Chapter 7: Law, Investigations, and Ethics

Question 1

Types of attack motivations

Answer 1

Military and Intelligence: other countries and their intelligence services steal info for IR use

Business: competitive businesses stealing from each other

Financial: Banks or other financial institutions attacked for the money

Terrorist: Self explanatory

Grudge: Disgruntled employees

Thrill: “For the lulz”

Question 2

Denial of Service (DoS)

Answer 2

Overloads a computer’s resources (such as the temporary buffer) and bogs it down so that it can no longer respond to tasking

Question 3

Rogue code

Answer 3

Malware, generally…a user accidentally enables code on a machine that then renders the machine unsafe or useless

Question 4

Software piracy

Answer 4

Using software without licensing/permission

Question 5

Social engineering

Answer 5

Deceiving a person into giving up sensitive information that an attacker then uses to gain access to something

Question 6

Dumpster diving

Answer 6

going through rejected or trashed documents in order to gain info to allow access to something

Question 7

Spoofing of IPs

Answer 7

Pretending to be something (a piece of equipment or a destination) you are not in order to intercept information

Question 8

Emanation eavesdropping

Answer 8

Listening in on actual radio waves, etc, particularly on unshielded equipment

Question 9

Embezzlement

Answer 9

Adjusting software in order to send money to someone (round off errors, etc)

Question 10

Information warfare

Answer 10

Attacking the content’s veracity rather than the data directly

Question 11

Patent law

Answer 11

grants an inventor the right to exclude others from producing or using the discovery for a period (17 years in the US) Mathematical formulas and algorithms cannot be patented, and the Patent Office has resisted patenting softwares, etc in the past and has been trying to catch up in more modern times.

Question 12

Trademarks

Answer 12

any name, word, symbol, or device or any combination thereof that a person or organization uses to mark a product as unique

Question 13

Trade secret

Answer 13

Protected by you being the only one who knows about it rather than law. Usually will result in a patent.

Question 14

FTC “Fair Information Practices in the Electronic Marketplace”

Answer 14

Highlights the following privacy issues/perspectives:

Notice/Awareness: how does the organization collect and handle user info?

Choice/consent: Letting consumers control how info get used (not collecting for one purpose and then using for another)

Access/participation: users must be able to review, correct delete, and contest inaccurate information

Security/integrity: sites must implement tools to keep user data safe

Question 15

International Safe Harbor Principles

Answer 15

Department of Commerce designed in order to make it possible for US companies to operate in European spheres. Includes the following:

Notice:
Choice:
Onward transfer:
Security:
Data integrity:
Access:
Enforcement:

Question 16

1970 Fair Credit Reporting Act

Answer 16

Regulates activities of credit bureaus

Question 17

1986 Electronic Communications Act

Answer 17

Protects confidentiality of private communication

Question 18

1987 Computer Security Act

Answer 18

Congressional declaration to implement security into federal systems and to establish acceptable minimums

Question 19

1996 HIPAA

Answer 19

Protects personal healthcare information

Question 20

2000 National Security Directive 42

Answer 20

Established Committee on National Security Systems (CNSS) which provides guidance on the security of national defense systems

Question 21

2001 PATRIOT Act

Answer 21

Enhanced investigatory capabilities

Question 22

2002 Federal Information Security Management Act (FISMA)

Answer 22

Defines the basic statutory requirements for protecting federal systems

Question 23

2010 Fair Debt Collection Practices Act

Answer 23

Addresses unfair or unconscionable means to attempt to collect debt