Time
58 minutes
Difficulty
Intermediate
CEU/CPE
1

Video Transcription

00:00
Hello. My name is David. Welcome to handling incidence. The legal aspect.
00:06
Even though many people consider it boring,
00:09
it's super important on and you'll see why, as we get through this and I'm not speaking just because I used to be a police officer, This is important from a wide variety of different angles,
00:23
and I can't really stress that enough. So I'm gonna go try stress it enough, you.
00:27
So let's look at a zoo. Most issues here in our modern day and age, we have to think of legality of an incident legal aspect summit, and it can range from anything civil liability to criminal prosecution to regulatory owes.
00:45
You'll see why these are each
00:47
extremely important as we talk about this in the next several minutes that were to go now
00:53
going through this is handling together. We talked about being prepared even before an incident to deal with all aspects of the incident, and the same is true here when it comes to the legal aspects of it. If you are prepared to deal with the legalities and all, you can do a lot a lot
01:11
to help prevent further disaster.
01:15
If you talk to different people who have been involved in major breaches on Do you listen to them?
01:22
You'll begin to understand why
01:25
this is actually quite important on not something to be of looked or ignored or this Ms.
01:32
Now, there are a ton of regulatory bodies out.
01:34
Uh, that will come in after an incident. And you inspect where audit were. Rebuke, reproved,
01:42
um, picks up. And some of these can't even find quite substantially,
01:49
which is important because it's part of the legal process. Finds airport legal process. So you have, like, this example The National Association of Mutual Germs happens mostly was probably never even heard of this company. But they are overarching regulatory body for insurance
02:08
companies,
02:09
and they've got several documents of you. What breaches in incidents within which happened. So you need to know this If you're gonna work with insurance company P. C. I s s is huge. I can't say that being PC ideas is compliant. Actually makes you secure, But it does help.
02:30
Yeah, you have power to command
02:32
on. Why don't you and inspect you to make sure that your axe and compliant with what they want you to meet Jackie F f i u c for financial institutions of wine variety. The N C U a couple Craig use here in the U. S. I've actually got with the instigator
02:52
is you a low lows?
02:53
I have a do on it and they can cool. Um, your authority to do financial transactions. They're on it comes bad for you. EPA is huge here in the United States, Finds gave the events when it comes to him,
03:10
they actually have a wall of shame on the website were medical offices and facilities and have been breached.
03:19
Um, and believe me, you don't want to cross pass and come under a hippo violation because it can be business ending depending upon all Abbotts. Federal Energy Regulatory Commission is out there floating around two on. And
03:36
can you have the vines in restrictions
03:39
on companies that are involved in energy? So you've got the infrastructure copper. You can see there's a lot of regular toward advise that you have to deal with. Now that's all part of the legal process. And when you're an incident ham true, um,
03:54
you won't really dealing with them too much, But when you are actually doing your grunt level work.
04:02
The auditors and inspectors have been looking at your work tubes to keep that in mind. You don't escape news now when it comes actual walls,
04:13
uh, many, many, many, many, many, many different levels look up, have a knack balls going, cyber security, some involving criminal actions, some involving liability
04:25
in the United States. Here, where I'm located in ST
04:30
has terrible on. And some of those laws
04:33
well affect the business, even if it's not located the restrictions. They've been written in certain ways that if you conduct business with your jurisdiction, but your headquarters is not located there, you could still be held liable criminally responsible if you break those laws
04:54
for you in New York, all have cyber security laws. Error. Nearly every state does
05:01
a lot of catch up, but they're they're on. Many countries have their own lost. Your being Indian GPR is huge on. It covers data within the European Union.
05:15
It coppers businesses to do business within the year,
05:20
whether they're located there or not.
05:23
Um so it's kind of similar to some of the state walls we have here behind states. It's very broad on. It can be very damaging for company if they are found in violation of Did you are now?
05:38
Thankfully, most of these things legal staff is gonna deal with. They should be reviewing,
05:46
advising, providing guidance when it comes to a wall. And some of these regulars were advised a za visited handler.
05:57
You aren't going to be expected to be a walking law dictionary and the Iranians all these questions. That's why you have tournaments. But you do need to be aware of them. And you also need to know that your legal status government in knowledge, because ignorance of the laws of excuse.
06:14
And I know that's kind of tired and worn phrase, but it's true nonetheless.
06:19
So you even need to know somewhat. What laws are you anti business so that you cross that line pertinently, were illegal. Staff gives you bad advice and you can't disappoint, finger them and say, Well, they told me because somebody may say, Well, you should know.
06:39
And then you have to explain why
06:41
keep that in mind. This is just two examples from a GPR breach on you can look there finds These are just from this year. July 8, British Airways is fined £204 million
06:57
under article 32 of the GDR and Marriott International. Sign 110,000
07:03
pounds with change worse under the same article. Now, these aren't final. The companies themselves in actually filing appeal on and seek some kind of remediation of these lines. But this is just to give you an idea how serious some of these laws can be
07:24
very, very serious when it comes to breaches in the lost eight. Now, another aspect of legal side of the house is evidence, because is incident handler, you need to be prepared properly. Handle evidence any instant of the criminal prosecution to be civil case or even internal
07:43
human resource discipline cases you should prepare.
07:46
Now. Each of these requires slightly different methodology, the highest order of evidence being that criminal. So my advice to you would be handle every incident at the same level as you would expect if you went to a criminal prosecution
08:03
which requires you to, you know, as a chain of custody most the handy dandy form documenting the evidence. And you touched it,
08:11
uh, gets rid of the allegations of evidence tampering. I am possibly having you have to start out in court. Every piece of evidence should have its own chain of custody, which is with them, and all evidence should be captured. Your store. You don't need a property room. That's secure.
08:30
But you do need a lot file cabinet or a lot office with a log
08:35
that everything person entering and exiting that room, where that file cabinet has to sign in on on acknowledge their presence. Their chain of custody is pretty simple, received from received by the time on a description of the evidence itself.
08:54
I know, of course, we cover this more adapted to work. You tell that for now, you just need to be aware that it's there.
09:01
I am, what it should include on. There's a list of things that he could included. You write it down. Please pause the video here on, write those things down. A few final thoughts
09:11
rely on your legal counsel persists. Always ensure you have chain of custody for all evidence
09:18
creatives shoot your location to store evidence. Whatever you do, don't think you're in a legal expert.
09:26
Do you need to have a basic knowledge of it? But you don't need to be in the truck.
09:31
If you have any questions, I'd be happy to talk to you, baby. 135 Cyber of fantastic Great day.

Incident Handling Fundamentals

In this course, we will cover the fundamentals of incident handling, specifically how to identify security incidents and the common standards and practices for handling said incidences. This includes discussing various forensic tools, SOAR, and analysis tools/resources.

Instructed By

Instructor Profile Image
David Biser
Incident Response Engineer at Iron Mountain
Instructor