Legal & Regulatory Issues
Today, one of the important aspects of cyber security is legal & regulatory issues. The following list of issues, may have legal or regulatory implications and lead to civil or criminal liability on the part of an organization.
Cyber Crime
Criminal activities committed over communication networks, such as the Internet, Telephone, wireless, satellite, and mobile networks are called cybercrimes. Read more about Cyber Crime
Cyber Terrorism
The main objective of these attacks could be to cause harm based on social, ideological, religious, and political. Cyber Terrorism is type of cybercrime committed against computers and computer networks. Read more about Cyber terrorism
Cyber Stalking
Cyber Stalking is a type of cybercrime in which the criminal harasses or intimidates the victim using the Internet and other electronic resources.
Motives may be to control or intimidate the victim or to gather information for use in other crimes, like identity theft or offline stalking.
The victim can be an individual, a group, a non-governmental company, a government agency or even an international organization. Cyber Stalking can take different forms including slander, defamation and threats.
Information Warfare
Information Warfare is a type of cybercrime to destabilize the enemy, such as governments and institutions to gain a competitive advantage. For example, false propaganda, Disinformation, web page defacement and so on.
DoS Attack or DDoS Attack
DoS / DDoS attacks are cybercrimes where websites of the computer systems of any user are made inaccessible using multiple services request to overload the web and application servers.
A DoS attack is a denial of service attack that make the server unavailable to other devices and users throughout the network.
A DDoS attack is one of the most common types of DoS attack in use today. During a DoS attack, multiple systems target a single system with a DoS attack. This is because more devices are available to attackers, making it difficult for the victim to identify the victim. Read more
Phishing Attack
This type of attack is mostly based on building a fake website, which is very similar in appearance and URL address to a real financial transaction website – such as a bank’s website. In this type of attack, the victim is deceived to be directed to this fake website instead of referring to the main website of the above bank. Then he/she then enters his/ her bank card (or credit card) information and the information is given to the attacker.
Another target of this attack is to direct the victim to fake but similar websites related to the e-mail service providers’ websites ( Such as Gmail, yahoo, outlook and etc) in order to record the victim’s e-mail information.
This type of attack is one of the most common cyber-attacks organized by individuals, groups and even governments. Read more about Phishing attacks.
Pharming
This attack is very similar to the phishing attack and in which, a user is redirected to a malicious website created by the attacker. Read more about Pharming attacks.
SMiShing / SMS Phishing
This attack is using mobile networks. In this attack, SMS is used to lure the user to the attacker-created malicious websites.
Transborder Data Flow
The transfer of computerized data across national borders, states or political boundaries are termed as the transborder data flow. The data may be personal, business, technical, and organizational.
Data Breaches
A data breach is a security event in which sensitive, protected, or confidential data is copied, transmitted, viewed, stolen, or used by an unauthorized individual for various purposes.
A data breach can happen owing to do unethical means such as hacking or organized crimes. It can also be owing to unintentional information disclosure, or data leak.
IPR
The creator of creative intellectual works (such as design, music, literary work, art, inventions, etc.) has a special exclusive right to the property. These exclusive rights are called intellectual property rights (IPR). Intellectual property law is a legal law that is responsible for IPR. Here are some of the IPR-related terminologies:
- Copyright
- Patent
- Trademark
- Trade Secret
Read more about IPR
Importing and Exporting Controls
Many countries have import and export restrictions concerning the encryption of data.
For example, encryption items specifically designed, developed, configured, or modified for military applications, are generally controlled based on munitions lists.
International import and export controls exist between countries to protect IPR. Information security professionals need to be aware of relevant import/export controls for any countries in which their organization operates or to which their employees travel.