Chapter 9 - Legal Regulations, Investigations, & Compliance Flashcards

Question

Mixed Law

Answer 1

Convergence of two or more legal systems

Answer 2

Legally responsible - negligence is acting without care or failure to act as a reasonable person

Answer 3

As a tool, as a target (viruses, digital identity theft, computer hacking), or incidental. Greatest risk comes from the inside.

Answer 4

Attempt to respond to criminal behaviors, 30 countries - laws against child porn, ability to prosecute cybercrime, provide international cooperation.

Answer 5

Laws - protect tangible and intangible items.

Answer 6

Inventions, trademarks, industrial designs and geographic indications of source

Answer 7

Literary and artistic work; expression of ideas - minimum 50 years (covered under Berne Convention)

Answer 8

Good will invested - word, name, symbol, color, sound, product shape, device or a combination to identify goods - registered with government registrar WIPO (UN Agency) manages.

Answer 9

Exclude others from practicing invention for a specific time - usually 20 years

Answer 10

not generally known and provides economic benefit, reasonable steps to protect secrecy

Answer 11

42% worldwide - for every $2 in software legally purchased, $1 pirated

Answer 12

General overall condidtions

Answer 13

More granular conditions and restrictions

Answer 14

Maybe illegal to import software - e.g. encryption

Answer 15

Developed in one country, transmitted through another, and stored in a third - latter can gain jurisdiction

Answer 16

Organization of Economic Cooperation and Development (OECD): Collection limiation; Data quality; Purpose specification; Use limitation; Security safeguards; Openness; Individual participation; and Accountability

Answer 17

Europe's Directive in Data Protection: Notice - types of 3rd parties or other uses; Choice - Must be explicit with use - opt out of third party; Onward Transfer - written agreement with third party to adhere to same level of privacy protection; Security - loss, misues, unauthorized access, disclosure, alteration, and destruction protection; Data Integrity - reliable; Access - individual access; Enforcement - complaints investigated, damages awarded

Answer 18

Science of information feedback systems

Answer 19

"Computer Ethics"

Answer 20

Miminal ethic standard

Answer 21

Outlines minimal ethical requirements; provides reduced penalties if ethics programs are in place. Leader must be knowledeable about content and operation of program, exercise due diligence, promote ethical culture; Needs 3 sections: purpose of program, 7 minimum requirements, periodically assess.

Answer 22

Accounting refore, attest to accuracy of financial reporting documents: Section 103 - Auditing, Quality, Control and Independence - register pulic accounting firms, establish audit and quality control ethics; New Item 406(a) - Regulation S-K companies disclose - written code of ethics applied to senior officers, any waivers to above, changes to code, and if no code of ethics explain why not.

Answer 23

How they impact health and job satisfaction, computer crime, privacy and anonymity

Answer 24

Free or get money for development efforts?

Answer 25

Gloabal laws, business, education, information flows, rich & poor nations, and interpretation

Answer 26

Computers work with exacting accuracy; if computer allows it, it must be permissable

Answer 27

Laws and reasonable behavior - some users do not realize ramifications of actions

Answer 28

What a person does with computer can do minimal harm - not considering impact of actions

Answer 29

Easy doesn't make it right

Answer 30

Acceptable to do anything as long as motivation isto learn and not profit

Answer 31

Information wants to be free - emerged from so easy to ccopy

Answer 32

Originally a person who sought to understood - soon it became associated with Phreaking

Answer 33

- Access to compters unlimited - all information free - authority shold be mistrusted & decetralization promoted - hackers should be judeged solely on hacking skills - computers can create art and beauty - computer can change life for the better

Answer 34

-promote belief of individual activity -support free market approach to exchange of information -promote belief that computers can have a beneficial and life changing effect

Answer 35

Similar to: Organization of Economic Cooperation and Development (OECD): Collection limiation; Data quality; Purpose specification; Use limitation; Security safeguards; Openness; Individual participation; and Accountability

Answer 36

Unethical to: -gain unathorized access -disrupt intended use of internet -waste resources -destroy integirty of computer-based information -compromise privacy of users

Answer 37

1. Thou shall not use a computer to harm other people 2. Thou shall not interfere with other people's computer work 3. Thou shall not snoop around in other people's computer files 4. Thou shall not use a computer to steal 5. Thou shall not use a computer to bear false witness 6. Thou shall not copy or use propreitary software for which you have not paid 7. Thou shall not use other people's computer resources without authorization or proper compensation 8. Thou shall not appropriate other people's intellectual output 9. Thou shalt think about the social consequences of the program you are writing or the system you are designing 10. Thou shalt always use a computer in ways that insure consideration and respect for you fellow humans

Answer 38

1. Preserve public trust and confidence in computers 2. Enforce fair information practices 3. Protect the legitimate interests of the constituents of the system 4. Resist fraud, waste, and abuse

Answer 39

1. I understand that just because something is legal, it isn't necessary moral or right. 2. I understand that people are the ones hurt when computers are used unethically. The fact that computers exist between me and those harmed does not change moral responsibility toward my fellow human 3. I will respect the rights of authors - just because copying is easy, it is not necessarily right 4. I will not break into other people's computers or read their information 5. I will not write, acquire or distribute harmful software

Answer 40

Foster computer ethics awareness and education

Answer 41

Professionals resolve conflicts between the canons in the order of the canons. Preamble - adhere to the code Canons: - Protect society, Common Wealth, & Infrastructure - Act honorably, honestly, justly, responsibly, legally - Provide diligent and competent service to principals -Advance and protect the profession

Answer 42

1. Develop guide to computer ethics 2. Develop policy to computer ethics 3. Add information to employee handbook 4. Expand business ethics policy 5. Learn about it 6. Foster awareness 7. E-mail privacy policy 8. Make sure employees know policy

Answer 43

Treat others as you would like to be treated

Answer 44

Action not right for everyone, not right for anyone

Answer 45

Action not repeatable at all times, not right at any time

Answer 46

Take action that achieves the greatest good

Answer 47

Incure least harm or cost

Answer 48

Do no harm

Answer 49

All property and information belongs to someone

Answer 50

Is it against the law?

Answer 51

Is action contrary to code of ethics?

Answer 52

Is there evidence to support or deny the value of taking an action?

Answer 53

Let the people affected decide

Answer 54

Will cost and benefits be equally distributed?

Answer 55

Knowledge of Market - build/buy - aware of risk?

Answer 56

Equal opportunities exist?

Answer 57

Are decisions biased?

Answer 58

Are people affected aware of system, data being collected?

Answer 59

Protect information where need to know is not proven, security features reduces to hold down expenses

Answer 60

Accountable for actions

Answer 61

Contract between professionals

Answer 62

1. Informed consent 2. Higher ethic in the worst case 3. Change of scale test 4. Owners' conservation of ownership 5. Users' conservation of ownership

Answer 63

Methodical, verifiable, & auditable - set of procedures and practices

Answer 64

Collection, Validation, identification, analysis, interpretation, documentation, and presentation of digital evidence

Answer 65

- Identifying Evidence - Collecting or Acquiring Evidence - Examing or Analyzing the Evidence - Presentation of Findings

Answer 66

Indentify the scene, protect the environment, identify evidence and potential sources of evidence, collect evidence, and minimize the degree of contamination - both physical (servers) and virtual (Data)

Answer 67

When a crime is committed the perpetrators leave something behind and take something with them

Answer 68

Means, Motive and Opportunity

Answer 69

Modus of operandi - method of operation

Answer 70

Identifying root cause correctly and quickly is extremely important

Answer 71

- All general forensic principles apply also with digital evidence - actions should not change the evidence - person should be trained to access original digital evidence - all activity relating to seizure, access, storage, or transfer must be documented, preserved and available for review - individual is responsible for all actions while digital evidence is in his possession - agency that is responsible for seizing, accessing, storing, or transferring digital evidence is responsible for compliance with these principles

Answer 72

Act ethically, in good faith, attempt to do no harm, and do not exceed one's knowledge, skills and abilities

Answer 73

- Minimize handling/corruption of original data - Account for any changes and keep logs - Comply with 5 rules of evidence - Don't exceed knowledge - Follow your local security policy and obtain written permission - Capture as accurate an image of the system as possible - Be prepared to testify - Ensure your actions are repeatable - Work fast - Proceed from volatile to persistent evidence - Do not run any programs on the affected system

Answer 74

- Creation of a Response Capability - Incident Response & HAndling - Recovery & Feedback

Answer 75

Incident handling model is circular and feeds back into itself - can be broken down into triage, investigation, containment, and analysis and tracking.

Answer 76

Encompasses detection, identification and notification. False positives are one of the most time consuming aspects of information security. If not a false positive then the next step is to classify the type of incident then down to more specific and granular characteristics - this determines the level of potential risk/criticality and to determine notifications required.

Answer 77

Analysis, interpretation, reaction, and recovery from an incident. Desired outcome is to reduce impact, identify root cause, get back up and running and prevent a reoccurrence.

Answer 78

Reduce the number of other systems and devices that can become affected. Proper documentation must be maintained.

Answer 79

Focus on determining root cause - look at initial event, not just the symptoms. Attempt to determin source and point of entry. Ability to read and parse through large log files.

Answer 80

Get system back up and running. Also, so it can withstand another directed incident. Before putting back it should be tested for vulnerabilities and weaknesses.

Answer 81

who, what, when, where, and how the evidence was handled from identification through its entire life cycle which ends with destruction or permanent archiving.

Answer 82

Currently relies on hash functions that create unique numberical signatures that are sensitive to any bit changes, e.g. SHA-256

Answer 83

An art and science - only properly trained individuals. Investigator can be charged if violations of policy, law or constituional rights are violated. Do not conduct alone and video tape if possible. Legal counsel should be present.

Answer 84

Should not end without debriefing and feedback - metric data can start being built as well.

Answer 85

- Be authentic - Be accurate - Be complete - Be convincing - Be admissable

Answer 86

recovery of information for hard drvise, DVDs, CD-ROMs or portable memory devices

Answer 87

Coined by Markus Ranum. Data from network logs and network activity

Answer 88

anaysis and examination of program code

Answer 89

unique style and eccentricities

Answer 90

Finding purpose of the code

Answer 91

develop meta view of the impact of the suspicious software

Answer 92

- no actions performed by investigators should change data contained on digital devices or storage media - individuals accessing original data must be competent to do so and have the ability to explain their actions - an audit trail or other record of applied processes, suitable for independent third party review, must be created and preserved, accurately documenting each investigative step - the person in charge of the investigation has overall responsibility for ensuring the above mentioned procedures are followed in compliance with governing laws - upon seizing digital evidence, actions taken should not change that evidence - when it is necessary for a person to access original digital evidence, that person must be forensically competent -all activity relating to the seizure, access, storage, or transfer of digital evidence must be full documented, preserved, and available for review - an individual is responsible for all actions taken with respect to digital evidence while the digital evidence is in their possession

Answer 93

Law reuires organizations to comply with reporting information security breaches and several other controls - failure to comply mean fines for an organization

Answer 94

Requires agencies to self-audit and have an independent auditor review their security implementation annually