Читать книгу The Official (ISC)2 CISSP CBK Reference - Leslie Fife, Aaron Kraus - Страница 55

A cybercrime is any criminal activity that directly involves computers or the internet. In a cybercrime, a computer may be the tool used to execute the criminal activity, or it may be the target of the criminal activity. There are three major categories of cybercrimes:

 Crimes against people: These crimes include cyberstalking, online harassment, identity theft, and credit card fraud.

 Crimes against property: Property in this case may include information stored within a computer, or the computer itself. These crimes include hacking, distribution of computer viruses, computer vandalism, intellectual property (IP) theft, and copyright infringement.

 Crimes against government: Any cybercrime committed against a government organization is considered an attack on that nation's sovereignty. This category of cybercrime may include hacking, theft of confidential information, or cyber terrorism. Hacktivism is another cybercrime that involves hackers seeking to make a political statement with their attacks. Hacktivists often target government entities but may also target other organizations with whom they disagree.

A data breach is a specific cybercrime where information is accessed or stolen by a cybercriminal without authorization. The target of a data breach is the information system and the data stored within it. Data breaches, and cybercrimes more broadly, may pose a threat to a person, a company, or an entire nation. As such, there are many laws that govern and regulate how cybercrimes are prevented, detected, and handled.

As a CISSP, you should be familiar with the following global cybercrime and information security laws and regulations:

 U.S. Computer Fraud and Abuse Act of 1986

 U.S. Electronic Communications Privacy Act (ECPA) of 1986

 U.S. Economic Espionage Act of 1996

 U.S. Child Pornography Prevention Act of 1996

 U.S. Identity Theft and Assumption Deterrence Act of 1998

 USA PATRIOT Act of 2001

 U.S. Homeland Security Act of 2002

 U.S. Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act of 2003

 U.S. Intelligence Reform and Terrorism Prevention Act of 2004

 The Council of Europe's Convention on Cybercrime of 2001

 The Computer Misuse Act 1990 (U.K.)

 Information Technology Act of 2000 (India)

 Cybercrime Act 2001 (Australia)

NOTE Many of the regulations in this section have been around for decades. While most of them are still relevant as of this book's writing, the legal landscape is dynamic and changes every year.