Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

references are must A 1 explains the difficulty in prosecuting computer crime .w

ID: 3561675 • Letter: R

Question

references are must

A

1 explains the difficulty in prosecuting computer crime .why is law seemingly a few steps behind new technology or new paradigms? For example, crimes such as a denial of service, ransomware, identify theft that occur or are initiated from different countries who have different law systems. How or can these malicious attacks be prosecuted?

2.what is the purpose of information assurance ?how does information assurance and compliancy work with another ?

3.furthermore,what is HIPAA and PCI DSS? Finally, what is the purpose of computer forensics?

B.

1.should your information technology department and information security department report to the same department head? Or, should your IT and IS department function separately? Why or why not?

2.what is split knowledge, separation of duties, and mandatory vacations and why should these administrative countermeasures be part of your normal security operational procedures?

C

1.what is crime prevention through environmental design?

2.how can you use nature to help secure an organization

Explanation / Answer

A)

Jurisdictional issues

The concept of jurisdiction pertains to which agency or court has the authority to administer justice in a particular matter, and to the scope of those agencies' and courts' authority. Jurisdiction can be based on a number of different things:

Branch of law. In the U.S., there are three broad branches of law: criminal law, civil law, and regulatory law. The criminal (or penal) system deals with offenses that are prosecuted by the government - local, state or federal - and can be punished by monetary fines, loss of liberty (jail or prison), or in extreme cases, even loss of life (death penalty). The civil system deals with disputes between individuals or organizations (including in some cases government agencies), in which the party found liable is ordered to pay monetary damages and/or ordered to do or not do something (injunction). Regulatory agencies have jurisdiction over specific industries or activities and can impose fines and/or take away an individual's or organization's authorization to conduct business or engage in the regulated activity. Type of case. Within each system, there can be different agencies or courts assigned responsibility for different types of cases. For example, within the criminal system, some courts deal exclusively with traffic offenses and some deal with domestic violence and other family law cases. Some law enforcement agencies have jurisdiction only over crimes that violate the state's alcoholic beverage code, or only investigate and prosecute offenses that fall under the parks and wildlife code. Within the civil system, some courts handle only divorce cases, others handle only probate matters, and so forth. Grade of offense. In the criminal justice system, different courts have jurisdiction over different grades of offense, based on severity. Municipal courts may handle only city ordinance violations and/or certain misdemeanor offenses. County courts may handle more serious misdemeanors, while district courts handle felony offenses. Monetary damages. In the civil system, different courts handle cases based on the monetary damages. For example, small claims courts or justice of the peace courts may have jurisdiction over lawsuits up to a few thousand dollars. Level of government. In the U.S., there are separate laws, law enforcement agencies and court systems for different levels of government. In the criminal system, you have municipal police, county sheriffs (and in some states, constables and/or marshals), state police or troopers, and numerous federal agencies such as the FBI, DEA, BATF, etc., enforcing the laws that are passed by the governing bodies at the corresponding levels (city and county ordinances passed by city councils and county commissioners, state statutes passed by state legislative bodies and federal laws passed by the U.S. Congress).

Because these systems are separate, a person can be charged, tried and acquitted under state law, for example, and then charged, tried and convicted under federal law for the same act, without incurring double jeopardy. There are also international law-making bodies such as the EU and the UN; their laws are generally adopted by the member nations via treaties.

Geographic area. Any good real estate agent will tell you it's all about location, location, location - and that's what geographic jurisdiction pertain to. In the case of the courts, it's also referred to as venue. A law enforcement agency or court has jurisdiction only over crimes that take place in the geographic location where that agency or court has authority. That may include the location of the perpetrator, the location of the victim, or the location where the crime actually occurred.

Before a law enforcement agency can investigate a cybercrime case, it has to have jurisdiction. The first thing that must be determine is whether a crime has taken place at all. In some cases, there is no law on the book that covers the particular circumstance. In other cases, the wrongful action that took place is a civil matter, not a criminal one. This might be the case, for instance, if you entrusted your data to a company and that company lost it.

If a criminal offense has occurred, the next step is to determine what law was violated. Was it a city ordinance, a state statute, or a federal law? Local police don't generally pursue a person for federal crimes, and the FBI doesn't generally investigate and arrest for state offenses (although in some serious matters, agencies at different levels come together to form task forces and work together to pursue criminals who commit offenses that are violations at both levels).

The next, and in the case of cybercrime the stickiest point, is to determine the geographic jurisdiction. This is more difficult in cybercrime cases than in other types of crime because often the perpetrator is not in the same city, state or even country as the victim.

Why is geographic jurisdiction such a big problem? There are a couple of important reasons:

Laws differ from state to state and nation to nation. An act that's illegal in one locale may not be against the law in another. This complicates things if the perpetrator is in a location where what he/she is doing isn't even against the law - even though it's a clear-cut crime in the location where the victim is.

Law enforcement agencies are only authorized to enforce the law within their jurisdictions. A police officer commissioned in California has no authority to arrest someone in Florida, the FBI doesn't have the authority to arrest someone in Spain and so forth. Extradition (the process by which a state or nation surrenders a suspect to another) is difficult at best, and often impossible. Under international law, a country has no obligation to turn over a criminal to the requesting entity, although some countries have treaties whereby they agree to do so. Even in those cases, it's usually an expensive and long, drawn-out process.

Thus jurisdictional issues frequently slow down or completely block the enforcement of cybercrime laws. Extradition treaties often require "double criminality," meaning the conduct must be a crime in both the jurisdiction seeking to extradite and in the jurisdiction from which the extradition is sought.

Anonymity and identity

Before jurisdiction even comes into play, it's necessary to discover where - and who - the criminal is before you can think about making an arrest. This is a problem with online crime because there are so many ways to hide one's identity. There are numerous services that will mask a user's IP address by routing traffic through various servers, usually for a fee. This makes it difficult to track down the criminal.

In 2009, Eugene Kaspersky identified the relative anonymity of Internet users as a key issue that enables cybercrime and proposed Internet "passports" for individuals and accreditation for businesses to help combat the problem.

Some studies have shown that people are more likely to engage in offensive and/or illegal behavior online because of the perception of anonymity.

However, attempts to better track online identity raise serious issues for privacy advocates and result in political backlash. And end to anonymity on the Internet could have serious consequences in countries where the government punishes dissenters, so even if the technological challenge of identifying every online user could be overcome, many lawmakers would be hesitant to mandate it. Cybercriminals exploit the rights and privileges of a free society, including anonymity, to benefit themselves.

Nature of the evidence

Yet another thing that makes cybercrime more difficult to investigate and prosecute in comparison to most "real world" crimes, is the nature of the evidence. The problem with digital evidence is that, after all, it is actually just a collection of ones and zeros represented by magnetization, light pulses, radio signals or other means. This type of information is fragile and can be easily lost or changed.

Protecting the integrity of evidence and maintaining a clear chain of custody is always important in a criminal case, but the nature of the evidence in a cybercrime case makes that job far more difficult. An investigator can contaminate the evidence simply by examining it, and sophisticated cybercriminals may set up their computers to automatically destroy the evidence when accessed by anyone other than themselves.

In cases such as child pornography, it can be difficult to determine or prove that a person downloaded the illegal material knowingly, since someone else can hack into a system and store data on its drive without the user's knowledge or permission if the system isn't adequately secured.

In cases of intrusion or cybervandalism, the bad guy often erases all logs that show what happened, so that there is no evidence to prove that a crime even occurred, much less where the attack came from.

B)The technology group should understand the basic separation of duties issues within the technology area as well as the principle of least privilege. However, technology does not normally have the expertise to determine the separation of duties issues within the business. Although conflicting access rights may be a cause for concern, it is not technology's responsibility to identify these separation of duties issues. However, following the reasonable person rule, technology does have the responsibility to bring a separation of duties issue to management attention when they observe them. The audit function usually has more training and expertise to map business logic to information flow and suggest where separation of duties makes sense. Ultimately, it is business management's responsibility to adequately address separation of duties issues. For daily operational purposes, Compliance may be sought to review user access rights to address separation of duties concerns. Internal Audit would review user access during audits for separation of duties issues. Note that Internal Audit would not do it on a daily operational basis as it would become a separation of duties issues for Internal Audit. Where Internal Audit performs this function, Internal Audit will not have the appearance of being objective during their audit.

C)Crime prevention through environmental design (CPTED) is a multi-disciplinary approach to deterring criminal behavior through environmental design. CPTED strategies rely upon the ability to influence offender decisions that precede criminal acts. Generally speaking, most implementations of CPTED occur solely within the urbanized, built environment. Specifically altering the physical design of the communities in which humans reside and congregate in order to deter criminal activity is the main goal of CPTED. CPTED principles of design affect elements of the built environment ranging from the small-scale (such as the strategic use of shrubbery and other vegetation) to the overarching, including building form of an entire urban neighbourhood and the amount of opportunity for "eyes on the street".


Making the case for physical security
Insiders perform the vast majority of security breaches. It

Related Questions

recursion Problems: 1)I need help changing my Boolean method from a loop to usin
Question #671284
recursion help appreciated During the first expedition to Mars, linguists discov
Question #3814209
recursion.java - http://people.cs.pitt.edu/~ramirez/cs401/handouts/recursion.jav
Question #3571733
recursive algorithms help C++ programming: question : Create an ADT that contain
Question #3823403
recyclers operate in sealed, mechanized plants, with smokestacks Ethical Dilemma
Question #395429
recyclers operate in sealed, mechanized plants, with smokestacks equipped with s
Question #418258
red Writing: Ethical and Social Responsibility. Consciousness rth 20 Points Mari
Question #3448174
red light ______ angle violet light ______ angle A prism made of flint glass has
Question #2039689

Navigate

Previous
referenced in Module 2. This assignment is a continuation on Functions. Importan
Next
referring to the graph, can you please answer this: What is the price-quantity c

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.