• Choose a category
• All
• Classic-Fiction

The Cyberspace Electronic Security Act

The Cyberspace Electronic Security Act (CESA) gives law enforcement the right to gain access to encryption keys and cryptography methods. The initial version of this act allowed federal law enforcement agencies to secretly use monitoring, electronic capturing equipment, and other technologies to access and obtain information. These provisions were later stricken from the act, although federal law enforcement agencies were given a large amount of latitude to conduct investigations relating to electronic information. This act is generating a lot of discussion about what capabilities should be allowed to law enforcement in the detection of criminal activity.

For more information on CESA, visit http://www.cdt.org/crypto/CESA/.

The Cyber Security Enhancement Act

The Cyber Security Enhancement Act of 2002 allows federal agencies relatively easy access to ISPs and other data-transmission facilities to monitor communications of individuals suspected of committing computer crimes using the Internet. The act is also known as Section 225 of the Homeland Security Act of 2002.

For more information on the Cyber Security Enhancement Act, visit http://www.usdoj.gov/criminal/cybercrime/homeland_CSEA.htm.

The Patriot Act

The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001 was passed partially because of the World Trade Center attack on September 11, 2001. This law gives the U.S. government extreme latitude in pursuing criminals who commit terrorist acts. The definition of a terrorist act is broad.

The law provides for relief to victims of terrorism as well as the ability to conduct virtually any type of surveillance of a suspected terrorist. This act is currently under revision, and it will probably be expanded.

For more information on the Patriot Act and the current budget, visit http://www.cbo.gov/showdoc.cfm?index=3180&sequence=0&from=6. A transcript of the act can be found at http://www.fincen.gov/hr3162.pdf.

Familiarizing Yourself with International Efforts

Many governments are now evaluating their current laws regarding cyberterrorism, cybercrime, and privacy. Among the agencies that are currently evaluating cyber laws are the European Union (EU) and the G8.

The EU, which is a common governance agency that includes many member nations, is soon expected to enact tough legislation regarding computer use. In the next few years, the EU is likely to be formidable in its ability to pursue and prosecute cyber criminals.

The EU is adopting the strategy of looking at all EU member nations as a large “Information Society,” and it will be passing laws and regulations regarding computer security and privacy among all members. It’s also working on laws to protect computer systems and prevent cybercrime. The most all-encompassing law under consideration is the Cybercrime Treaty, which would make all hacking illegal in Europe. It’s generating concern about legitimate research among security researchers in Europe.

International agencies (such as Interpol and the G8) are evaluating guidelines and laws about cybercrime. Asian and Pacific nations appear to be dealing with cybercrime issues on an individual basis.

Summary

In this chapter, you learned the key elements of security management, best practices, and privacy regulations.

Security management is an ongoing process that requires the use of best practices and documentation. The processes help you to document and classify the policies, procedures, and guidelines you need to implement an effective security policy.

The best practices of computer security include information classification, retention, storage, and destruction policies. Best practices also include the security policy, usage policies, backups, configuration management, inventories, change policies, and user management.

To carry out an effective security management process, an organization must allocate sufficient resources; identify responsibilities;