CISSP (Domain 9 - Legal, Regulations, Compliance, and Investigations) Flashcards
Civil Law (Tort)
No law broken, mostly monetary. Results in damage, loss, injury, or death.
Criminal Law
Crimes committed against society. Burden of proof is “Beyond a reasonable doubt”
Compensatory Damage - Civil Law
Paid for the actual damages which was suffered by a victim.
Punitive Damages - Civil Law
Punishment for the offender
Statutory Damages - Civil Law
Amount stipulated within the law rather than calculated based on the degree of harm to the plaintiff
Administrative (Regulatory) Law
- Defines standards of performance and regulates conduct for specific industries (Banking, HIPAA)
- Burden of proof is “More likely than not”
- Penalties consist of financial or imprisonment
Intellectual Property Law
Protects products of the mind
Trade Secrets - IP Protection
- Resource must provide competitive value
- Must be reasonably protected from unauthorized use or disclosure
- Proprietary to a company and import for survival
- Must be genuine and not obvious
Copyright - IP Protection
- Last lifetime of the author plus 70 years
- Pieces of work
Trademark - IP Protection
- Protect word, name, symbol used to identify a product to be distinguished from others
- My company look at feel
Patent - IP Protection
- Protection for those who have legal ownership of an invention
- Exclusive control for 20 years
4 International Boarder Issues for Data
- Each country treats computer crimes differently
- Evidence rules differ between legal systems
- Governments may not assist each other in international cases
- Jurisdiction issues
Trans-boarder Information Flow (4 Things)
- Movement and storage of data by automatic means across national/federal boundaries
- Many European countries have strong reactions on flow of personal and financial data
- Know laws before transmitting data through different areas
- Route data through other routes, if necessary
ISC^2 Code of Ethics (4 Things)
P/A/P/A
- Protect society, the commonwealth, and the infrastructure (nobody hurt)
- Act honorably, honestly, justly, responsibly, and legally (do the right thing)
- Provide diligent and competent service to principals
- Advance and protect the profession
Behavior to Encourage - ISC^2 Code of Ethics
- Research
- Teaching
- Identifying, mentoring, and sponsoring candidates for the profession
- Valuing the certificate
Behavior to Discourage - ISC^2 Code of Ethics
- Raising unnecessary alarm, fear, uncertainty, or doubt
- Giving unwarranted comfort or reassurance
- Consenting to bad practice
- Attaching weak systems to the public network
- Professional association with amateurs/criminals/non-professionals
Protect society, the commonwealth, and the infrastructure - ISC^2 Code of Ethics
- Promote and preserve public trust and confidence in information and systems
- Promote the understanding and acceptance of prudent information security measures
- Preserve and strengthen the integrity of the public infrastructure
- Discourage unsafe practice
Act honorably, honestly, justly, responsibly, and legally - ISC^2 Code of Ethics
- Tell the truth
- Observe all contracts and agreements, expired or implied
- Treat all constituents fairly
- Give prudent advise
- Give preference to the laws of the jurisdiction in which you render your service
Provide diligent and competent service to principals - ISC^2 Code of Ethics
- Preserve the value of their systems, applications, and information
- Respect their trust and the privileges that they grant you
- Avoid conflicts of interest or the appearance thereof
- Render only those services for which you are fully competent and qualified
Advance and protect the profession - ISC^2 Code of Ethics
- Sponsor for professional advancement those best qualified
- Avoid professional association with those whose practices or reputation might diminish the profession
- Take care not to injure the reputation of other professionals through malice or indifference
- Maintain your competence, keep your skills and knowledge current
Why Crimes Are Committed (MOM)
- Motivations: Who commits them and why
- Opportunities: When would someone take advantage of crimes
- Means: Who has capability to commit these crimes
4 Forensic Procedures
MNSH
- Media Analysis
- Network Analysis
- Software Analysis
- Hardware/Embedded Device Analysis
5 Things Digital Evidence Must Be
- Authentic
- Accurate
- Complete
- Convincing
- Admissible
4 Steps to a Forensic Hash on a Drive Image
- Get Image
- Hash Image
- Create Message Digest
- Apply Digital Signature
*Hide Image and digital certificate
Computer Forensics
Discipline of using proven methods toward the collection, preservation, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence
Forensic Investigative Process
IPCEAPD
- Identification
- Preservation
- Collection
- Examination
- Analysis
- Presentation
- Decision
Chain of Custody of Evidence (3 Things)
- Who obtained the evidence and security it?
- Where and when it was obtained?
- Who had control or possession of the evidence?
Evidence Life Cycle (5 Things)
- Collection and identification
- Analysis
- Storage, preservation, transportation
- Present in court
- Return to victim (owner)
4 Most common reason for improper evidence collection
- No established incident response team
- No established incident response procedures
- Poorly written policy
- Broken chain of custody
3 Things Chain of Custody Dictates
- Extreme Documentation
- All evidence is labeled with information indicated who security and controlled it
- Who, what, where, when, and how
Hearsay Evidence
- Oral/Written evidence
- No firsthand proof of its reliability and accuracy
- Computer generated evidence
2 Exceptions to Hearsay Rule
- Business Record Exemption to Hearsay Rule
+ Docs can only be submitted if created in course of regular business hours
+ Audit trails can only be used if during normal course of business - Accepting Business Records as Evidence
+ Chain of custody was maintained
+ Rel event by a Judge
Enticement
Legal, tempting a potential criminal, honeypot
Entrapment
Not Legal, tricking a person into committing a crime
