A2 - Law and Compliance Flashcards

1
Q

What is the Computer Misuse Act 1990?

A

UK legislation addressing crimes of unauthorized access, modification, and data integrity in computer systems, including access with intent to commit further offenses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What was the impact of the Computer Misuse Act 1990 on penetration testing?

A

Legal authorization: Pentesters need explicit permission and must stay within the agreed scope to avoid legal risks

Handling tools: Tools should be used responsibly and only in authorized environments.

Documentation: Keep records of authorization, scope, and activities for compliance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What does the Human Rights Act 1998?

A

Incorporates the rights set out in the European Convention on Human Rights (ECHR) into UK law. Employees have a right to privacy while in their place of work.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the impact of the Human Rights Act 1998 on penetration activities?

A

Pentesters must avoid unnecessary access to personal data, ensure activities are authorized, and comply with laws protecting sensitive information to avoid violating individual rights.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the Data Protection Act 1998?

A

Regulated how personal data was collected stored, and used, ensuring individuals privacy rights were protected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the 8 principles of the Data Protection Act 1998?

A

Lawfulness, fairness and transparency
Purpose limitation
Data minimisation
Accuracy
Storage limitation
Integrity and confidentiality (security)
Accountability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the impact of the Data Protection Act 1998 on penetration testing?

A

Delete data when no longer required.
Pentesters must ensure that any personal data they encounter during testing is processed lawfully, fairly and securely.
Testers should only collect and use personal data that is necessary for testing purposes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the Police and Justice Act 2006?

A

Introduced a range of measure to enhance law enforcement and criminal justice, including specific provisions related to cybercrime.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What was the impact of the Police and Justice Act 2006?

A

The Act amended the Computer Misuse Act, covering intent to make systems insecure, and making, supplying, or obtaining tools (e.g., viruses, worms) for unauthorized access or criminal use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does the PCI-DSS stand for?

A

Payment Card Industry Data Security System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is PCI-DSS?

A

Security standard that includes requirements for security management, policies and procedures when dealing with payment cards details (debit, credit, prepaid, e-purse, ATM, and POS cards and associated businesses).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does HIPPA stand for?

A

Health Insurance Portability and Accountability Act

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is HIPPA?

A

HIPAA security rules apply to electronic protected health information (EPHI) and require organizations to implement safeguards to protect its confidentiality, integrity, and availability from anticipated risks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the ISO 127001?

A

ISO/IEC 27001 provides a framework for organizations to manage the security of assets such as financial information, intellectual property, employee details, and third-party data. It outlines best practices and controls for maintaining confidentiality, integrity, and availability of sensitive information, and it is widely used for achieving compliance with data protection laws and industry standards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly