Legal, Reg, Invest, Compliance Flashcards
ISC2 Code of Ethics 1st canon
protect society, the commonwealth, and the infrastructure
exigent circumstances
justification for the seizure of evidence w/o warrant due to extremem likelihood that evidence will be destroyed
criminal law
pertains to those laws where the victim can be seen as society itself
circumstantial evidence
evidence that serves to establish the circumstances related to particular points or even other evidence
privacy act 1974
protects us citizens data used by fed gov’t
direct evidence
testimony provided by a witness regarding what the witness acutally experienced with their 5 senses
10 commandments of computer ethics
thou shalt not? use computer to harm other people interfere w/ other peoples computer work snoop around in other peoples computer files use a computer to steal use a computer to bear false witness copy or use proprietary s/w for which you have not paid use other peoples computer resources w/o authorization or proper compensation appropriate other people intellectual output thou shalt… think about social consequences of program you’re writing or system you’re designing alwyas use a computer in ways that ensure consideration and respect for fellow humans
punitive
intent is to punish an individual or org
slack space
data is stored in clusters; if a file doesn’t use entire cluster, the extra space is slack space
due care
requires that key org stakeholders are prudent in carrying out their duties; due care standard can be seen as defining a minimum standard of care or protection
chain of custody
once evidence is acquired, sho, what, when, and where must be fully documented WRT handling of the evidence
SOX
sarbanes-oxley act: created regulatory compliance mandates for publicly traded companies; goal was to ensure financial disclosure and financial auditor independence
copyright
represents a type of intellectual property that protects the form of expression in artistic, musical, or literary workds
allocated space
portions of a disk partition that are marked as actively containing data
ISC2 Code of Ethics 3rd canon
provide diligent and competent service to principals
trade secrets
business proprietary info that is important; things like eKFC secret recipe
GLBA
gramm-leach-bliley act: requires financial institutions to protect the confidentiality and integrty of consumer financial information and forces them to notify consumers of privacy practices
california senate bill 1386
one of first US state-level breach notification laws
patents
provide a monopoly to the patent holder on the right to use, make, or sell an invention for a period of time
PCI-DSS
payment card industry data security standard: seeks to ensure better prtection of cardholder data through mandating security policy, etc.
computer fraud and abuse act
criminalized actions involving intentional attacks against protected computers resulting in aggregate damages of $5000 in 1 year