Time
52 minutes
Difficulty
Intermediate
CEU/CPE
1

Video Transcription

00:00
Hello. My name is David Visor and welcome to post incident response. Legal concerns are something that you can't ignore. They are going to be with you throughout the entire process. I hated, even want to tell you that I really knew. But in today's litigious society,
00:20
you can't afford to ignore the legal aspects of being an incident. Him
00:27
being part of an incident response team. With so much data
00:32
being transfer and share exchange stores
00:37
involving people's names and dates of birth, their genetic information, health information, their financial information, you have to be at least
00:50
somewhat aware of the legal issues that are in play here. Or you could get blindsided by a lawsuit.
00:59
Yeah, what with nothing.
01:02
So
01:03
our actions do have legal consequences in instant response, um, taken range across a wide variety of things. It's it's true on many fronts. Criminal Iraq War criminal actor um,
01:19
could be criminally responsible. Charges could be filed against in a package is your network. And then you can have to testify in court employees internal actions against employees. We talked about insider threats in modern four on and talk about some of the liabilities there,
01:38
um, liability regarding customers and that data that you're
01:44
entrusted with by customers. Clients return me when he used for. So as you can see, the legalities come into play on many fronts. One quick example. Working back in my old wasn't ace way would seize computers from people
02:01
Uh oh,
02:04
for a variety of give a criminal investigations
02:07
and wants me that seizure than we were responsible for the care and well being issued saying will be of the computer equipment that we seized. Sometimes we had to give it back. Sometimes there were files on systems that people really desperately didn't want tohave,
02:24
family pictures, for example, or family documents,
02:29
so we would have been held liable if we would have lost that in some criminally negligent way. I thankfully, that never happened to me. But I have heard of it happening to, uh,
02:40
forensic investigators. When they were entrusted with the hard drive and eight on the hard drive on and they lost it due to Fulton procedures or processes of equipment, they were held civilly liable. So keep that in mind. Now there are three main areas of legality that I want us to think about. Privacy is one,
03:00
Ramsey
03:01
covers a wide range of topics.
03:05
Unfortunately, throughout the course of the it's a long process. Ethics does he huge for, uh, you and me and others in this field of Emily in its response. But across the technical round
03:22
And of course, ethics also crosses the line into just a behavior.
03:27
Then we'll look at these aluminum closer. We get through this episode together and the investigations themselves.
03:34
I have legal aspects to them that you need keep in mind and be aware of as you work. So let's talk about privacy. Quick, quickly, quick, Quicker, Quick guest.
03:47
Actually, we shouldn't talk about it quickly. But due to the nature of the course and the time that we have, we're gonna be quick about it. Perhaps he can be addressed from three different ways. Basically the corporation of the organization itself.
04:01
They could have trade secrets, internal documents, information that you don't want getting out. So they want to keep at that private.
04:10
Um,
04:11
you have the responders and the investigators themselves who are oftentimes entrusted with a wide range of data of the internal and external that wth e sharing of could be problematic theory results of an incident investigation,
04:30
uh, should be considered private in sensitive data
04:32
on unfortunately,
04:35
ah, a little sidetracked here that comes into play in the information, sharing almost
04:43
the cyber security will. There are a lot of people who work in this field who, the way, all the back, that information sharing is kind of lacking in the month. Cyber security professionals.
04:57
And there are a host of reasons for that that privacy is probably one of the biggest ones. Most companies don't want it to be, knows
05:03
if they suffered a breach.
05:05
And so thean set of responders of whatever hat, maybe malware forensics sake. And unless they can't really share that information on the right, the needy organizations approved where they do it, and that lends itself to
05:21
the lack of information sharing. Unfortunately,
05:26
now customer data should be obvious. There are who's of laws and regulations that govern privacy, customer data and the legality of exposing it. So be careful with that
05:40
dealing with it, whether it is as part of an incident or destroy dated a job function, Alan would be found in violation of
05:48
accidentally exposing customers ate up through an investigation or something. Now ethics comes into play under the legal Roma's Well, basically,
05:59
it's more or less identifies corporate rules of conduct, war rules of behavior, moral kids on and it's been discussed for time immemorial,
06:09
even past Aristotle, whose bust there are. You're not just kind of eat classy, I guess, for our time here together. But ethics has been discussed and ordered about and talked about for a long, long time. It is no different in the computer fields.
06:29
Ah, lot of times the corporate rules of conduct come in like a legal businesses
06:33
and acceptable use policies. Operation users, uh, what's the number one use of the Internet in the world today?
06:45
If he said, research, you're wrong
06:49
were non graffiti. Bright is the number one use of the Internet ***. So a lot of companies have legal issues with that they don't want poor on their company's servers and systems. So the acceptable use policy comes into play there as well.
07:08
On third party use of the network information, a lot of companies have contractors that come in and they're not working
07:15
vendors that committed user network. All of them have to abide by those corporate rules, conduct the ethics of the company with which they're interacting and that can change from company company. So the legality of it could change that in mind. When you're out there working,
07:32
they usually judged by
07:35
whatever the broader societies accepted. Practices are so that could include corporate accounting. Practices are public information dissemination which we talked about relative cyber security and the lack of information sharing.
07:50
And there are statutory regulations hip hop, for example, or P. C. I. P. S s coming to play worried you're in Europe. The GPR
08:00
eyes huge. Several rather large fines have been Letty against violations of GPR from companies doing business in Europe. So
08:11
you definitely don't want to get caught in the short stick that now the Brookings Institute has put out something that they call the 10 Commandments of Ethics and information Security. I wanted to at least explosion to this,
08:24
um, the link do it will be in resource is page of this course so that you can refer to it and use it to give you some pretty broad legal guides.
08:37
A lot of times, the legality up things comes down to 10 simple commandments like this that can help protect you from.
08:48
And he put it, Mrs using computer information or data. Um,
08:54
although most people don't follow these kinds of commandments anymore, or they find little ways to wiggle around them, the old stuff do that. You are held to a higher standard, Remember, Now it's tricky because we live in a global society into the companies, have a global footprint,
09:13
and each nation
09:16
has their own cybersecurity waltz. So it be who's you as a practitioner?
09:24
Research and none of the laws that are applicability to your own country, where your location here in the United States, the federal laws and there are state balls
09:35
and they could be different, so we have to know all of them and be ableto buy them. So whether you're in Africa or Asia or your or South America,
09:45
you're gonna have to make sure that you either know those laws yourself where your legal department is able to keep you abreast of laws and how they could be applied to you in your situation.
09:58
That's just a high level overview of the real issues of Alban incident response. So you have any questions hitting upon Cybermen Day? Be 135 We happy to talk to you. Have a great day

Up Next

Incident Response Recovery

Incident Response Recovery covers the actual recovery process from an incident that was identified and managed. It goes over the proper documentation necessary after the incident is handled, the legal concerns associated with the incident, and the lessons learned.

Instructed By

Instructor Profile Image
David Biser
Incident Response Engineer at Iron Mountain
Instructor