators face many challenges while collecting and preserving the evidence Digital evidence is fragile in nature and it can be altered intentionally or unintentionally without leaving any clear signs of alteration During the investigation, it is important for the investigator to collect the evidence in a forensically sound manner and preserve it in a proper way Evidence can be collected while examining digital storage media, monitoring the network traffic, or making the duplicate copies of digital data found during forensics investigation
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Importance of Evidence Collection Evidence helps the forensics investigator to uncover believable links between the attacker, victim, and computer crime scene • For example, at the time of crime, if information from an victim computer is stored on the server or system itself, investigator can easily get that information by examining log files, Internet browsing history etc. It determines the scope of investigation and the course of action Proper evidence collection is important for legal compliance to show the evidence for or denial of a crime
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Importance of Evidence Preservation Evidence preservation ensures the integrity of the evidence It involves protection of the collected evidence from damages due to physical access, magnetic field, and other factors to ensure that the evidence is maintained in its original state Evidence preservation is important in order to present it in the court as a proof for any legal compliance issue
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Summary Regulatory compliance refers to systems or departments at corporations and public agencies to ensure that personnel are aware of and take steps to comply with relevant laws and regulations Compliance program reduces the exposure of organization directors and employees, and the organization itself, to criminal and civil liability The effective compliance training program is one that motivates its employee and senior management to live by a code of business conduct that supports organization business values such as integrity, respect, and fairness Due diligence is a process of investigating and examining the business, legal, and financial operations of an organization in advance of litigation, investment, commercial transaction, or other business activity
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited

Recommandé

File000166
File000166File000166
File000166
Desmond Devendran
 
CHFI
CHFICHFI
CHFI
Desmond Devendran
 
File000172
File000172File000172
File000172
Desmond Devendran
 
File000162
File000162File000162
File000162
Desmond Devendran
 
File000167
File000167File000167
File000167
Desmond Devendran
 
File000164
File000164File000164
File000164
Desmond Devendran
 
File000176
File000176File000176
File000176
Desmond Devendran
 
File000116
File000116File000116
File000116
Desmond Devendran
 

Recommandé

File000166
File000166File000166
File000166
Desmond Devendran
 
CHFI
CHFICHFI
CHFI
Desmond Devendran
 
File000172
File000172File000172
File000172
Desmond Devendran
 
File000162
File000162File000162
File000162
Desmond Devendran
 
File000167
File000167File000167
File000167
Desmond Devendran
 
File000164
File000164File000164
File000164
Desmond Devendran
 
File000176
File000176File000176
File000176
Desmond Devendran
 
File000116
File000116File000116
File000116
Desmond Devendran
 
File000163
File000163File000163
File000163
Desmond Devendran
 
File000118
File000118File000118
File000118
Desmond Devendran
 
File000158
File000158File000158
File000158
Desmond Devendran
 
File000114
File000114File000114
File000114
Desmond Devendran
 
File000113
File000113File000113
File000113
Desmond Devendran
 
File000170
File000170File000170
File000170
Desmond Devendran
 
File000171
File000171File000171
File000171
Desmond Devendran
 
File000117
File000117File000117
File000117
Desmond Devendran
 
Chfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays WorldChfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays World
gueste0d962
 
EC-Council Computer Hacking Forensic Investigator v9
EC-Council Computer Hacking Forensic Investigator v9EC-Council Computer Hacking Forensic Investigator v9
EC-Council Computer Hacking Forensic Investigator v9
ITpreneurs
 
File000154
File000154File000154
File000154
Desmond Devendran
 
File000115
File000115File000115
File000115
Desmond Devendran
 
Lect 1 computer forensics
Lect 1 computer forensicsLect 1 computer forensics
Lect 1 computer forensics
Kabul Education University
 
File000120
File000120File000120
File000120
Desmond Devendran
 
File000157
File000157File000157
File000157
Desmond Devendran
 
Ce hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handlingCe hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handling
Vi Tính Hoàng Nam
 
File000119
File000119File000119
File000119
Desmond Devendran
 
File000165
File000165File000165
File000165
Desmond Devendran
 
CS6004 Cyber Forensics - UNIT IV
CS6004 Cyber Forensics - UNIT IVCS6004 Cyber Forensics - UNIT IV
CS6004 Cyber Forensics - UNIT IV
ArthyR3
 
File000159
File000159File000159
File000159
Desmond Devendran
 
File000174
File000174File000174
File000174
Desmond Devendran
 
File000173
File000173File000173
File000173
Desmond Devendran
 

Contenu connexe

Tendances

Chfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays WorldChfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays World
gueste0d962
 

Tendances (20)

File000163
File000163File000163
File000163
 
File000118
File000118File000118
File000118
 
File000158
File000158File000158
File000158
 
File000114
File000114File000114
File000114
 
File000113
File000113File000113
File000113
 
File000170
File000170File000170
File000170
 
File000171
File000171File000171
File000171
 
File000117
File000117File000117
File000117
 
Chfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays WorldChfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays World
 
EC-Council Computer Hacking Forensic Investigator v9
EC-Council Computer Hacking Forensic Investigator v9EC-Council Computer Hacking Forensic Investigator v9
EC-Council Computer Hacking Forensic Investigator v9
 
File000154
File000154File000154
File000154
 
File000115
File000115File000115
File000115
 
Lect 1 computer forensics
Lect 1 computer forensicsLect 1 computer forensics
Lect 1 computer forensics
 
File000120
File000120File000120
File000120
 
File000157
File000157File000157
File000157
 
Ce hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handlingCe hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handling
 
File000119
File000119File000119
File000119
 
File000165
File000165File000165
File000165
 
CS6004 Cyber Forensics - UNIT IV
CS6004 Cyber Forensics - UNIT IVCS6004 Cyber Forensics - UNIT IV
CS6004 Cyber Forensics - UNIT IV
 
File000159
File000159File000159
File000159
 

En vedette

[Gerard blokdijk, claire_engle,_jackie_brewster]_i(book_see.org) (1)
[Gerard blokdijk, claire_engle,_jackie_brewster]_i(book_see.org) (1)[Gerard blokdijk, claire_engle,_jackie_brewster]_i(book_see.org) (1)
[Gerard blokdijk, claire_engle,_jackie_brewster]_i(book_see.org) (1)
Desmond Devendran
 

En vedette (19)

File000174
File000174File000174
File000174
 
File000173
File000173File000173
File000173
 
File000136
File000136File000136
File000136
 
File000141
File000141File000141
File000141
 
File000161
File000161File000161
File000161
 
File000145
File000145File000145
File000145
 
File000135
File000135File000135
File000135
 
File000150
File000150File000150
File000150
 
File000139
File000139File000139
File000139
 
File000097
File000097File000097
File000097
 
[Gerard blokdijk, claire_engle,_jackie_brewster]_i(book_see.org) (1)
[Gerard blokdijk, claire_engle,_jackie_brewster]_i(book_see.org) (1)[Gerard blokdijk, claire_engle,_jackie_brewster]_i(book_see.org) (1)
[Gerard blokdijk, claire_engle,_jackie_brewster]_i(book_see.org) (1)
 
File000148
File000148File000148
File000148
 
File000142
File000142File000142
File000142
 
Investigating server logs
Investigating server logsInvestigating server logs
Investigating server logs
 
File000121
File000121File000121
File000121
 
File000122
File000122File000122
File000122
 
File000169
File000169File000169
File000169
 
File000152
File000152File000152
File000152
 
File000155
File000155File000155
File000155
 

Similaire à File000168

GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
IT Governance Ltd
 
Corporate Public Investigations
Corporate Public InvestigationsCorporate Public Investigations
Corporate Public Investigations
CTIN
 
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
Financial Poise
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
CODE BLUE
 
EUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPEUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIP
Scott Baron
 
CHAPTER 8INFORMATION GOVERNANCEInformation Governance & .docx
CHAPTER 8INFORMATION GOVERNANCEInformation Governance & .docxCHAPTER 8INFORMATION GOVERNANCEInformation Governance & .docx
CHAPTER 8INFORMATION GOVERNANCEInformation Governance & .docx
mccormicknadine86
 

Similaire à File000168 (20)

e-HealthWhitepaper
e-HealthWhitepapere-HealthWhitepaper
e-HealthWhitepaper
 
General Data Protection Regulation and Compliance - GDPR: Sharique M Rizvi
General Data Protection Regulation and Compliance - GDPR: Sharique M RizviGeneral Data Protection Regulation and Compliance - GDPR: Sharique M Rizvi
General Data Protection Regulation and Compliance - GDPR: Sharique M Rizvi
 
FixNix 17 products1.0
FixNix 17 products1.0FixNix 17 products1.0
FixNix 17 products1.0
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
 
Cyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fickCyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fick
 
Chapter -6- Ethics and Professionalism of ET (2).pptx
Chapter -6- Ethics and Professionalism of ET (2).pptxChapter -6- Ethics and Professionalism of ET (2).pptx
Chapter -6- Ethics and Professionalism of ET (2).pptx
 
Building a cybercrime case
Building a cybercrime caseBuilding a cybercrime case
Building a cybercrime case
 
Building a cybercrime case
Building a cybercrime caseBuilding a cybercrime case
Building a cybercrime case
 
20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology 20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology
 
Corporate Public Investigations
Corporate Public InvestigationsCorporate Public Investigations
Corporate Public Investigations
 
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal Toolkit
 
Members evening - data protection
Members evening - data protectionMembers evening - data protection
Members evening - data protection
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
Lecture 13 oveview of etichs, fraud, and internal control- james a. hall boo...
Lecture 13 oveview of etichs, fraud, and internal control- james a. hall boo...Lecture 13 oveview of etichs, fraud, and internal control- james a. hall boo...
Lecture 13 oveview of etichs, fraud, and internal control- james a. hall boo...
 
3999779.ppt
3999779.ppt3999779.ppt
3999779.ppt
 
EUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIPEUCI Mapping Cybersecurity to CIP
EUCI Mapping Cybersecurity to CIP
 
BoyarMiller – What Every Attorney Needs to Know Regarding Document Retention,...
BoyarMiller – What Every Attorney Needs to Know Regarding Document Retention,...BoyarMiller – What Every Attorney Needs to Know Regarding Document Retention,...
BoyarMiller – What Every Attorney Needs to Know Regarding Document Retention,...
 
Tim Willoughby - Presentation to Innovation Masters 2016
Tim Willoughby - Presentation to Innovation Masters 2016Tim Willoughby - Presentation to Innovation Masters 2016
Tim Willoughby - Presentation to Innovation Masters 2016
 
CHAPTER 8INFORMATION GOVERNANCEInformation Governance & .docx
CHAPTER 8INFORMATION GOVERNANCEInformation Governance & .docxCHAPTER 8INFORMATION GOVERNANCEInformation Governance & .docx
CHAPTER 8INFORMATION GOVERNANCEInformation Governance & .docx
 

Plus de Desmond Devendran

Plus de Desmond Devendran (11)

Siam key-facts
Siam key-factsSiam key-facts
Siam key-facts
 
Siam foundation-process-guides
Siam foundation-process-guidesSiam foundation-process-guides
Siam foundation-process-guides
 
Siam foundation-body-of-knowledge
Siam foundation-body-of-knowledgeSiam foundation-body-of-knowledge
Siam foundation-body-of-knowledge
 
Enterprise service-management-essentials
Enterprise service-management-essentialsEnterprise service-management-essentials
Enterprise service-management-essentials
 
Service Integration and Management
Service Integration and Management Service Integration and Management
Service Integration and Management
 
Diagram of iso_22301_implementation_process_en
Diagram of iso_22301_implementation_process_enDiagram of iso_22301_implementation_process_en
Diagram of iso_22301_implementation_process_en
 
CHFI 1
CHFI 1CHFI 1
CHFI 1
 
File000175
File000175File000175
File000175
 
File000160
File000160File000160
File000160
 
File000156
File000156File000156
File000156
 
File000153
File000153File000153
File000153
 

Dernier

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Dernier (20)

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 

File000168

  • 1. Module LV - Computer Forensics and Legal Compliance
  • 2. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: Computer Forensics Specialist Is Able to Disprove a Claim Involving Improper Use of Data As more and more business is conducted electronically, the legal community has become aware of the need to properly archive data that might be required as evidence in litigation. Computer forensics investigation certainly plays a key role in the electronic discovery process. As Boston attorney Michael J. McHugh recently learned, however, computer forensics specialists like Ispirian's Tom Smith, a forensic scientist and a member of the American College of Forensic Examiners Institute of Forensic Science, can also aid companies and their legal counsel in addressing claims regarding the improper use or destruction of data. “We often use IT people for litigation support. Usually it boils down to how you produce electronic files under the new federal rules for electronic discovery,” McHugh said. “I had the privilege of working with Tom recently and seeing how he can actually re-create what had occurred inside a computer with a particular set of data over a period of time. This was the first time that the actual inner workings of the computer were relevant to an issue that I had in a case. “I had a general idea of what takes place inside a computer but I had never had the need to retain someone like Tom who could prepare a report that detailed it step by step.” In electronic discovery, computer forensics ensures that digital evidence isn’t corrupted or contaminated from a legal standpoint. However, the same techniques can be used to prove — or, in this case, disprove — that computer devices have been used for improper or illegal activities. Source: http://www.hgexperts.com/
  • 3. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Objective • Compliance and Computer Forensics • Information Security Compliance Assessment • Principle of Legal Compliance • Elements of an Effective Compliance Program • Compliance Program Structure • Creating Effective Compliance Training Program • Copyright Protection • Copyright Licensing • Criminal Prosecution • Due Diligence • Evidence Collection and Preservation • Fraud, Waste, and Abuse This module will familiarize you with:
  • 4. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow Compliance and Computer Forensics Elements of an Effective Compliance Program Principle of Legal Compliance Copyright LicensingCopyright Protection Creating Effective Compliance Training Program Compliance Program Structure Information Security Compliance Assessment Criminal Prosecution Due DiligenceFraud, Waste, and Abuse Evidence Collection and Preservation
  • 5. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Legal Compliance
  • 6. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Regulatory Compliance and Computer Forensics Private and confidential information used and shared without authorization, increases the possibility of identity theft and other unauthorized usage The Regulatory compliance refers to systems or departments at corporations and public agencies to ensure that personnel are aware of and take steps to comply with relevant laws and regulations Acts for compliance with information security: • Sarbanes Oxley Act • Gramm-Leach Bliley (GLB) Act • HIPPA Act • California SB 1386 Act
  • 7. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Legal and Liability Issues Failure to follow proper legal procedure will result ruling out the evidence in the court The confidence of the public in law enforcement may be lost, if the investigator fails to behave in ethical manner The tension between privacy rights and law enforcement’s need to search and seize digital evidence may cause problem in investigation
  • 8. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Information Security Compliance Assessment • Laws and regulations help in preparing the project plan • It guides through collecting, analyzing and presenting the information Step 1: Find out related laws and regulations • The plan provides schedule, task, and objective of the project Step 2: Prepare the project plan • This step includes document review, asset identification, and meeting with the management Step 3: Collect information and identify assets • In this step, information collected is integrated for risk analysis Step 4: Perform risk analysis Information security compliance assessment is a unified approach that uses efficient and consistent method to achieve and maintain the information’s security
  • 9. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Information Security Compliance Assessment (cont’d) • The report contains threats and vulnerabilities found in the risk analysis process • The report includes particular portion or section of applicable security regulations to demonstrate due diligence Step 5: Document all findings and recommendations • It includes the procedure for selecting security system sellers and installing security tools Step 6: Set-up the implementation plan for safeguards that are identified in the risk analysis • It safeguards against known or potential risks Step 7: Test and modify the information security program periodically
  • 10. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Legal Compliance Program
  • 11. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Principles of Legal Compliance Program • To create an effective legal compliance program, there must be a commitment among the local voted members, senior management, and staff • Local authority’s commitment to compliance should be publicly recorded in an apparent and clear-cut manner Commitment: • Legal compliance and the processes which support it are to be owned by all persons within the local authority • There must be changeable roles and responsibilities for different people within the local authority Ownership: • The legal compliance program should be discussed in an open council, prior to adoption Demonstration:
  • 12. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Principles of Legal Compliance Program (cont’d) • Legal compliance processes should hold legislation and case law as well as a obviously defined ambit of other standards, codes of practice, or other authoritative pronouncements: • Act of parliaments such as public act, private act, etc. • Local authority by-laws Comprehensive: • There must be a systematic approach to sustain and maintain legal compliance activities • It should be embedded into the existing management systems Systematic: • It ensures that the goal and objective of legal compliance remain applicable and effective Ongoing Development:
  • 13. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Elements of an Effective Compliance Program • Clear and unequivocal senior management support is the foundation of a successful compliance program • Senior management plays an important role in establishing a climate of respect within the company towards the Act Senior management support: • Development of good compliance policies and procedures tailored to the organization’s business operations are critical to the success of the compliance program • Laws and policies need to be regularly updated to reflect changes in the organization’s operations Relevant policies and procedures: A successful compliance program contains the following fundamental elements:
  • 14. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Role of Senior Management in Compliance Program • Responsible for receiving periodic operation report of the compliance program from those who have primary responsibility for operating it • Responsible for finding reasonable oversight regarding the implementation and efficiency of the program Directors: • Senior management’s main responsibility is to ensure that an organization has useful compliance program • Responsible for accountability and effectiveness of the compliance program Senior management: • Responsible for day-to-day implementation of the compliance program • Responsible for reporting to the senior management about the effectiveness of the compliance program Designated individuals: There are multiple layers of management involved in the compliance program
  • 15. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Importance of Compliance and Ethics Programs Compliance and ethics programs provide a structural foundation to the organization which helps to reduce illegal conduct Prevention and detection of criminal conduct as facilitated by an successful compliance program helps an organization in encouraging ethical conduct and in complying fully with all valid and related laws It helps organizations in restricting public liability arising due to misconduct or illegal activities of employees
  • 16. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Benefits of Compliance Program Educates employee and senior management about the needs of the Act and the existing enforcement policies Reduces the exposure of directors and employees, and the organization itself, to criminal and civil liability Develops valuable internal procedures to ensure compliance with regulations, payment policies, and coding rules Reduces costs associated to litigation, penalties, and disruption to operations resulting from investigations and court hearings Increases the consciousness of probable anti-competitive conduct by competitors, suppliers, or customers and thereby increases the probability of achieving a suitable remedy
  • 17. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Best Practices for Successful Implementation of a Compliance Program Determine the goals and expected budget • Determine training goals • Determine the expected training budget Gather the members and meet with program team/steering committee Create a code of conduct for employees Decide the compliance training program plan for three to five years Determine technology, development strategy, and preferences Perform system integration and design communication plan Start training initiative and drive completion rates
  • 18. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Compliance Program Checklist Checklist to assess whether the organization is in need of effective compliance program: • Does the organization implement due diligence to prevent and detect criminal or illegal conduct? • Does the organization promote its culture that supports ethical conduct and assurance compliance with law? • Does the management put a high priority on safety, loss prevention, and other regulatory compliance requirements? • Has an organization set up and published ‘code of conduct’ document and distributed copies to employees? • Does organization hold all the required resources to effectively develop and maintain a good safety compliance program? • Are organization employees involved in safety and health effort?
  • 19. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Compliance with Consent Decrees Consent decree is a judicial decree by the judge that expresses a voluntary agreement by participants in a suit Sometimes terms written in consent decree cannot ensure compliance because most of them may not effectively communicate with the employee Organization faces problems while dealing with the cases where an employee disobeys the organization’s policy It is vital for organization with a continuing decree to make certain that it communicates the particular term of the order to all employee who might be impacted Organization needs to establish a procedure that prevents violation of a policy which may lead to violation of regional law
  • 20. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Memoranda of Understanding/ Agreement (MOU/MOA) A memorandum of understanding (MoU) is a document describing a bilateral or multilateral agreement between parties It expresses a convergence between the parties, indicating an intended common line of action A memorandum of agreement (MOA) is a document written between parties to cooperatively work together on an agreed upon project or meet an agreed upon objective The MOA can also be a legal document that is binding and hold the parties responsible to their commitment
  • 21. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Enterprise Compliance and Risk Analysis Customer interactions are a valuable asset to enterprise information, but they can also be a liability to an organization The risk of capturing customer interactions is growing exponentially, especially as they are now being targeted for legal compliance and investigation Organization needs to monitor voice, email, and chat interaction of the customer to meet compliance, governance, and liability requirements Organization needs to use advanced monitoring, recording, and analysis techniques that automate the storage and retrieves speech information for compliance and litigation processes
  • 22. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Creating Effective Compliance Training Program The effective compliance training program is one that motivates its employee and senior management to live by a code of business conduct that supports organization’s business values such as integrity, respect, and fairness It safeguards the organization’s ethical culture • Be familiar with the compliance program and standard code of conduct • Identify potential compliance issues and conditions requiring guidance from the compliance department It helps the employee to:
  • 23. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Responsibilities of Senior Systems Managers • Provides architectural analysis and design support for implementing technical capabilities that satisfy functional requirements • Establishes effective communication systems and management structures • Engage the workforce in the promotion and achievement of legal practices in ethical way • Access and follow competent advice, and monitor, report and review performance Senior System Manager:
  • 24. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Legal Compliance to Prevent Fraud, Waste, and Abuse Legal compliance provide guidance and policy advice to the organizations and employees It helps to protect the organizations from fraud and abuse from the external sources Legal compliance also helps to prevent the unwanted waste of human resources and energy
  • 25. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Terms Related to Legal Compliance
  • 26. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Copyright Protection • It refers to a collection of exclusive rights conferred by the copyright acts in relation to the original works Copyright: • It is the protection of exclusive rights conferred by the copyright acts to original works of authorship fixed in any tangible medium of expression for a certain period of time • Work of authorship includes: • Literary works • Musical works • Broadcasts • Artistic works • Sound recordings etc. Copyright Protection:
  • 27. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Copyright Licensing Copyright Licensing is an agreement in which the owner of a work (“licensor”) permits the other person (“licensee”) to use his copyright protected work • The time period of the licensing agreement • Allocation of rights to derivative works • Specifications for sublicensing • Provision for changed circumstances • Price and payment terms • Provisions respecting bankruptcy during the contract period Copyright licensing agreements include:
  • 28. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Criminal Prosecution Victim may contact law-enforcement personnel or law-enforcement agency, if someone has taken its private information without permission Prior to starting the criminal investigation, law-enforcement agency prosecutor examines the crime scene Prosecutor examines the following things about the crime: • If any laws have been broken • Seriousness of the crime • Availability of the trained investigators • Probability of the conviction After examining the crime scene, if law enforcement agency believe that the crime is properly investigated by the Federal government, they suggest the victim to contact Federal authorities
  • 29. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Due Diligence Due diligence is a process of investigating and examining the business, legal, and financial operations of an organization in advance of litigation, investment, commercial transaction, or other business activity Due diligence report is a detailed and methodological examination of the organization in all its aspects It has three constituent components: • Financial/Commercial due diligence: • Audit of an organization to determine its financial situation • Legal due diligence: • Review of the legislation establishing the organization and the provisions for its governance • Human resources due diligence: • Detailed examination of the employee s’ commitment towards the organization at all levels
  • 30. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Evidence Collection and Preservation Forensics investigators face many challenges while collecting and preserving the evidence Digital evidence is fragile in nature and it can be altered intentionally or unintentionally without leaving any clear signs of alteration During the investigation, it is important for the investigator to collect the evidence in a forensically sound manner and preserve it in a proper way Evidence can be collected while examining digital storage media, monitoring the network traffic, or making the duplicate copies of digital data found during forensics investigation
  • 31. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Importance of Evidence Collection Evidence helps the forensics investigator to uncover believable links between the attacker, victim, and computer crime scene • For example, at the time of crime, if information from an victim computer is stored on the server or system itself, investigator can easily get that information by examining log files, Internet browsing history etc. It determines the scope of investigation and the course of action Proper evidence collection is important for legal compliance to show the evidence for or denial of a crime
  • 32. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Importance of Evidence Preservation Evidence preservation ensures the integrity of the evidence It involves protection of the collected evidence from damages due to physical access, magnetic field, and other factors to ensure that the evidence is maintained in its original state Evidence preservation is important in order to present it in the court as a proof for any legal compliance issue
  • 33. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Summary Regulatory compliance refers to systems or departments at corporations and public agencies to ensure that personnel are aware of and take steps to comply with relevant laws and regulations Compliance program reduces the exposure of organization directors and employees, and the organization itself, to criminal and civil liability The effective compliance training program is one that motivates its employee and senior management to live by a code of business conduct that supports organization business values such as integrity, respect, and fairness Due diligence is a process of investigating and examining the business, legal, and financial operations of an organization in advance of litigation, investment, commercial transaction, or other business activity
  • 34. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 35. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited