Compliance Flashcards

1
Q

Law

A

Law is a system of rules created by either government or a society, recognized as binding by the group, and enforced by some specific authority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Regulation

A

By contrast, are written rules dealing with specific details of procedures, issued by an executive body and having the force of law.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Types of Legal System

A

Civil (Code ) Law
Common law
Criminal law
Civil/ Tort law
Administrative (Regulatory) law
Customary law
Religious law
Mixed law

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A Computer Assisted Crime

A

Is where a computer was used as a tool to help carry out a crime.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Computer Targeted Crime

A

Concerns incidents where a computer was the victim of an attack crafted to harm it (and its owners) specifically

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Computer is Incidental

A

Computer is not necessarily the attacker or the target, but just happened to be involved when a crime was carried out.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Engaging in Hactivitism

A

Which is protesting a government’s or organization’s activities by attacking its systems and/or defacing its website

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Attackers commonly hop through several systems before attacking their victim so that tracking down the attackers will be more difficult. This exemplified by threat actor approach know as _____

A

Island-hopping attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Island-hopping attack also known as ___

A

Supply Chain Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Three Powerful forces converged in the mild to late 1990s to catapult cybercrime, they are:

A
  1. Explosive growth in internet
  2. Abundance of computer experts who have lost their livelihood with the end of Soviet Union
  3. Increase in Software developers, ignoring security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Now a days exploited targets are known as _____

A

Malicious bots

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Malicious Bots organized into _______

A

Botnets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Botnets can be used to carry out ________

A

DDoS attacks, transfer spam or pornography

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Hackers who do not have the requisite skills to carry out specific attacks without the tools provided on the internet or through friends are known as _____

A

Script Kiddies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

HaaS

A

Hacking as a Service- commercializing the hacking skills

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Hackers who patiently wait for the right time to attack you is called ______

A

Advanced Persistent Threat (APT)
This is a military term that has been around for ages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Group of attackers is not in a hurry to launch an attack quickly, but will wait for the most beneficial moment and attack vector to ensure that activities go unnoticed. This referee to as_______

A

Low-and-Slow attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A handful of users are targeted by two phishing attacks; one user opens zero-day payload

A

Phishing and Zero-Day payload

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

The user machine is assessed remotely by a specific tool.

A

Back door

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

The attacker elevates access to important user, service, and admin accounts, and specific systems. ______ Movement

A

Lateral Movement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Data is acquired from target servers and staged for exfiltration

A

Data Gathering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Data is exfiltrated via encrypted files over HTTP to external, compromised machine at a hosting provider

A

Exfiltrate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Common Internet Crime Schemes

A
  • Business e-mail compromise
  • Business fraud
  • Charity and disaster fraud
  • Counterfeit prescription drugs
  • Credit card fraud
  • Election crimes and security
  • Identity Theft
  • Illegal Sports Betting
  • Nigerian letter or “419”
  • Ponzi/ Pyramid
  • Ransomware
  • Sextortion
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

The First International treaty seeking to address computer crimes

A

The Council of Europe (CoE) Convention on Cybercrime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

The Council of Europe (CoE) Convention on Cybercrime also known as ____

A

The Budapest Convention.
(Creation of a framework for establishing jurisdiction and extradition of accused. This can only take place only if it is crime in both countries)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

As of ________ (this date) countries around the world (not just in Europe) have signed or ratified the treaty, contributing to the global growth in effective cybercrime legislation that is internationally interoperable.

A

April 21, 1968

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

According to the United Nations (UN), how many countries in the world now have cybercrime laws.

A

154 Countries- 79%

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Some of the U.S. laws are most relevant to data breaches

A
  • California Consumer Privacy Act (CCPA)
  • Health Insurance Profitability and Accountability Act (HIPPA)
  • Health Information Technology for Economics and Clinical Health (HI-TECH) Act
  • Gramm-Leach-Bliley Act of 1999
  • Economic Espionage Act of 1996
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Global organizations that move across borders must be aware of and follow the _______

A

Organization for Economic Cooperation Development (OECD)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

The Principle of OECD (8)

A
  • Collection Limitation
  • Data Quality
  • Purpose Verification
  • Use Limitation
  • Security Safeguards
  • Openness
  • Individual Participation
  • Accountability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

The European Union in many cases takes individual privacy much more seriously than most other countries in the world, so in 1995 it enacted _______

A

Data Protection Directive

32
Q

_______ was adopted by EU in April 2016 and became enforceable in May 2018

A

The General Data Protection Regulation (GDPR)

33
Q

GDPR is very stringent and violating them exposes an organization to a maximum fine of ______%

A

4%

34
Q

How many entities GDPR Defines?

A

Three

35
Q

What are (3) entities in GDPR?

A
  • Data Subject: The individual to whom the data pertains
  • Data Controller: Any Organization that collects data on EU residents
  • Data Processor: Any Organization that processes data for a data controller
36
Q

To ensure that data is protected, the GDPR requires that most data controllers and data processors formally designate a _______

A

Data Protection Officer (DPO)

37
Q

DPOs are internal compliance officers that act semi-independently to ensure that their organizations follow the _________

A

The Letter of Regulation

38
Q

Key provisions of GDPR (5)

A
  • Consent
  • Right to be informed
  • Right restrict processing
  • Right to be forgotten
  • Data Breaches
39
Q

According to GDPR; data breaches to be report within ______ hours of ______

A

72 hours of becoming aware of it.

40
Q

How many countries have no legally mandated notification requirements whatsoever?

A

UN lists 62 countries

41
Q

Wassenaar Arragement implements export controls for ________

A

Conventional Arms and Dual-Use Goods and Technologies.

42
Q

Conventional Arms and Dual-Use Goods and Technologies - how many countries lays out rules

A

42 Countries
Wassenaar arrangements

43
Q

Rules of Export Controls for the following laid up by Wassenaar arrangements. (9) Categories

A
  • Category 1: Special Materials and Related Equipment
  • Category 2: Material Processing
  • Category 3: Electronics
  • Category 4: Computers
  • Category 5: Part1: Telecommunications
  • Category 5: Part 2: information Security
  • Category 6: Sensors and Lasers
  • Category 7: Navigation and Avionics
  • Category 8: Marine
  • Category 9: Aerospace and Propulsion
44
Q

The main goal of Wassenaar Agreement is to _____

A

Prevent the build up of military capabilities that could threaten regional and international security and stability.

45
Q

In some cases, no products that contain ____________ functions can be exported to specific country.

A

Cryptographic functions

46
Q

___________ is a movement of machine-readable data across a political boundary such as country’s border.

A

Transborder data flow (TDF)

47
Q

Transborder Data Flow (TDF) sometimes called _________

A

Cross-border data flows.

48
Q

Privacy Generic approach is _______ rules that stretch across all industry boundaries.

A

Horizontal Enactment

49
Q

Regulatory by Industry is _________ Enactment

A

Vertical Enactment

50
Q

Examples of Intellectual Property (IP) ____

A

Song Lyrics, Inventions, Logos, and Secret recipes

51
Q

Four types of IP laws

A
  • Trade Secrets
  • Copyrights
  • Trademarks
  • Patents
52
Q

Four important type of IP (Intellectual Property) law

A

Trade Secrets
Copy Rights
Trademarks
Patents

53
Q

Copyright protection exists for the duration of ______

A

Life of the creator plus 70 years

54
Q

What does the term “warez” sites means….

A

Warez is a term that refers to copyrighted works distributed or traded without fees or royalties, in general violation of the copyright law.

55
Q

What is the Protocol warez uses

A

BitTorrent

56
Q

Patent is the strongest form of Intellectual Property (IP)
Protection. Patent is usually up ______ years from the date of approval

A

20 Years

57
Q

Another reason for the increase in patent litigation is emergence of nonpraticing entities (NPEs), also known as

A

Patent troll

58
Q

Four Categories of software licensing

A

Freeware
Shareware or Trialware
Commercial Software
Academic Software

59
Q

If your company process credit cards, then it has to comply with _________

A

Payment Card Industry Data Security Standard (PSI DSS)

60
Q

If your Organization is financial institution that is considered part of the critical infrastructure of the United Kingdom, then it has to comply with _______

A

CBEST Standard

61
Q

If your organization wants to sell cloud services to the U.S. government, it has to be certified by _______

A

Federal Risk and Authorization Management Program (FedRAMP)

62
Q

Under the GPDR, you’d have 72 hours from the time of discovery, while HIPPA, you could have up to

A

60 Days

63
Q

Due diligence and Due Care associated with which level of management

A

Due Diligence: Leaders, laws, and regulations
Due Care: Applicable to everyone, failure to exercise it could be used to show negligence

64
Q

Responsibility generally refers_______

A

To the obligation and expected actions and behaviour of a particular party.

65
Q

An Obligation may have _____

A

A defined set of actions that are required, or a more general and open approach, which enables the party to decide how it will fulfill the particular obligation.

66
Q

Accountability refers____

A

To the ability to hold a party responsible for certain actions or inaction

67
Q

Proximate cause is an__

A
  • Act or omission that naturally and directly produces a consequence.
  • It is the superficial or obvious cause for an occurrence.
  • it refers to a cause that leads directly, or in an unbroken sequence, to a particular result. It can be seen as an element of negligence in a court of law.
68
Q

Administrative investigation focuses on____

A

Policy violations
Worse case - someone get fired

69
Q

LEA stands for

A

Law enforcement agencies

70
Q

Regulatory investigations initiated by ______

A

Government regulator when there is a reason to believe that the organization is not in compliance

71
Q

Business Software Alliance (BSA) is mainly for

A

Software and Piracy

72
Q

The Federation Against Software Theft (FAST) and BSA promotes

A

The enforcement of proprietary rights of software

73
Q

_________ is an act of omission that naturally and directly produces a consequence

A

Proximate Cause

74
Q

Canadian Law that deals with Protection of person information

A

Personal Information Protection and Electronic Documents Act

75
Q

Legal System - Rule-Based and not Precedent based

A

Civil (code) Law