Legal Aspects of Incident ResponseIncident Response and Advanced Forensics

Begin Learning Cyber Security for FREE Now!

Already a Member Login Here

Home Forums Courses Incident Response and Advanced Forensics Legal Aspects of Incident Response

This topic contains 3 replies, has 3 voices, and was last updated by  sanjayscorpio 2 years, 5 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
  • #79610


    Legal Considerations

    – Illegal actions may render any evidence inadmissible for future legal proceedings.

    – Worse, illegal actions may pose a greater liability to the organization than the incident.

    – Hackbacks: Unauthorized access to information systems or destruction of an information system are violations of federal law, even if you are attempting to recover or delete data which has been stolen from your organization.


    – The Fourth Amendment of the U.S. Constitution provides, “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath of affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

    – The ultimate goal of this provision is to protect people’s right to privacy and freedom from arbitrary governmental intrusions. Private intrusions not acting in the color of governmental authority are exempted from Fourth Amendment.


    · Two-Step Process

    · To have standing to claim protection under the Fourth Amendment, one must first demonstrate an expectation of privacy, which is not merely a subjective expectation in mind but an expectation that society is prepared to recognized as reasonable under the circumstances.

    – Government can limit or eliminate reasonable expectation
    O’ Conner v. Ortega, 480 U.S. 709 (1987).

    – If no reasonable expectation exists, no warran is required.

    – When in doubt… seek legal advice


    – Sec. 103. Methods of Notice to Individuals

    A business entity shall be in compliance with section 101 if it provides both:

    – (1) Individual Notice – Notice to individuals by one of the following means:
    · Written notification to the last known home mailing address of the individual in the records of the business entity.
    · Telephone notice to the individual personally; or
    · e-mail notice, if the individual has consented to receive such notice and the notice is consistent with the provisions permitting electronic transmission of notices under section 101 of the Electronic Signatures in Global and National Commerce Act (section 7001 of title 15, United States Code).

    – (2) Media Notice – If the number of residents of a State whose sensitive personally identifiable information was, or is reasonably believed to have been accessed or acquired by an unauthorized person exceeds 5,000, notice to media reasonably calculated to reach such individuals, such as major media outlets serving a State or jurisdiction.


    – Any business entity shall notify an entity designated by the Secretary of Homeland Security to receive reports and information about information security incidents, threats, and vulnerabilities, and such agency shall promptly notify and provide that same information to the United States Secret Service, the Federal Bureau of Investigation, and the Commission for civil law enforcement purposes, and shall make it available as appropriate to other federal agencies for law enforcement, national security, or computer security purposes, if:

    – (1) – the number of individuals whose sensitive personally identifiable information was, or is reasonably believed to have been, accessed or acquired by an unauthorized person exceeds 5,000;

    – (2) – the security breach involves a database, networked or integrated databases, or other data system containing the sensitive personally identifiable information of more than 500,000 individuals nation wide;

    – (3) – the security breach involves databases owned by the Federal Government; or

    – (4) – the security breach involves primarily sensitive personally identifiable information of individuals known to the business entity to be employees and contractors of the Federal Government involved in national security or law enforcement.










Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?