Domain 1 - Laws and Regulations Flashcards
<p>Administrative law</p>
<p>Govt- mandated compliance measures. i.e. FCC regs, CDC regs.</p>
<p>Attestation</p>
<p>3 party attests that the service provider is meeting requirements of SLA. Security or otherwise. ISO 27001 is commonly used for audit guide.</p>
Business Records Exception/exemption
Business records, such as logs on a computer system, may be admitted as evidence if they were made at the time of the event by someone or something with direct knowledge, that they were kept in the course of regular business activity, and that keeping those records is a regular practice.
Must be accompanied by testimony of individual qualified to show these criteria were met.
California Senate bill 1386
First state-based data-breach notification law in 2002.
Requires organizations experiencing a data breach to notify California residencts who might be affected.
Circumstantial evidence
establishes the circumstances of a crime.
evidence which serves to establish the circumstances related to particular points or even other evidence
Civil law (National System of law)
Leverages codified laws or statues to determine what is within the bounds of law. Most common type of national law across the world.
Not to be confused with sub-section of common law, also called ‘civil law’ - referencing tort law.
<p>CoCom</p>
<p>Cold War era export control agreement - Coordinating Committee for Multilaterar Export Controls</p>
Common law
Common law is the legal system used in the United States, Canada, the United Kingdom, and most former British colonies, amongst others. The primary distinguishing feature of common law is the significant emphasis on particular cases and judicial precedents as determinants of laws.
Computer ethics institute 10 commandments
a. Thou shalt not use a comp to harm others
b. Not interfere with others’ comp. work.
c. Thou shalt not snoop
d. Not use comp. to steal
e. Not use a comp. to bear false witness
f. Not copy or use proprietary software for which you haven’t paid
g. Not use other’s comp resources without authori or proper compensation
h. Not appropriate others intellectual output.
i. You should think about social consequences of the program or system you’re engineering
j. Always use PC in a way to ensure consideration and respect for fellow humans.
<p>Computer Fraud and Abuse act – title 18, section 1030</p>
<p>i. One of the first us laws about computer crime<br></br>ii. Attacks on computer systems with damages above $5000 are criminalized<br></br>iii. Foreign and interstate commerce portion covers many more computers than originally intended.<br></br>iv. Drafted 1984. Amended 2001, 2008</p>
corroborative evidence
Provides additional evidence for a fact that may be called into question.
Is supporting evidence used to help prove an idea or point. It cannot stand on its own
The Council of Europe’s Convention on Cybercrime of 2001
international cooperation in computer crime policy. Signed by 65 countries, including the US (signed 2006)
Criminal law
Defines those crimes committed against society, even when the actual victim is a business or individual(s). Criminal laws are enacted to protect the general public
Direct Evidence
Testimony of direct witness
<p>Due care</p>
<p>AKA Prudent man rule. Means you do what a reasonable person would do in a given situation.</p>
<p>due diligence</p>
<p>management of due care.</p>
Electronic Communications Privacy Act – ECPA
Brings same level of search and seizure protection to non-telephony electronic communications.
PATRIOT act reversed this to a degree