Chapter 10. Computer Law and Ethics

OBJECTIVES

This chapter covers the following TruSecure-specified objectives for the TICSA exam:

Identify, specify, or describe computer and network ethical, legal, and privacy issues.

• Differentiate between types of law applicable to computer technology.

• List types of computer- and network-related crime.

• Describe the basic process of a computer crimes investigation.

• This exam objective ensures that you have an understanding of the legal issues that affect the computer security specialist, including knowledge of what constitutes a computer or network-related crime, and the differences between civil and criminal actions. You should be able to recognize the important components of conducting an investigation to gather and present evidence needed to prosecute a criminal offense or pursue a criminal action.

Recognize laws that regulate privacy issues.

• The objective further ensures that you understand privacy issues involved in implementing security measures, including regulatory and administrative laws that govern specific professions, such as the medical and financial industries.

Discuss the role of ethics in computer security.

• Finally, the objective requires that you recognize ethical implications inherent in working in the IT security field, and the role that a code of ethics plays both in the career of the individual and in the credibility of the security profession.

OUTLINE

Introduction 346

Types of Computer Law 346

Differentiating Between Criminal Law, Civil Law, and Administrative/Regulatory Law 348

Criminal Law 348

Civil Law 350

Administrative/Regulatory Law 351

Differentiating Between Statutory Law, Case Law, and Common Law 352

Statutory Law 352

Case Law 353

Common Law 353

Understanding Jurisdictional Issues 354

Why Jurisdiction Is Important 355

Categories of Intellectual Property Law 356

Copyright 356

Trademark 357

Patent 358

Trade Secret Laws 358

Types of Computer Crime 359

Information Privacy Laws 360

Industry-Specific Privacy Issues 361

HIPAA 361

GLB 363

Basics of Computer Investigation and Forensics 364

Types of Evidence 365

Physical Evidence 365

Testamentary Evidence 365

Intangible Evidence 366

Dealing with Evidence 366

Evidence Collection 366

Chain of Custody 367

Preservation of Evidence 368

Evidence Admissibility 368

Rules of Evidence 368

“Fruits of the Poisonous Tree” 368

Applicable Case and Statutory Law 369

Technology Export and Import Issues 370

Computer Ethics 371

Professional Codes of Ethics 371

Why Ethics Matter 372

Relationship of Ethics and Professionalism 372

Working with Unethical Consultants 372

How to Protect You and Your Company 373

STUDY STRATEGIES

• Be sure you have a clear understanding of the different legal systems and how each pertains to computers and networks.

• Ensure that you understand the definitions and concepts relating to computer law and ethics.

• Be able to name different types of computer crimes and differentiate between them.