Module 2 - Laws Impacting Computer Systems and Usage

Question 1

Computer Fraud and Abuse Act of 2002 (goal)

Answer 1

Protect computers “with a compelling federal interest” with:

1) federal government
2) financial institutions
3) Interstate and foreign commerce (as well as communication)

Question 2

Computer Fraud and Abuse Act of 2002 (Definition of Access Violations)

Answer 2

• Outsider trespasses into a computer from 1 of the 3 categories of protected systems
• A user goes beyond his/her scope of authorization and accesses systems and info. he/she should not.

Question 3

Computer Fraud and Abuse Act of 2002 (7 Violations)

Answer 3

1) trespassing
2) exposing certain info
3) damaging a system (of 3 protected)
4) committing fraud
5) threatening to damage a protected computer system
6) trafficking in passwords
7) committing (or attempting to commit) espionage

Question 4

Violations of CFAA for Forensic Examiners

Answer 4

may have permission to examine with appropriate authority, but should be aware of civil penalties if system damaged or data is exposed.

Question 5

Sarbanes-Oxley Act of 2002 (goal)

Answer 5

help prevent corporate corruption and fraud

Question 6

Sarbanes-Oxley Act of 2002 (what it does)

Answer 6

establishes retention records for key info within org, e.g. e-mail.

Question 7

Sarbanes-Oxley Act of 2002 (Email Requirements)

Answer 7

Must be:

1) tamper-proof (password protected, read-only, non-deletable, encrypted, and digitally signed)
2) stored in online and offline systems
3) defined and retained by established business policies
4) fully indexed and searchable

Question 8

How does learning laws help us?

Answer 8

• be prepared to answer questions about what information is available
• how a system was compromised
• what was destroyed
• what controls did and did not work
• monetary estimate of damage

Question 9

CFAA (Definition of Computer)

Answer 9

Defined as:
electronic
magnetic
optical
electrochemical
high speed data processing device (performing logical, arithmetic, or storage functions and includes a data storage facility or communications facility directly operating in conjunction with such device)

Question 10

CFAA (Protected Computer)

Answer 10

1) federal government
2) financial institutions
3) Interstate and foreign commerce (as well as communication)

Question 11

State

Answer 11

includes the District of Columbia, the Commonwealth of Puerto Rico, and any other commonwealth, possession or territory of the United States

Question 12

Financial Institution

Answer 12

• institution with FDIC insured deposits
• Federal Reserve
• credit union
• Federal home loan bank system
• Farm Credit System
• registered with SEC

Question 13

CFAA terms: Financial Record, Exceeds Authorized Access, Department of the US, Damage

Answer 13

damage = impairment to integrity or availability of program,system, or information

Question 14

CFAA term: Conviction

Answer 14

• punishable by imprisonment for more than 1 year, an element of which is unauthorized access, or exceeding authorized access to a computer

Question 15

Elements of Loss under CFAA

Answer 15

• any reasonable cost to any victim:

cost of responding
conducting damage assessment
restore data
revenue lost
cost incurred
consequential damages

Question 16

Person under CFAA

Answer 16

any individual, firm, corporation, educational institution, financial institution, governmental entity, or legal or other entity

Question 17

CFAA (acts of abuse)

Answer 17

• trespassing
• exposure of information
• damaging computer
• committing fraud
• threatening to damage
• trafficking in passwords
• accessing computer to commit espionage

Question 18

CFAA (Access Violations - means of)

Answer 18

• An outsider, who trespasses into a computer

- A user, who goes beyond the scope of their authorization.

Question 19

CFAA (elements of Trespassing in Government Cyberspace)

Answer 19

intentionally AND without authorization

computer exclusively for the use of the Government OR is by or for Government and affects that use

Question 20

CFAA Roles for Law Enforcement

Answer 20

USSS - investigate offenses
FBI - investigate for espionage, foreign counterintelligence, info protected against unauthorized disclosures, restricted data

Question 21

CFAA and civil

Answer 21

may maintain a civil actions against violator

must allege:
damage or loss
caused by
violation of substantive provisions
conduct involving one of the factors

Question 22

Uses of CFAA

Answer 22

US v Morris
International Airport Centers, LLC
Robbins v. Lower Merion School District
Massachusetts Bay Transportation Authority v. Andersen, et. al.
US v. Neil Scott Kramer

Question 23

Sarbanes-Oxley Act

Answer 23

reaction to a number of major corporate and accounting scandals including

internal controls (accounting and financial reporting)
records must be retained

Question 24

Sarbanes-Oxley Act Penalities

Answer 24

Section 802

• up to 20 years imprisonment for altering, deleting data
• up to 10 years on any accountant who violates requirements of audit or review papers for a period of 5 years.