The US DoJ has published these guidelines by its Cybersecurity Unit (CsU) in document in response to questions posed by private organisations about the legality of specific cybersecurity measures. It is intended to help organisations adopt effective cybersecurity practices and to conduct them in a lawful manner. It focuses on cyber threat intelligence gathering efforts that involve online forums in which computer crimes are discussed and planned and stolen data is bought and sold. It also contemplates situations in which private actors attempt to purchase malware, security vulnerabilities, or their own stolen data—or stolen data belonging to others with the data owners’ authorisation—in Dark Markets. The guidance is intended to help private sector cybersecurity practitioners by identifying steps they can take and issues they should consider to avoid violating federal criminal law while conducting cybersecurity activities involving criminal forums. When properly conducted, such activities can improve organisations’ cybersecurity readiness and help prepare them to respond to cybersecurity threats effectively and lawfully.
If you’d like to help me buy that (badly needed) new laptop or, even better, a new desktop to replace the one now 5,000 miles away – https://www.buymeacoffee.com/KoIvM842y