OBJECTIVES
This chapter covers the following TruSecure-specified objectives for the TICSA exam:
Identify, specify, or describe computer and network ethical, legal, and privacy issues.
Differentiate between types of law applicable to computer technology.
List types of computer- and network-related crime.
Describe the basic process of a computer crimes investigation.
This exam objective ensures that you have an understanding of the legal issues that affect the computer security specialist, including knowledge of what constitutes a computer or network-related crime, and the differences between civil and criminal actions. You should be able to recognize the important components of conducting an investigation to gather and present evidence needed to prosecute a criminal offense or pursue a criminal action.
Recognize laws that regulate privacy issues.
The objective further ensures that you understand privacy issues involved in implementing security measures, including regulatory and administrative laws that govern specific professions, such as the medical and financial industries.
Discuss the role of ethics in computer security.
Finally, the objective requires that you recognize ethical implications inherent in working in the IT security field, and the role that a code of ethics plays both in the career of the individual and in the credibility of the security profession.
OUTLINE
Differentiating Between Criminal Law, Civil Law, and Administrative/Regulatory Law 348
Differentiating Between Statutory Law, Case Law, and Common Law 352
Understanding Jurisdictional Issues 354
Categories of Intellectual Property Law 356
Industry-Specific Privacy Issues 361
Basics of Computer Investigation and Forensics 364
Technology Export and Import Issues 370
Professional Codes of Ethics 371
STUDY STRATEGIES
Be sure you have a clear understanding of the different legal systems and how each pertains to computers and networks.
Ensure that you understand the definitions and concepts relating to computer law and ethics.
Be able to name different types of computer crimes and differentiate between them.