A.26 Chapter 25: Computer Crime

  • Consult with your legal counsel to determine legal options and liability in the event of a security incident.

  • Consult with your insurance carrier to determine if your insurance covers losses from break-ins. Determine if your insurance covers business interruption during an investigation. Also determine if you will be required to institute criminal or civil action to recover on your insurance.

  • Replace any "welcome" messages with warnings against unauthorized use.

  • Put explicit copyright and/or proprietary property notices in code startup screens and source code. Formally register copyrights on your locally developed code and databases.

  • Keep your backups separate from your machine.

  • Keep written records of your actions when investigating an incident. Timestamp and initial media, printouts, and other materials as you proceed.

  • Develop contingency plans and response plans in advance.

  • Define, in writing, levels of user access and responsibility. Inform your users what you may monitor. Have all users provide a signature noting their understanding of and agreement to such a statement. Include an explicit statement about the return of manuals, printouts, and other information upon user departure.

  • Develop contacts with your local law enforcement personnel.

  • Do not be unduly hesitant about reporting a computer crime and involving law enforcement personnel.

  • If called upon to help in an investigation, request a signed statement by a judge requesting (or directing) your "expert" assistance. Recommend a disinterested third party to act as an expert, if possible.

  • Expand your professional training and contacts by attending security training sessions or conferences. Consider joining security-related organizations.

  • Be aware of other liability concerns.

  • Restrict access to cryptographic software from the network.

  • Restrict or prohibit access to material that could lead to legal difficulties. This includes copyrighted material, pornographic material, trade secrets, etc.

  • Make sure that users understand copyright and license restrictions on commercial software, images, and sound files.

  • Make your users aware of the dangers of electronic harassment or defamation.

  • Make certain that your legal counsel is consulted before you provide locally developed software to others outside your organization.

    Part VI: Appendixes