Legal, Reg, Invest, Compliance

Question 1

ISC2 Code of Ethics 1st canon

Answer 1

protect society, the commonwealth, and the infrastructure

Question 2

exigent circumstances

Answer 2

justification for the seizure of evidence w/o warrant due to extremem likelihood that evidence will be destroyed

Question 2

criminal law

Answer 2

pertains to those laws where the victim can be seen as society itself

Question 2

circumstantial evidence

Answer 2

evidence that serves to establish the circumstances related to particular points or even other evidence

Question 3

privacy act 1974

Answer 3

protects us citizens data used by fed gov’t

Question 3

direct evidence

Answer 3

testimony provided by a witness regarding what the witness acutally experienced with their 5 senses

Question 4

10 commandments of computer ethics

Answer 4

thou shalt not? use computer to harm other people interfere w/ other peoples computer work snoop around in other peoples computer files use a computer to steal use a computer to bear false witness copy or use proprietary s/w for which you have not paid use other peoples computer resources w/o authorization or proper compensation appropriate other people intellectual output thou shalt… think about social consequences of program you’re writing or system you’re designing alwyas use a computer in ways that ensure consideration and respect for fellow humans

Question 5

punitive

Answer 5

intent is to punish an individual or org

Question 5

slack space

Answer 5

data is stored in clusters; if a file doesn’t use entire cluster, the extra space is slack space

Question 7

due care

Answer 7

requires that key org stakeholders are prudent in carrying out their duties; due care standard can be seen as defining a minimum standard of care or protection

Question 8

chain of custody

Answer 8

once evidence is acquired, sho, what, when, and where must be fully documented WRT handling of the evidence

Question 9

SOX

Answer 9

sarbanes-oxley act: created regulatory compliance mandates for publicly traded companies; goal was to ensure financial disclosure and financial auditor independence

Question 10

copyright

Answer 10

represents a type of intellectual property that protects the form of expression in artistic, musical, or literary workds

Question 11

allocated space

Answer 11

portions of a disk partition that are marked as actively containing data

Question 12

ISC2 Code of Ethics 3rd canon

Answer 12

provide diligent and competent service to principals

Question 13

trade secrets

Answer 13

business proprietary info that is important; things like eKFC secret recipe

Question 13

GLBA

Answer 13

gramm-leach-bliley act: requires financial institutions to protect the confidentiality and integrty of consumer financial information and forces them to notify consumers of privacy practices

Question 14

california senate bill 1386

Answer 14

one of first US state-level breach notification laws

Question 16

patents

Answer 16

provide a monopoly to the patent holder on the right to use, make, or sell an invention for a period of time

Question 16

PCI-DSS

Answer 16

payment card industry data security standard: seeks to ensure better prtection of cardholder data through mandating security policy, etc.

Question 17

computer fraud and abuse act

Answer 17

criminalized actions involving intentional attacks against protected computers resulting in aggregate damages of $5000 in 1 year

Question 18

prudent man rule

Answer 18

helps determine if due care was used

Question 18

attestation

Answer 18

means of ensuring that some level of scrutiny has been applied to organizations security posture

Question 19

common law

Answer 19

significant emphasis on particular cases and judicial precedents as determinants of laws

Question 19

customary law

Answer 19

refers to those customs or practices that are so commonly accepted by a group that the custom is treated as a law

Question 20

corroborative evidence

Answer 20

strengthens a particular fact or element in a case

Question 21

licenses

Answer 21

a cotnract between provider and consumer

Question 22

best evidence rule

Answer 22

prefer original documents over copes; conclusive tangible objects over verbal testimony

Question 24

forensics

Answer 24

all forensic activities must uphold integrity and be legal and ethical; provides apprach to deal with investigatins and evidence

Question 25

hearsay

Answer 25

2nd hand evidence as opposed to direct evidence

Question 26

real evidence

Answer 26

consists of tangible or physical objects

Question 27

seconday evidence

Answer 27

class of evidence common in cases involving computers; copies, logs, etc

Question 29

EU Data protection directive

Answer 29

allows for free flow of info while still maintaing consistent protections of each member nations citizens data

Question 31

EU Data Protection Dir principles

Answer 31

1. notify indiv how their data is collected and used 2. allow indiv to opt out of sharing with 3rd party 3. require indiv to opt into sharing most sensitive data 4. provide reasonable protections for data

Question 32

bad block/cluster/sector

Answer 32

sectors on hard disk that can’t be read due to physical defect

Question 33

statutory damages

Answer 33

prescribed by law and can be awarded to the victim even if the victim incurred no actual loss or injury

Question 34

trademark

Answer 34

purpose is to allow for the creation of a brand that distinguishes the source of products or services

Question 35

HIPAA

Answer 35

health insurance portability and accountability act

Question 36

SLA

Answer 36

service level agreement: common way of ensuring security

Question 38

difference in civil and common law

Answer 38

under civil law, judicial precedents and particular case rulings do not carry the weight they do under common law

Question 39

unallocated space

Answer 39

portions of a disk particition that don’t contain active data

Question 40

ISC2 Code of Ethics 2nd canon

Answer 40

act honorably, honestly, justly, responsibly, and legally

Question 41

PATRIOT Act

Answer 41

expanded law enforcement electronic monitoring capability

Question 43

due diligence

Answer 43

managemnet of due care, often associated with a minimum standard on the investigationof third party businesses prior to engaging their services

Question 44

regulatory law

Answer 44

law enacted by gov’t agencies (FCC, HIPAA, FDA, FAA, etc)

Question 45

ISC2 Code of Ethics 4th canon

Answer 45

advance and protect the profession

Question 46

forensic software analysis

Answer 46

focuses on comparing or reverse engineering software

Question 48

enticement

Answer 48

persuading someone to commit a crime after that person was already intent on commission of a crime

Question 49

antiforensics

Answer 49

make forensic investigation difficult or impossible

Question 50

color of law

Answer 50

someone acting as agents of law enforcement and they seize evidence or conduct investigation

Question 51

compensatory

Answer 51

provide the victim with a financial award in an effort to compensate for the loss or injury incurred as a direct result of the wrongdoing

Question 52

Entrapment

Answer 52

legal defense where defendant claims agent of law enforcement persuaded them to commit crime they wouldn’t otherwise have done

Question 53

network forensics

Answer 53

study of data in motion

Question 54

civil law

Answer 54

aka tort law; victime will be an individual, group, or org; leverages codified laws or statutes to determine what is considered w/in the bounds of law