CISSP certification: Entrapment and Enticement.

Post author:Thor Pedersen
Post published:September 17, 2017
Post category:CISSP Certification / CISSP, CISM, CISA, and PMP BLOG / IT security / Updates

Entrapment and Enticement:
- Entrapment (Illegal and unethical):
  - When someone is persuaded to commit a crime they had no intention to commit and is then charged with it.
  - Openly advertising sensitive data and then charging people when they access them.
  - Entrapment is a solid legal defense.
- Enticement (Legal and ethical):
  - Making committing a crime more enticing, but the person has already broken the law or at least has decided to do so. Honeypots can be a good way to use Enticement.
  - Have open ports or services on a server that can be attacked.
  - Enticement is not a valid defense.

If there is a gray area in some cases between entrapment and enticement and it is ultimately up to the jury to decide if it was one or the other.

Check with your legal department and get senior management approval before deploying honeypots or honey-nets.

They pose both legal and practical risks.

Tags: (ISC)², CISSP, CISSP CBK, CISSP Certification, CISSP class, CISSP domains, CISSP Practice questions, CISSP Salary, CISSP study, CISSP training

Thor Pedersen

IT, information security, and project management trainer Best selling CISSP. CISM, and PMP instructor on Udemy. CISSP, CISM, C|EH, CDPSE, PMP, 2x CCNP, CompTIA Security+, SCP, 3x CCNA, et. Al.

CISSP certification: Entrapment and Enticement.

Thor Pedersen

You Might Also Like

IT Securityom (ISC)²Are “Women the Answer to the Cybersecurity Skills Gap?”

CISSP Domain 1: Ethics

CISSP certification: Legal and regulatory issues.