SOT

SOT

SOAR
Security Orchestration, Automation and Response

Automation of response to information security incidents using dynamic playbooks and information security tools, building an attack chain and with an object-oriented approach

NG SOAR
Next Generation SOAR

Automation of response to information security incidents with built-in basic correlation (SIEM), vulnerability Scanner (VS), collection of raw events directly from information security tools, dynamic playbooks, building an attack chain and an object-oriented approach. AM and VM are included

AM
Asset Management

Description of the IT landscape, detection of new objects on the network, categorization of assets, inventory, life cycle management of equipment and software on automated workstations and servers of organizations

VS
Vulnerability Scanner

Scanning information assets with enrichment from any external services (additional scanners, The Data Security Threats Database and other analytical databases) to analyze the security of the infrastructure.

VM
Vulnerability Management

Building a process for detecting and eliminating technical vulnerabilities, collecting information from existing security scanners, update management platforms, expert external services and other solutions

FinCERT
Financial Computer Emergency Response Team

Bilateral interaction with the Central Bank, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

GovCERT
Government Computer Emergency Response Team

Bilateral interaction with the state coordination center for computer incidents, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

Mail us to sales@securityvision.ru or get demo presentation

SDA

SDA

TIP
Threat Intelligence Platform

Cybersecurity threat data collection, analysis, enrichment, infrastructure detection, investigation and response.

UEBA
User and Entity Behavior Analytics

Building behavior models and detecting deviations from them using several dozen built-in static analysis rules.

AD + ML
User and Entity Behavior Analysis

Dynamic behavioral analysis to search for anomalies using machine learning and to search for possible incidents.

Mail us to sales@securityvision.ru or get demo presentation

GRC

GRC

RM
Risk Management

Formation of a register of risks, threats, protection measures and other control parameters, assessment using the chosen methodology, formation of a list of additional measures to change the level of risk, control of execution, periodic reassessment.

ORM
Operational Risk Management

Accounting and recording of operational risk events, monitoring of key risk indicators and self-assessment/control

CM
Compliance Management

Audit of compliance with various methodologies and standards

BCM
Business Continuity Management

Automation of ensuring continuity and restoration of activities after emergencies.

OTS
Operational Technology Security

Operational Technology Security

Mail us to sales@securityvision.ru or get demo presentation

DEMO
presentation

SOT

Technology
SOAR

Security Orchestration, Automation and Response
NG SOAR

Next Generation SOAR
AM

Asset Management
VS

Vulnerability Scanner
VM

Vulnerability Management
FinCERT

Financial Computer Emergency Response Team
GovCERT

Government Computer Emergency Response Team

GRC

Processes
RM

Risk Management
ORM

Operational Risk Management
CM

Compliance Management
BCM

Business Continuity Management
OTS

Operational Technology Security

SDA

Analytics
TIP

Threat Intelligence Platform
UEBA

User and Entity Behavior Analytics
AD + ML

User and Entity Behavior Analysis

All products

SOT

Technology

SOAR

Security Orchestration, Automation and Response

NG SOAR

Next Generation SOAR

AM

Asset Management

VS

Vulnerability Scanner

VM

Vulnerability Management

FinCERT

Financial Computer Emergency Response Team

GovCERT

Government Computer Emergency Response Team

GRC

Processes

RM

Risk Management

ORM

Operational Risk Management

CM

Compliance Management

BCM

Business Continuity Management

OTS

Operational Technology Security

SDA

Analytics

TIP

Threat Intelligence Platform

UEBA

User and Entity Behavior Analytics

AD + ML

User and Entity Behavior Analysis
All products
Clients FAQ

CyBОК. Chapter 3. Laws and regulations. Part 4

CyBОК. Chapter 3. Laws and regulations. Part 4
30.10.2025

Ruslan Rakhmetov, Security Vision


We continue the series of publications devoted to the body of knowledge on cybersecurity - Cybersecurity Body of Knowledge (CyBOK). Chapter 3 of this body of knowledge describes the main regulatory norms and principles of international law that are relevant to cybersecurity and can be applied in assessing cyber risks, managing information security, and investigating cyber incidents. Today is the fourth part of the review of Chapter 3 of CyBOK, which describes various types of cybercrimes and the specifics of the application of legal norms in relation to cyber attacks.


3.5. Computer crimes


The term "cybercrime" is often used for three different categories of criminal activity:

 - "classic" crimes in which cyberspace is used as a tool (for example, financial fraud, cyber fraud);
 - dissemination of illegal information in cyberspace;
 - crimes aimed directly at the cyberspace infrastructure (for example, cyber attacks, break-ins).


This section is devoted to the third category – computer crimes, i.e. crimes directed against information systems, which is of interest to information security specialists.


3.5.1. Crimes against information systems


With the development of information technology, more and more malicious acts began to be committed in cyberspace, but legislative changes do not always keep pace with progress. The key challenge remains the international application of coordinated measures to combat cross-border cybercrime. One of the important measures was the development of the Budapest Convention ("Convention on Computer Crime"), which was approved by the Council of Europe in 2001 and has now been signed and ratified by 66 countries. In 2013, the EU adopted Directive 2013/40, which obliged all member states to update their criminal legislation to include cybercrimes in criminal offences. At the same time, at the end of 2024, the UN General Assembly approved a new "Convention against Cybercrime", adopted in order to strengthen international cooperation to combat computer crimes and exchange evidence on such crimes. The work on this document was initiated by Russia and has been underway for 5 years.


Further, the authors of the document provide a classification of cybercrimes in accordance with the provisions of the Budapest Convention.


3.5.1.1. Unauthorized access to the information system


Unauthorized (unauthorized) access to an information system means access to a system without the permission of its owner, in violation of the rules and procedures for access, and is usually referred to by the general term "hacking". However, the actions that constitute unauthorized access differ from country to country: in the UK, entering a password without the consent of the system owner is considered a hacking attempt, while in the United States, an attempt to establish an unauthorized network connection to the system is considered a cybercrime. It should be noted that the term "unauthorized access" is still not legally defined with the necessary accuracy in all countries and depends on the decision of officials in each specific case.


3.5.1.2. Unauthorized interaction with data


Unauthorized interaction with data in accordance with the Budapest Convention is considered to be the uncoordinated deletion, damage, corruption, modification of data or violation of data availability. These provisions can be used against those who develop or distribute encryption viruses.


3.5.1.3. Unauthorized interaction with systems


At the dawn of cybercrime, attackers hacked into systems and changed data in them, but with the growth of other types of attacks, primarily DoS/DDoS, changes were made to the legislation that reflect new types of malicious activity – now actions that led to a decrease in system performance are considered violations.


3.5.1.4. Unauthorized interception of communications


The adoption of various legislative norms to protect privacy has resulted in the criminalization of unauthorized interception of network traffic, especially in public networks.


3.5.1.5. Unauthorized development of hacker tools


In many countries, it is an offence to develop or distribute hacking tools in order to use them further to break into information systems. Such regulations can create difficulties for those who create solutions for conducting penetration testing and performing other legitimate information security tasks.


3.5.2. Exceptions due to minor violations


In some cases, the application of legislation is limited only to actions that can be considered significant. For example, the EU Directive 2013/40 states that cybercrime can only be considered an action against information systems that are significant, and the level of significance depends on the relative danger of the risk created or the damage caused by unauthorized actions. Such exceptions create uncertainties regarding the calculation of the risk of consequences: in some cases, the damage is obvious, but in some incidents it will be difficult to assess the full scale and consequences of the attack.


3.5.3. Enforcement measures and responsibility for cybercrimes


Each country makes its own decisions regarding the investigation of cybercrimes and the initiation of criminal cases. The courts also determine the responsibility of the perpetrators independently, guided by the boundaries provided for by criminal law. For example, in the UK, typical sentences for cybercrimes range from 2 to 5 years, but even such sentences are rarely imposed. By comparison, in the United States, investigations of cybercrime cases often lead to prison terms of 20 years or more.


The issue of adequate punishment for cybercrimes remains open, especially given the development of technology – for example, hacking of widely used IoT devices can lead to damage to the lives of citizens or their private property. The EU Directive 2013/40 states that the terms of imprisonment should be longer in the case of cyber attacks on critical national infrastructure or in the case of significant damage. In the United States, since 2015, the Computer Misuse Act provides for a prison term of up to 14 years in case of significant damage, and in case of serious damage (or risk) to the health and well-being of citizens or national security, a life sentence may be imposed.


3.5.4. Authorized government actions


In the case of actions related to the investigation of a crime or the protection of national security, a special permit is issued – an order to perform certain actions. The person performing the operations authorized in accordance with this warrant is not responsible for the actions performed, including hacking systems.


3.5.5. Research and development activities performed by non-governmental organizations


Non-governmental organizations that research cybersecurity issues or develop information security solutions may face difficulties, since some of their actions may fall under the definition of cybercrime, for example:

 - Inconsistent analysis of security measures implemented on third-party servers;
 - Uncoordinated remote analysis of third-party Wi-Fi equipment;
 - Uncoordinated analysis of the network infrastructure of third parties;
 - Conducting coordinated load testing (stress testing) of equipment, which degrades the performance of the infrastructure of third parties who are not aware and did not coordinate the testing.;
 - VPO analysis and testing of VPO protection methods;
 - Analysis of botnet components and functionality;
 - Creation and distribution of tools for testing cyber security;
 - The use of various intelligence gathering techniques.


When considering the use of tools for conducting pentests, it is usually not their technical functionality that is evaluated, but the goals and intentions of the organization or person who creates or distributes them, and responsibility arises if these tools were intended to be used to violate the law. Information security researchers, vendors, and specialized information security companies may face difficulties in assessing the risks of conducting certain research or development. In some circumstances and conditions, they may face charges of violating the law.; In addition, it is important to evaluate all applicable laws in all jurisdictions where potentially risky activities are conducted.


3.5.6. Self-defense: software blocking and retaliatory hacking


The terms "self-help" and "self-help" refer to actions that a person takes to protect their rights without involving government officials. In general, such actions are usually not welcome in many countries, since a non-governmental entity is trying to fulfill the function of ensuring legality, which should be performed by the authorities. If in some countries it is allowed to perform certain actions for self-defense, then there are many related restrictions and conditions. Performing self-defense actions can lead to charges of violating the law and lawsuits.


3.5.6.1. Undeclared software blockages


There is a practice by developers of imposing restrictions on the use of software or services: for example, some software will not work after the license expires, and the cloud provider has the right to disable access to services in case of late payment. However, a vendor or provider may have problems if such blocking functionality is not described in the contract, license agreement, or instructions for the software. For example, from the point of view of legislation, it would be a violation to block the operation of software using undeclared functionality, even if the buyer did not pay for the license extension or violated the terms of the license agreement.


3.5.6.2. Retaliatory hacking


The term "retaliatory hacking", "retaliatory strike" (English hack-back) is used to describe actions to carry out a retaliatory cyberattack against the IT infrastructure from which the cyberattack was carried out. Such actions are usually assessed in the context of a cyberattack that was carried out from the territory of a foreign state, while interaction with it on the investigation of this cyberattack is likely to be fruitless. Such retaliatory hacking may include DDoS of the attacking infrastructure, hacking or disabling of the attacking infrastructure, etc. In such a case, such retaliatory hacking will be regarded as a computer crime in the country from which it is being carried out, and in the target country, as well as in the countries whose infrastructure will be involved in these actions. In addition, a country that has become the target of such a retaliatory hack can use the principles of international law and mechanisms to protect its own sovereignty in relation to individuals who carry out such a hack-back, and in relation to the infrastructure used for retaliatory hacking.

Recommended

CyBOK. Chapter 3. Laws and regulations. Part 1
CyBOK. Chapter 3. Laws and regulations. Part 1

17.07.2025

Secure development without barriers: How to build an SSDLC that actually works
Secure development without barriers: How to build an SSDLC that actually works

03.07.2025

eBPF through the eyes of a hacker. Part 3
eBPF through the eyes of a hacker. Part 3

28.08.2025

Security Vision NG SGRC, or New Horizons of process Automation
Security Vision NG SGRC, or New Horizons of process Automation

22.12.2025

Auto Compliance: Automation of asset compliance assessment for safety standards and requirements
Auto Compliance: Automation of asset compliance assessment for safety standards and requirements

24.07.2025

The Living off the Land Family: how to detect and mitigate
The Living off the Land Family: how to detect and mitigate

25.09.2025

DMA attack and defense against it
DMA attack and defense against it

28.04.2025

Business continuity management
Business continuity management

23.12.2024

Basics of Cryptography: what is encryption, hash sum, digital signature
Basics of Cryptography: what is encryption, hash sum, digital signature

03.02.2025

How regreSSHion opened a new chapter in old OpenSSH attacks
How regreSSHion opened a new chapter in old OpenSSH attacks

23.01.2025

From user journey to secure systems: how UX / UI impacts cybersecurity
From user journey to secure systems: how UX / UI impacts cybersecurity

06.02.2025

Technical knowledge of a first-class SOC specialist
Technical knowledge of a first-class SOC specialist

28.10.2024

Recommended

CyBOK. Chapter 3. Laws and regulations. Part 1

17.07.2025

CyBOK. Chapter 3. Laws and regulations. Part 1
Secure development without barriers: How to build an SSDLC that actually works

03.07.2025

Secure development without barriers: How to build an SSDLC that actually works
eBPF through the eyes of a hacker. Part 3

28.08.2025

eBPF through the eyes of a hacker. Part 3
Security Vision NG SGRC, or New Horizons of process Automation

22.12.2025

Security Vision NG SGRC, or New Horizons of process Automation
Auto Compliance: Automation of asset compliance assessment for safety standards and requirements

24.07.2025

Auto Compliance: Automation of asset compliance assessment for safety standards and requirements
The Living off the Land Family: how to detect and mitigate

25.09.2025

The Living off the Land Family: how to detect and mitigate
DMA attack and defense against it

28.04.2025

DMA attack and defense against it
Business continuity management

23.12.2024

Business continuity management
Basics of Cryptography: what is encryption, hash sum, digital signature

03.02.2025

Basics of Cryptography: what is encryption, hash sum, digital signature
How regreSSHion opened a new chapter in old OpenSSH attacks

23.01.2025

How regreSSHion opened a new chapter in old OpenSSH attacks
From user journey to secure systems: how UX / UI impacts cybersecurity

06.02.2025

From user journey to secure systems: how UX / UI impacts cybersecurity
Technical knowledge of a first-class SOC specialist

28.10.2024

Technical knowledge of a first-class SOC specialist

Other articles

What is the Trusted Platform Module (TPM Module) and how is it used to ensure the cybersecurity of endpoints?
What is the Trusted Platform Module (TPM Module) and how is it used to ensure the cybersecurity of endpoints?

20.10.2025

Education in IS. Expectation vs Reality
Education in IS. Expectation vs Reality

19.09.2024

DMA attack and defense against it
DMA attack and defense against it

28.04.2025

Security Vision VS Basic features
Security Vision VS Basic features

14.05.2025

Network scanning and vulnerability detection technologies
Network scanning and vulnerability detection technologies

10.11.2025

From user journey to secure systems: how UX / UI impacts cybersecurity
From user journey to secure systems: how UX / UI impacts cybersecurity

06.02.2025

Spam protection for companies and households
Spam protection for companies and households

17.03.2025

Cybersecurity incident response scenarios. Part 2: runbooks, playbooks, dynamic scripts
Cybersecurity incident response scenarios. Part 2: runbooks, playbooks, dynamic scripts

13.10.2025

The two pillars of Linux monitoring
The two pillars of Linux monitoring

12.12.2024

Other articles

What is the Trusted Platform Module (TPM Module) and how is it used to ensure the cybersecurity of endpoints?

20.10.2025

What is the Trusted Platform Module (TPM Module) and how is it used to ensure the cybersecurity of endpoints?
Education in IS. Expectation vs Reality

19.09.2024

Education in IS. Expectation vs Reality
DMA attack and defense against it

28.04.2025

DMA attack and defense against it
Security Vision VS Basic features

14.05.2025

Security Vision VS Basic features
Network scanning and vulnerability detection technologies

10.11.2025

Network scanning and vulnerability detection technologies
From user journey to secure systems: how UX / UI impacts cybersecurity

06.02.2025

From user journey to secure systems: how UX / UI impacts cybersecurity
Spam protection for companies and households

17.03.2025

Spam protection for companies and households
Cybersecurity incident response scenarios. Part 2: runbooks, playbooks, dynamic scripts

13.10.2025

Cybersecurity incident response scenarios. Part 2: runbooks, playbooks, dynamic scripts
The two pillars of Linux monitoring

12.12.2024

The two pillars of Linux monitoring

This website uses cookies to ensure you get the best experience.