Chapter 7: Law, Investigations, and Ethics Flashcards
Types of attack motivations
Military and Intelligence: other countries and their intelligence services steal info for IR use
Business: competitive businesses stealing from each other
Financial: Banks or other financial institutions attacked for the money
Terrorist: Self explanatory
Grudge: Disgruntled employees
Thrill: “For the lulz”
Denial of Service (DoS)
Overloads a computer’s resources (such as the temporary buffer) and bogs it down so that it can no longer respond to tasking
Rogue code
Malware, generally…a user accidentally enables code on a machine that then renders the machine unsafe or useless
Software piracy
Using software without licensing/permission
Social engineering
Deceiving a person into giving up sensitive information that an attacker then uses to gain access to something
Dumpster diving
going through rejected or trashed documents in order to gain info to allow access to something
Spoofing of IPs
Pretending to be something (a piece of equipment or a destination) you are not in order to intercept information
Emanation eavesdropping
Listening in on actual radio waves, etc, particularly on unshielded equipment
Embezzlement
Adjusting software in order to send money to someone (round off errors, etc)
Information warfare
Attacking the content’s veracity rather than the data directly
Patent law
grants an inventor the right to exclude others from producing or using the discovery for a period (17 years in the US) Mathematical formulas and algorithms cannot be patented, and the Patent Office has resisted patenting softwares, etc in the past and has been trying to catch up in more modern times.
Trademarks
any name, word, symbol, or device or any combination thereof that a person or organization uses to mark a product as unique
Trade secret
Protected by you being the only one who knows about it rather than law. Usually will result in a patent.
FTC “Fair Information Practices in the Electronic Marketplace”
Highlights the following privacy issues/perspectives:
Notice/Awareness: how does the organization collect and handle user info?
Choice/consent: Letting consumers control how info get used (not collecting for one purpose and then using for another)
Access/participation: users must be able to review, correct delete, and contest inaccurate information
Security/integrity: sites must implement tools to keep user data safe
International Safe Harbor Principles
Department of Commerce designed in order to make it possible for US companies to operate in European spheres. Includes the following:
Notice:
Choice:
Onward transfer:
Security:
Data integrity:
Access:
Enforcement: