Compliance Flashcards
Law
Law is a system of rules created by either government or a society, recognized as binding by the group, and enforced by some specific authority
Regulation
By contrast, are written rules dealing with specific details of procedures, issued by an executive body and having the force of law.
Types of Legal System
Civil (Code ) Law
Common law
Criminal law
Civil/ Tort law
Administrative (Regulatory) law
Customary law
Religious law
Mixed law
A Computer Assisted Crime
Is where a computer was used as a tool to help carry out a crime.
Computer Targeted Crime
Concerns incidents where a computer was the victim of an attack crafted to harm it (and its owners) specifically
Computer is Incidental
Computer is not necessarily the attacker or the target, but just happened to be involved when a crime was carried out.
Engaging in Hactivitism
Which is protesting a government’s or organization’s activities by attacking its systems and/or defacing its website
Attackers commonly hop through several systems before attacking their victim so that tracking down the attackers will be more difficult. This exemplified by threat actor approach know as _____
Island-hopping attack
Island-hopping attack also known as ___
Supply Chain Attack
Three Powerful forces converged in the mild to late 1990s to catapult cybercrime, they are:
- Explosive growth in internet
- Abundance of computer experts who have lost their livelihood with the end of Soviet Union
- Increase in Software developers, ignoring security
Now a days exploited targets are known as _____
Malicious bots
Malicious Bots organized into _______
Botnets
Botnets can be used to carry out ________
DDoS attacks, transfer spam or pornography
Hackers who do not have the requisite skills to carry out specific attacks without the tools provided on the internet or through friends are known as _____
Script Kiddies
HaaS
Hacking as a Service- commercializing the hacking skills
Hackers who patiently wait for the right time to attack you is called ______
Advanced Persistent Threat (APT)
This is a military term that has been around for ages.
Group of attackers is not in a hurry to launch an attack quickly, but will wait for the most beneficial moment and attack vector to ensure that activities go unnoticed. This referee to as_______
Low-and-Slow attack
A handful of users are targeted by two phishing attacks; one user opens zero-day payload
Phishing and Zero-Day payload
The user machine is assessed remotely by a specific tool.
Back door
The attacker elevates access to important user, service, and admin accounts, and specific systems. ______ Movement
Lateral Movement
Data is acquired from target servers and staged for exfiltration
Data Gathering
Data is exfiltrated via encrypted files over HTTP to external, compromised machine at a hosting provider
Exfiltrate
Common Internet Crime Schemes
- Business e-mail compromise
- Business fraud
- Charity and disaster fraud
- Counterfeit prescription drugs
- Credit card fraud
- Election crimes and security
- Identity Theft
- Illegal Sports Betting
- Nigerian letter or “419”
- Ponzi/ Pyramid
- Ransomware
- Sextortion
The First International treaty seeking to address computer crimes
The Council of Europe (CoE) Convention on Cybercrime
The Council of Europe (CoE) Convention on Cybercrime also known as ____
The Budapest Convention.
(Creation of a framework for establishing jurisdiction and extradition of accused. This can only take place only if it is crime in both countries)
As of ________ (this date) countries around the world (not just in Europe) have signed or ratified the treaty, contributing to the global growth in effective cybercrime legislation that is internationally interoperable.
April 21, 1968
According to the United Nations (UN), how many countries in the world now have cybercrime laws.
154 Countries- 79%
Some of the U.S. laws are most relevant to data breaches
- California Consumer Privacy Act (CCPA)
- Health Insurance Profitability and Accountability Act (HIPPA)
- Health Information Technology for Economics and Clinical Health (HI-TECH) Act
- Gramm-Leach-Bliley Act of 1999
- Economic Espionage Act of 1996
Global organizations that move across borders must be aware of and follow the _______
Organization for Economic Cooperation Development (OECD)
The Principle of OECD (8)
- Collection Limitation
- Data Quality
- Purpose Verification
- Use Limitation
- Security Safeguards
- Openness
- Individual Participation
- Accountability