Legal and Regulatory Requirements for Electronic Records
Protection of data from abuse, exposure and unauthorized access.
- Firms from new legal obligation for electronic record management and document retention as well as for privacy protection. - ERM consist of policies, procedures and tools for managing the relation, distribution and storage of electronic records.
Laws:- 1. HIPAA (the Health Insurance Portability and Accountability Act 1996) 2. Gramm- Leach- Billey Act 1999 3. Sarbanes- Oxley Act 2002
Electronic Evidence and Computer Forensics
- Information from printed or type written, computer data stored on portable floppy disk, CDs, external drives, computer hard disk, email, instant messages, e- commerce, transaction over the internet are example of electronic evidence. - Computer forensic is the scientific collection, examination, authentication, preservation and analysis of data held on a retrieve from computer storage media in such a way that information can be used as evidence in a court of law.
It deals with the following problems
Recovery data from computers while preserving evidential integrity. Securely storing and handling recovered electronic data. Finding significant information in a large volume of electronic data. Presenting the information to a court of law.
7.6 Risk Assessment
- Before an organization comments resources to control it must know which assets require protection & which assets are vulnerable.