Chapter 8: Law, Crimes, Ethics, and Investigation

Previous page
Table of content
Next page

  < Day Day Up > 


A computer or network security-related book would not be complete without a chapter that specifically focuses on computer-related law, ethics, fraud, computer crimes, and investigation. Although it is probable that you will only face general questions regarding law, ethics, investigation, and computer crimes, it is important for you to understand these topics in order to have a well-rounded foundation as a security specialist. It is also important that you have the ability to answer even the general questions on the Security+ exam. In Chapter 6, you were introduced to some of the topics that are also included in this chapter to better prepare you for the subject matter contained in it. Remember, the most important information pertaining to the exam will be identified for you.

Law

As you are probably aware, similar to the topic of security, the topic of law and legal affairs covers a very broad range of subjects and information. In order to understand the laws that are relevant to computer-related crimes and prepare you for the subject matter later in this section, it is important for you to understand the legal terms that are described next.

Note 

Several current security-related certification exams refer to these terms as intellectual properties. Just for the record, intellectual properties can include subjects such as software piracy, trademarks, copyrights, patents and patent infringements, and trade secrets. However, before we discuss the intellectual properties, it is important for you to have a general understanding of the major types of laws that exist. They are listed as follows:

  • Criminal law: This type of law protects society from individuals or groups that violate laws enacted by the government. With this type of law, the government prosecutes those who have committed what it deems as crimes. With criminal law, the government or state will appoint a prosecutor to file a suit against such crimes as murder or rape. These crimes are deemed as felonies or misdemeanors.

  • Civil law: This type of law has to do with wrongful doings between individuals or between businesses and individuals. It typically results in some sort of loss or damage. A civil case is brought forward when an individual or company wishes to resolve the loss or wrongful doing that has occurred due to the negligence or misconduct of another. With civil law, compensation for loss is typically requested.

  • Administrative law: This type of law pertains to government agencies, organizations, and offices. It regulates how the agencies should conduct their affairs and business dealings.

Next, we will discuss trademarks, patents, copyrights, and trade secrets.

Note 

It is likely that the Security+ exam will expect you to know the difference between trademarks, patents, copyrights, and trade secrets.

Trademark

A trademark is a word, phrase, title, logo, symbol, design, letter, number, or other object that it used to uniquely identify a company, product or service. Just about anything you can buy today has a trademark. Computers, software, network appliances, and even ISPs use registered trademarks. A registered trademark is trademark that has been granted for a particular product or service by the federal government. If another person or company creates a product or service and places a label or title on that product or service that is very similar to a registered trademark, the trademark's registered owner can possibly sue that individual or company.

Patent

A patent is a privilege or right of use that is specifically assigned by government to the creator, developer, or owner of a process, mechanism, service, or product. When something is patented, it is protected by law from being copied or misused by anyone other than the patent holder. In simple terms, if you develop a product and receive a patent from the U.S. Government Patent Office regarding that product, you have exclusive use of manufacturing and reproducing that particular product.

Copyright

A copyright is the right to create and sell what is exclusive to the creator or owner of the copyright. Copyrights are usually associated with such creations as books, articles, movies, and music. For example, an author can be the creator or inventor of an idea or expression. The author or publisher of the idea or expression will typically have the material registered and copyrighted in order to protect the idea or expression from being modified, copied or sold by someone else. In order to obtain a copyright, one must register for the copyright with the federal copyright registry.

Trade Secret

A trade secret is confidential company or business information or devices such as a secret formula, code, database, device, or other product whose effectiveness and profitability are based on its secrecy. In other words, in order for a company to have or maintain an advantage over a competitor, its trade secrets or company secrets must not be divulged.

Note 

For the exam, know that a trade secret is proprietary company information whose secrecy is essential to the health and profitability of a company.

Computer Laws

As mentioned in the opening paragraph of this chapter, there are specific laws that have been enacted which relate to the protection of computer security and privacy. The demand for more secure electronic business transactions and the need for increased protection regarding personal privacy are on the rise. More computer-related security laws and stricter punishment, for those who break them, are needed to protect the privacy and welfare of businesses and individuals in this highly technical age.

There are many new computer privacy laws currently being considered by government. Next, you will be provided with a list of valid security and privacy laws. It is not likely that the Security+ exam will expect you to know them all. However, you never know what CompTIA might have in store as the exam popularity grows and different questions are added to the exam. Look closely at the following laws, you will notice they are relative and apply to many of the topics discussed in this book:

  • 1974 Federal Privacy Act: This act protects the public by insuring that personal information held by federal agencies is not accessible or released without consent.

  • 1984 First Computer Security Act: This act states that unauthorized access to or destruction of federal computing systems or information is a felony.

  • 1986 (amended 1996) Computer Fraud and Abuse Act: This act better defined the first computer security law created in 1984. It was updated in 1996 to include the identification of three new computer crimes: use of a federal interest computer to further intended fraud; the altering or destruction of information on a federal interest computer that causes $1,000 in loss or results in medical treatment; and the trafficking of computer-related passwords that allows access to government computers.

  • 1986 Electronic Communications Privacy Act: This act prohibits eavesdropping by way of wire or oral communications. It addresses the important issue of information being illegally obtained without consent. In simple terms, in order for someone to monitor your communication or information, they must first be granted explicit permission from the legal or court system. For example, police or federal agencies must obtain legal permission to wire tap or carry out surveillance on a suspected criminal.

  • 1987 Computer Security Act: This act requires federal agencies to identify critical information systems, provide computer security training to employees, and develop documented plans to secure all systems.

  • 1994 U.S. Communications Assistance for Law Enforcement Act: This act calls for all communications carriers and companies to provide the ability for wire tapping to be used.

  • 1994 Computer Abuse Amendments Act: This act is better defined by the phrase 'federal interest computer' to include a system or computer that is used for interstate commerce or communications. This act is also updated to include worm and virus laws.

  • 1996 U.S. Economic and Protection of Proprietary Information Act: This act covers computer security laws and punishment relating to corporate enterprise as well as industrial espionage.

  • 1999 Gramm-Leach-Bliley Law: This law was enacted for the further protection of nonpublic personal information. Its main focus is to ensure that financial institutions have an obligation to protect the privacy of their customers by implementing and supporting technical, administrative, and physical safeguards.

If you are interested in learning about the newest computer-related laws including copyright, trademark, and other legislation, you should definitely visit http://www.complaw.com. Additional legal information and resources can be found at http://www.findlaw.com and http://www.usdoj.gov/criminal/cybercrime/cclaws.html.


  < Day Day Up > 


Previous page
Table of content
Next page
The Security+ Exam Guide (TestTaker's Guide Series)
Security + Exam Guide (Charles River Media Networking/Security)
ISBN: 1584502517
EAN: 2147483647
Year: 2003
Pages: 136
Authors: Christopher A. Crayton
BUY ON AMAZON
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
Excel Scientific and Engineering Cookbook (Cookbooks (OReilly))
Cisco Voice Gateways and Gatekeepers
802.11 Wireless Networks: The Definitive Guide, Second Edition
The Oracle Hackers Handbook: Hacking and Defending Oracle
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy