Computer Crimes and respective Laws

In the Cyberworld Computers are heavily used to do Cyber Crime. Hence, because of these undesirable things – Organization wanted to keep them from happening again. Accordingly, it leads to the beginning of Computer Crimes Law. Actually, this is true for all Crime Law -> Law is created to avoid Crimes to re-occur in Future.

Below mindmap explains the Computer Crimes and their objectives. To protect Organizations from Computer Crimes, U.S. has developed a series of Computer Crime Laws over the years. Refer to below mindmap for all required details.

Laws, Regulations, Compliance

Every country follows some kind of Legal system. Below figure shows different types of Legal system.

Since CISSP discuss more on U.S. Laws and Regulation; hence we will restrict our-self to U.S. only. We can observe that the U.S. follow “Common Legal System”.
As an IT professional / Security professional; we understand that Laws and regulations have a significant impact on “How we work & behave day to day”. Hence below picture depicts some of the essential laws as covered by CISSP course content.

Over the last decade, the regulatory environment governing information security has grown increasingly complex. Organisations may find themselves subject to a wide variety of below laws

  1. Computer Crime Laws
  2. Intellectual Property Law
  3. Software Licensing Law
  4. Import/Export Law
  5. Privacy Law

Also, some regulations imposed by regulatory agencies or contractual obligations such as PCI-DSS, which could be a mandate to run your Business efficiently. Refer to below screenshot to know more details about PCI-DSS.

There could be other regulatory compliance such as
Auditing – For gathering shreds of evidence, finding the weakness in a system
Reporting – In case there is a “Breach.”
Metrics – To identify the effectiveness of your control & trend identification.

Personnel Security

Every country follows some kind of Legal So, Who is the Weakest element in the Security Realm – “Human.”
Who is the biggest culprit in the Security Realm – “Human.”

No matter what controls have been deployed in any environment; Human will always discover a way to avoid/circumvent/disable it.

Image a situation if that Human belongs to your own, i.e. Employee. In such a case; Employee becomes your biggest Threat. Therefore it is vital to take Humanity of Users in account while Designing and deploying security solutions for your environment. Hence, anything which gives extra power & privileges to the employee is considered to be the most significant security risk for an Organization.

Refer to below mindmap which explains the complete details in the Realm of Personnel Security. System. Below figure shows different types of Legal system.

Business Continuity Planning

In the first part of this post; we will try to answer some of the fundamental questions asked on “What is BCP? Why it is needed?” :- Refer to the below image which helps to understand BCP.

The overall goal of BCP is to provide an adequate response in the event of an emergency. Therefore BCP Process has four main steps as mentioned in below mindmap.

Documentation is a critical step in the business continuity planning process. In the above picture, some of the crucial components of the written business continuity plan are listed.

Later in further blogs; we will discuss developing and implementing a disaster recovery plan that includes Technical control required to keep business up and running.