Legal, Reg, Invest, Compliance Flashcards

1
Q

ISC2 Code of Ethics 1st canon

A

protect society, the commonwealth, and the infrastructure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

exigent circumstances

A

justification for the seizure of evidence w/o warrant due to extremem likelihood that evidence will be destroyed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

criminal law

A

pertains to those laws where the victim can be seen as society itself

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

circumstantial evidence

A

evidence that serves to establish the circumstances related to particular points or even other evidence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

privacy act 1974

A

protects us citizens data used by fed gov’t

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

direct evidence

A

testimony provided by a witness regarding what the witness acutally experienced with their 5 senses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

10 commandments of computer ethics

A

thou shalt not? use computer to harm other people interfere w/ other peoples computer work snoop around in other peoples computer files use a computer to steal use a computer to bear false witness copy or use proprietary s/w for which you have not paid use other peoples computer resources w/o authorization or proper compensation appropriate other people intellectual output thou shalt… think about social consequences of program you’re writing or system you’re designing alwyas use a computer in ways that ensure consideration and respect for fellow humans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

punitive

A

intent is to punish an individual or org

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

slack space

A

data is stored in clusters; if a file doesn’t use entire cluster, the extra space is slack space

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

due care

A

requires that key org stakeholders are prudent in carrying out their duties; due care standard can be seen as defining a minimum standard of care or protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

chain of custody

A

once evidence is acquired, sho, what, when, and where must be fully documented WRT handling of the evidence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

SOX

A

sarbanes-oxley act: created regulatory compliance mandates for publicly traded companies; goal was to ensure financial disclosure and financial auditor independence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

copyright

A

represents a type of intellectual property that protects the form of expression in artistic, musical, or literary workds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

allocated space

A

portions of a disk partition that are marked as actively containing data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

ISC2 Code of Ethics 3rd canon

A

provide diligent and competent service to principals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

trade secrets

A

business proprietary info that is important; things like eKFC secret recipe

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

GLBA

A

gramm-leach-bliley act: requires financial institutions to protect the confidentiality and integrty of consumer financial information and forces them to notify consumers of privacy practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

california senate bill 1386

A

one of first US state-level breach notification laws

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

patents

A

provide a monopoly to the patent holder on the right to use, make, or sell an invention for a period of time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

PCI-DSS

A

payment card industry data security standard: seeks to ensure better prtection of cardholder data through mandating security policy, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

computer fraud and abuse act

A

criminalized actions involving intentional attacks against protected computers resulting in aggregate damages of $5000 in 1 year

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

prudent man rule

A

helps determine if due care was used

18
Q

attestation

A

means of ensuring that some level of scrutiny has been applied to organizations security posture

19
Q

common law

A

significant emphasis on particular cases and judicial precedents as determinants of laws

19
Q

customary law

A

refers to those customs or practices that are so commonly accepted by a group that the custom is treated as a law

20
Q

corroborative evidence

A

strengthens a particular fact or element in a case

21
Q

licenses

A

a cotnract between provider and consumer

22
Q

best evidence rule

A

prefer original documents over copes; conclusive tangible objects over verbal testimony

24
Q

forensics

A

all forensic activities must uphold integrity and be legal and ethical; provides apprach to deal with investigatins and evidence

25
Q

hearsay

A

2nd hand evidence as opposed to direct evidence

26
Q

real evidence

A

consists of tangible or physical objects

27
Q

seconday evidence

A

class of evidence common in cases involving computers; copies, logs, etc

29
Q

EU Data protection directive

A

allows for free flow of info while still maintaing consistent protections of each member nations citizens data

31
Q

EU Data Protection Dir principles

A
  1. notify indiv how their data is collected and used 2. allow indiv to opt out of sharing with 3rd party 3. require indiv to opt into sharing most sensitive data 4. provide reasonable protections for data
32
Q

bad block/cluster/sector

A

sectors on hard disk that can’t be read due to physical defect

33
Q

statutory damages

A

prescribed by law and can be awarded to the victim even if the victim incurred no actual loss or injury

34
Q

trademark

A

purpose is to allow for the creation of a brand that distinguishes the source of products or services

35
Q

HIPAA

A

health insurance portability and accountability act

36
Q

SLA

A

service level agreement: common way of ensuring security

38
Q

difference in civil and common law

A

under civil law, judicial precedents and particular case rulings do not carry the weight they do under common law

39
Q

unallocated space

A

portions of a disk particition that don’t contain active data

40
Q

ISC2 Code of Ethics 2nd canon

A

act honorably, honestly, justly, responsibly, and legally

41
Q

PATRIOT Act

A

expanded law enforcement electronic monitoring capability

43
Q

due diligence

A

managemnet of due care, often associated with a minimum standard on the investigationof third party businesses prior to engaging their services

44
Q

regulatory law

A

law enacted by gov’t agencies (FCC, HIPAA, FDA, FAA, etc)

45
Q

ISC2 Code of Ethics 4th canon

A

advance and protect the profession

46
Q

forensic software analysis

A

focuses on comparing or reverse engineering software

48
Q

enticement

A

persuading someone to commit a crime after that person was already intent on commission of a crime

49
Q

antiforensics

A

make forensic investigation difficult or impossible

50
Q

color of law

A

someone acting as agents of law enforcement and they seize evidence or conduct investigation

51
Q

compensatory

A

provide the victim with a financial award in an effort to compensate for the loss or injury incurred as a direct result of the wrongdoing

52
Q

Entrapment

A

legal defense where defendant claims agent of law enforcement persuaded them to commit crime they wouldn’t otherwise have done

53
Q

network forensics

A

study of data in motion

54
Q

civil law

A

aka tort law; victime will be an individual, group, or org; leverages codified laws or statutes to determine what is considered w/in the bounds of law