Scribd
Upload
70 views18 pages

Week 08

The document provides an overview of cyber security essentials including: 1) Bug bounty programs run by companies like HackerOne and BugCrowd that pay hackers to find vulnerabilities, though some programs have faced issues. 2) Examples of penetration test reports that can be used to evaluate a system's security. 3) An overview of key US federal cybercrime laws like the Computer Fraud and Abuse Act and examples of cases involving these laws.

Uploaded by

api-247491493
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
70 views18 pages

Week 08

The document provides an overview of cyber security essentials including: 1) Bug bounty programs run by companies like HackerOne and BugCrowd that pay hackers to find vulnerabilities, though some programs have faced issues. 2) Examples of penetration test reports that can be used to evaluate a system's security. 3) An overview of key US federal cybercrime laws like the Computer Fraud and Abuse Act and examples of cases involving these laws.

Uploaded by

api-247491493
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 18

CYBER

SECURITY: ESSENTIALS
Daniel Medina [email protected]

RECAP

Any weeks you want revisit?

BOUNTY PROGRAMS
Managed programs:
HackerOne: hackerone.com
BugCrowd: bugcrowd.com
Crowdcurity / Cobalt: cobalt.io
Individual companies:
hBps://bugcrowd.com/list-of-bug-bounty-programs

BOUNTY PROGRAMS
Not always smooth to run a program
Yahoo Bug Bounty (shirts instead of $)
Prezi Bug Bounty (hack of o-limits internal site)
Digital Ocean (public debate about vuln)

PENETRATION TEST REPORTS

SpiderOak Sample
TrueCrypt Audit by iSec Partners

LAWS & REGULATIONS

FEDERAL CRIMES
The law:
hBp://www.law.cornell.edu/uscode
hBp://uscode.house.gov
& its applicaQon:
hBp://cybercrime.gov

18 USC 1030
Computer Fraud & Abuse
1986, 1994, 1996, 2001,
Originally about hackers
Like this guy ->

18 USC 2511
Wiretap (aka Title III)
1968, 1986,
Protects privacy of live
communicaQon
Service providers exempQon
for acQons in the "normal
course" of business.

18 USC 2701
Stored CommunicaQons
Applies to intenQonal, unauthorized access
whereby the oender obtains, alters, or
prevents authorized access to a wire or
electronic communica6on
General exempQon for service providers

EXAMPLES
Stakkato / FBI Case 216 Spammers (CAN SPAM)
Weev / ATT (CFAA)

US v Councilman (SCA)

TJX / Gonzalez (CFAA)

Goldman "Code Theg"

CYBERSECURITY LAW
Cyber Security Act (2010, 2012, 2013, )
ExecuQve Order 13636:
Improving CriQcal Infrastructure Cybersecurity
NIST Cyber Framework

OTHER LAWS AND REGS


Family EducaQonal Rights and Privacy Act (FERPA)
Health Insurance Portability & Accountability (HIPAA)
Gramm-Leach-Bliley Act (GLBA)
Sarbanes-Oxley Act (SOX)
State Privacy Laws: California SB 1386
CommunicaQons Assistance for Law Enforcement Act (CALEA)

EXTERNAL REQUIREMENTS
PCI DSS: Payment Card Industry
SEC Rules: e.g., Data RetenQon (Rule 204-2)
FFIEC Guidelines: e.g., AuthenQcaQon
FTC Pseudo-Regulatory Framework: e.g., FB

http://online.wsj.com/news/articles/SB111620910505034309

E-Discovery: Current Trends and Cases

E-Discovery: Current Trends and Cases

E-Discovery: Current Trends and Cases

You might also like