Legal, Reg, Invest, Compliance Flashcards
ISC2 Code of Ethics 1st canon
protect society, the commonwealth, and the infrastructure
exigent circumstances
justification for the seizure of evidence w/o warrant due to extremem likelihood that evidence will be destroyed
criminal law
pertains to those laws where the victim can be seen as society itself
circumstantial evidence
evidence that serves to establish the circumstances related to particular points or even other evidence
privacy act 1974
protects us citizens data used by fed gov’t
direct evidence
testimony provided by a witness regarding what the witness acutally experienced with their 5 senses
10 commandments of computer ethics
thou shalt not? use computer to harm other people interfere w/ other peoples computer work snoop around in other peoples computer files use a computer to steal use a computer to bear false witness copy or use proprietary s/w for which you have not paid use other peoples computer resources w/o authorization or proper compensation appropriate other people intellectual output thou shalt… think about social consequences of program you’re writing or system you’re designing alwyas use a computer in ways that ensure consideration and respect for fellow humans
punitive
intent is to punish an individual or org
slack space
data is stored in clusters; if a file doesn’t use entire cluster, the extra space is slack space
due care
requires that key org stakeholders are prudent in carrying out their duties; due care standard can be seen as defining a minimum standard of care or protection
chain of custody
once evidence is acquired, sho, what, when, and where must be fully documented WRT handling of the evidence
SOX
sarbanes-oxley act: created regulatory compliance mandates for publicly traded companies; goal was to ensure financial disclosure and financial auditor independence
copyright
represents a type of intellectual property that protects the form of expression in artistic, musical, or literary workds
allocated space
portions of a disk partition that are marked as actively containing data
ISC2 Code of Ethics 3rd canon
provide diligent and competent service to principals
trade secrets
business proprietary info that is important; things like eKFC secret recipe
GLBA
gramm-leach-bliley act: requires financial institutions to protect the confidentiality and integrty of consumer financial information and forces them to notify consumers of privacy practices
california senate bill 1386
one of first US state-level breach notification laws
patents
provide a monopoly to the patent holder on the right to use, make, or sell an invention for a period of time
PCI-DSS
payment card industry data security standard: seeks to ensure better prtection of cardholder data through mandating security policy, etc.
computer fraud and abuse act
criminalized actions involving intentional attacks against protected computers resulting in aggregate damages of $5000 in 1 year
prudent man rule
helps determine if due care was used
attestation
means of ensuring that some level of scrutiny has been applied to organizations security posture
common law
significant emphasis on particular cases and judicial precedents as determinants of laws
customary law
refers to those customs or practices that are so commonly accepted by a group that the custom is treated as a law
corroborative evidence
strengthens a particular fact or element in a case
licenses
a cotnract between provider and consumer
best evidence rule
prefer original documents over copes; conclusive tangible objects over verbal testimony
forensics
all forensic activities must uphold integrity and be legal and ethical; provides apprach to deal with investigatins and evidence
hearsay
2nd hand evidence as opposed to direct evidence
real evidence
consists of tangible or physical objects
seconday evidence
class of evidence common in cases involving computers; copies, logs, etc
EU Data protection directive
allows for free flow of info while still maintaing consistent protections of each member nations citizens data
EU Data Protection Dir principles
- notify indiv how their data is collected and used 2. allow indiv to opt out of sharing with 3rd party 3. require indiv to opt into sharing most sensitive data 4. provide reasonable protections for data
bad block/cluster/sector
sectors on hard disk that can’t be read due to physical defect
statutory damages
prescribed by law and can be awarded to the victim even if the victim incurred no actual loss or injury
trademark
purpose is to allow for the creation of a brand that distinguishes the source of products or services
HIPAA
health insurance portability and accountability act
SLA
service level agreement: common way of ensuring security
difference in civil and common law
under civil law, judicial precedents and particular case rulings do not carry the weight they do under common law
unallocated space
portions of a disk particition that don’t contain active data
ISC2 Code of Ethics 2nd canon
act honorably, honestly, justly, responsibly, and legally
PATRIOT Act
expanded law enforcement electronic monitoring capability
due diligence
managemnet of due care, often associated with a minimum standard on the investigationof third party businesses prior to engaging their services
regulatory law
law enacted by gov’t agencies (FCC, HIPAA, FDA, FAA, etc)
ISC2 Code of Ethics 4th canon
advance and protect the profession
forensic software analysis
focuses on comparing or reverse engineering software
enticement
persuading someone to commit a crime after that person was already intent on commission of a crime
antiforensics
make forensic investigation difficult or impossible
color of law
someone acting as agents of law enforcement and they seize evidence or conduct investigation
compensatory
provide the victim with a financial award in an effort to compensate for the loss or injury incurred as a direct result of the wrongdoing
Entrapment
legal defense where defendant claims agent of law enforcement persuaded them to commit crime they wouldn’t otherwise have done
network forensics
study of data in motion
civil law
aka tort law; victime will be an individual, group, or org; leverages codified laws or statutes to determine what is considered w/in the bounds of law
