Chapter 7: Law, Investigations, and Ethics Flashcards

1
Q

Types of attack motivations

A

Military and Intelligence: other countries and their intelligence services steal info for IR use

Business: competitive businesses stealing from each other

Financial: Banks or other financial institutions attacked for the money

Terrorist: Self explanatory

Grudge: Disgruntled employees

Thrill: “For the lulz”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Denial of Service (DoS)

A

Overloads a computer’s resources (such as the temporary buffer) and bogs it down so that it can no longer respond to tasking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Rogue code

A

Malware, generally…a user accidentally enables code on a machine that then renders the machine unsafe or useless

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Software piracy

A

Using software without licensing/permission

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Social engineering

A

Deceiving a person into giving up sensitive information that an attacker then uses to gain access to something

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Dumpster diving

A

going through rejected or trashed documents in order to gain info to allow access to something

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Spoofing of IPs

A

Pretending to be something (a piece of equipment or a destination) you are not in order to intercept information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Emanation eavesdropping

A

Listening in on actual radio waves, etc, particularly on unshielded equipment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Embezzlement

A

Adjusting software in order to send money to someone (round off errors, etc)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Information warfare

A

Attacking the content’s veracity rather than the data directly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Patent law

A

grants an inventor the right to exclude others from producing or using the discovery for a period (17 years in the US) Mathematical formulas and algorithms cannot be patented, and the Patent Office has resisted patenting softwares, etc in the past and has been trying to catch up in more modern times.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Trademarks

A

any name, word, symbol, or device or any combination thereof that a person or organization uses to mark a product as unique

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Trade secret

A

Protected by you being the only one who knows about it rather than law. Usually will result in a patent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

FTC “Fair Information Practices in the Electronic Marketplace”

A

Highlights the following privacy issues/perspectives:

Notice/Awareness: how does the organization collect and handle user info?

Choice/consent: Letting consumers control how info get used (not collecting for one purpose and then using for another)

Access/participation: users must be able to review, correct delete, and contest inaccurate information

Security/integrity: sites must implement tools to keep user data safe

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

International Safe Harbor Principles

A

Department of Commerce designed in order to make it possible for US companies to operate in European spheres. Includes the following:

Notice:
Choice:
Onward transfer:
Security:
Data integrity:
Access:
Enforcement:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

1970 Fair Credit Reporting Act

A

Regulates activities of credit bureaus

17
Q

1986 Electronic Communications Act

A

Protects confidentiality of private communication

18
Q

1987 Computer Security Act

A

Congressional declaration to implement security into federal systems and to establish acceptable minimums

19
Q

1996 HIPAA

A

Protects personal healthcare information

20
Q

2000 National Security Directive 42

A

Established Committee on National Security Systems (CNSS) which provides guidance on the security of national defense systems

21
Q

2001 PATRIOT Act

A

Enhanced investigatory capabilities

22
Q

2002 Federal Information Security Management Act (FISMA)

A

Defines the basic statutory requirements for protecting federal systems

23
Q

2010 Fair Debt Collection Practices Act

A

Addresses unfair or unconscionable means to attempt to collect debt