Chapter 3: Compliance

Question 2

Regulations

Answer 2

Written rules issued by an executive body covering specific issues, and apply only to the specific entities that fall under the authority of the agency that issued them

Question 3

Civil law system

Answer 3

Uses prewritten rules and not based on precedent; is different from civil (tort) laws, which work under a common law system

Question 4

Common Law System

Answer 4

made up of criminal, civil, and administrative laws

Question 5

Customary law system

Answer 5

Addresses mainly personal conduct and uses regional traditions and customs as the foundations of the law; is usually mixed with another type of listed legal system rather than being the sole legal system used in a region

Question 6

Religious law system

Answer 6

Laws are derived from religious beliefs and address an individual’s religious responsibilities; commonly used in Muslim countries or regions

Question 7

Mixed law system

Answer 7

Uses two or more legal systems

Question 8

Criminal law

Answer 8

deals with an individual’s conduct that violates government laws developed to protect the public

Question 9

Civil law

Answer 9

deals with wrongs committed against individuals or organizations ending in injury or damages; no prison time as a punishment, usually requires financial restitution

Question 10

Administrative law

Answer 10

Regulatory law; covers standards of performance or conduct expected by government agencies from companies, industries, and certain officials

Question 11

Island-hopping attacks

Answer 11

an attacker compromises an easier target that has a trusted connection to the ultimate target

Question 12

APT

Answer 12

advanced persistent threat; sophisticated threat actor with the means and will to devote extraordinary resources to compromising a specific target and remaining undetected for extended periods of time

Question 13

Data breach

Answer 13

a security event which results in the actual or potential compromise of the confidentiality or integrity of protected

Question 14

PII

Answer 14

personally identifiable information; data which can be used to uniquely identify, contact, or locate a single person or used with other sources to identify a single individual

Question 15

TDF

Answer 15

transborder data flow; movement of machine-readable data across a political boundary like a country’s border

Question 16

Data localization laws

Answer 16

Require certain types of data to be stored and process in that country, sometimes exclusively

Question 17

IP

Answer 17

Intellectual property; type of property created by human intellect consisting of ideas, inventions, and expressions uniquely created by a person and protected from unauthorized use by others

Question 18

License

Answer 18

an agreement between an IP owner (licensor) and somebody else (licensee), granting the party rights to use the IP in very specific ways

Question 19

Trade secrets

Answer 19

proprietary to a company, often include information which provides a competitive edge; information is protected as long as the owner takes the necessary protective actions

Question 20

Copyright

Answer 20

protects the expression of ideas rather than the ideas themselves

Question 21

Trademarks

Answer 21

protect words, names, product shapes, symbols, colors, or a combination of these used to identify products or a company; items used to distinguish products from the competitors’ products

Question 22

Patent

Answer 22

grants ownership and enables the owner to legally enforce their rights to exclude others form using the invention covered by the patent

Question 23

Due diligence

Answer 23

defined as doing everything within one’s power to prevent a bad thing from happening; normally associated with leaders, laws, and regulations

Question 24

Due care

Answer 24

taking the precautions that a reasonable and competent person would take in the same situation; normally applicable to everyone; its absence could show negligence

Question 25

Administrative investigations

Answer 25

focused on policy violations

Question 26

Criminal investigations

Answer 26

aimed at determining whether there is cause to believe someone committed a crime

Question 27

Civil investigation

Answer 27

Triggered when a lawsuit is imminent or ongoing and similar to a criminal investigation; except that instead or working with law enforcement agencies you will probably be working with attorneys from both sides

Question 28

Regulatory investigation

Answer 28

initiated by a government regulator when there is reason to believe the organization is not in compliance

Question 29

Data breach notification requirements

Answer 29

GDPR has strictest breach notification requirements; within 72 hours of becoming aware of the breach

Question 30

Software piracy

Answer 30

using a software product that it is not authorized to use; can have significant financial and even criminal repercussions

Question 31

To control the public distribution of an original white paper written by staff

Answer 31

Copyright to protect

Question 32

Federal Privacy Act of 1974

Answer 32

created to protect personal data; information can only be used for the reason for which it was collected

Question 33

GDPR

Answer 33

General Data Protection Regulation; privacy law