There is no single law known as a cyber law. Cyber law is a term to describe the international, regional, country, and state laws that affect computer security professionals. IT professionals must be aware of cyber law so that they understand their responsibility and their liability as it relates to cyber crimes.
Cyber laws explain the circumstances under which data (evidence) can be collected from computers, data storage devices, networks, and wireless communications. They can also specify the manner in which this data can be collected. In the United States, cyber law has three primary elements:
- Wiretap Act
- Pen/Trap and Trace Statute
- Stored Electronic Communication Act
IT professionals should be aware of the cyber laws in their country, region, or state.
First response is the term used to describe the official procedures employed by those people who are qualified to collect evidence. System administrators, like law enforcement officers, are usually the first responders at potential crime scenes. Computer forensics experts are brought in when it is apparent that there has been illegal activity.
Routine administrative tasks can affect the forensic process. If the forensic process is improperly performed, evidence that has been collected might not be admissible in court.
As a field or a bench technician, you may be the person who discovers illegal computer or network activity. If this happens, do not turn off the computer. Volatile data about the current state of the computer can include programs that are running, network connections that are open, and users who are logged in to the network or to the computer. This data helps to determine a logical timeline of the security incident. It may also help to identify those responsible for the illegal activity. This data could be lost when the computer is powered off.
Be familiar with your company’s policy regarding cyber crimes. Know who to call, what to do and, just as importantly, know what not to do.