Domain 6: Legal/Regulatory Flashcards
What is the Computer Fraud and Abuse Act (CFAA)?
A U.S. law that criminalizes unauthorized access to computer systems and data.
Define GDPR and its relevance to ethical hacking.
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy, requiring ethical hackers to consider data privacy during assessments.
What are the main principles of responsible disclosure?
Disclose vulnerabilities to the organization first, allow time for remediation, and follow up to ensure the issue is addressed.
Explain the concept of “permission” in ethical hacking.
Permission involves obtaining explicit authorization from the system owner before conducting any tests or assessments.
What is the role of the International Organization for Standardization (ISO) in cybersecurity?
ISO provides international standards, such as ISO/IEC 27001, for information security management systems.
What is the Digital Millennium Copyright Act (DMCA)?
A U.S. law that addresses copyright infringement on the internet, including the circumvention of digital rights management (DRM) technologies.
Explain the concept of “due diligence” in cybersecurity.
The responsibility to take reasonable steps to protect data and systems, including implementing security measures and staying informed about threats.
What is cross-site scripting (XSS)?
A vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.
Define the concept of “defense in depth.”
A security strategy that employs multiple layers of defense to protect information and systems from various threats.
What is a honeypot?
A decoy system or resource designed to attract and trap attackers to study their behavior and techniques.
Explain the role of two-factor authentication (2FA).
An extra layer of security that requires two forms of verification to access an account or system, typically combining something you know (password) with something you have (a smartphone or token).
