Csec-650

There are a number of cybercrime laws that are extremely important in the field of digital forensics and cybersecurity as a whole. Two of the most important laws include the Computer Fraud and Abuse Act (CFAA) of 1984 and the Electronic Communications Privacy Act (ECPA) of 1986. The original intent of CFAA was to address computer related crimes and more specifically protect information assets. The law made it a federal crime to gain unauthorized access to data or information on protected computer systems. It does not come without criticism. Kerr (2009) made many points that the current law is too vague stating that CFAA has become so broad, and computers so common, that expansive or uncertain interpretations of unauthorized access will render it unconstitutional. Nevertheless, the law has been a cornerstone for shaping the way we deal with cybercrime and since its introduction, has been since amended a number of times. ...

It doesn’t seem that long ago that I received an official letter in the mail from the United States Office of Personnel Management (OPM) detailing that sensitive information about me had been compromised. I had been following the news and knew about the breach, so the letter didn’t come as a huge shock. It did make me think about the impact of such a breach, originally reported as affecting 4 million individuals, later estimated to have compromised sensitive information of 21.5 million. Christensen et al (2015). Just this past week I once again learned, along with the majority of the country, that with high probability my identity along with millions of others had been stolen in another data breach. It has since come to light that the cause of the breach was unpatched systems affected by Apache’s open-source Struts software, a vulnerability that should have been mitigated months before the breach took place. Brandom (2017). ...