Chap 19: Investigations and Ethics Flashcards

1
Q

Know the definition of computer crime.

A

Computer crime is a crime (or violation of a law

or regulation) that is directed against, or directly involves, a computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Be able to list and explain the six categories of computer crimes.

A

Computer crimes are grouped into six categories: military and intelligence attack, business attack, financial attack, terrorist attack, grudge attack, and thrill attack. Be able to explain the motive of each type
of attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Know the importance of collecting evidence.

A

As soon you discover an incident, you must begin to collect evidence and as much information about the incident as possible. The evidence can be used in a subsequent legal action or in finding the identity of the attacker. Evidence can also assist you in determining the extent of damage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Understand the eDiscovery process.

A

Organizations that believe they will be the target of a
lawsuit have a duty to preserve digital evidence in a process known as electronic discovery, or eDiscovery. The eDiscovery process includes information governance, identification, preservation, collection, processing, review, analysis, production, and presentation activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Know how to investigate intrusions and how to gather sufficient artifacts from the equipment, software, and data.

A

You must have possession of equipment, software, or data to analyze it and use it as evidence. You must acquire the evidence without modifying it or allowing anyone else to modify it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Know the basic alternatives for confiscating evidence and when each one is appropriate.

A

First, the person who owns the evidence could voluntarily surrender it.
Second, a subpoena could be used to compel the subject to surrender the evidence.
Third, a law enforcement officer performing a legally permissible duty may seize visible evidence that the officer has probable cause to believe is associated with criminal activity.
Fourth, a search warrant is most useful when you need to confiscate evidence without giving the subject an opportunity to alter it.
Fifth, a law enforcement officer may collect evidence when exigent circumstances exist.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Know the importance of retaining investigatory data.

A

Because you will discover some incidents after they have occurred, you will lose valuable evidence unless you ensure that critical log files are retained for a reasonable period of time. You can retain log files and system status information either in place or in archives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Know the basic requirements for evidence to be admissible in a court of law.

A

To be admissible, evidence must be relevant to a fact at issue in the case, the fact must be material to the
case, and the evidence must be competent or legally collected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Explain the various types of evidence that may be used in a criminal or civil trial.

A

Real evidence consists of actual objects that can be brought into the courtroom.
Documentary evidence consists of written documents that provide insight into the facts.
Testimonial evidence consists of verbal or written statements made by witnesses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Understand the importance of ethics to security personnel.

A

Security practitioners are granted a very high level of authority and responsibility to execute their job functions. The potential for abuse exists, and without a strict code of personal behavior, security practitioners
could be regarded as having unchecked power. Adherence to a code of ethics helps ensure that such power is not abused. Security professionals must subscribe to both their own organization’s code of ethics as well as the (ISC)2 Code of Ethics.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Know the (ISC)2 Code of Ethics and RFC 1087, Ethics and the Internet.

A

All CISSP candidates should be familiar with the entire (ISC)2 Code of Ethics because they have to sign
an agreement that they will adhere to it. In addition, be familiar with the basic statements of RFC 1087.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly