Legal, Regulations, Investigations and Compliance Flashcards
Breach of data security
attackers alter or compromise the static data store on computers
breach of physical security
attackers intercept communications lines and listen to sensitive conversation or gain access to documents in the trash.
breach of communication security
attackers use malicious code to crack the integrity and confidentiality of digitally transmitted information.
breach of operations security
attackers compromise day to day processes or procedures through methods such as IP spoofing
breach of personnel security
attackers gain information from company employees
Covers individual and business rights and obligations under the law.
torte law
Combines aspects of two or more legal systems
mixed law
derives from the broad legal principals and the interpretation of doctrinal writings
civil law
Regulates organizations and their employees using a system of punishment
administrative law
Responsible for maintaining peace and order among a population
criminal law
covers all aspect of social and spiritual behavior within society.
religious law
4 categories of computer crimes
computer as the target
computer as the instrument
computer as incidental to other crimes
crimes associated with the prevalence of computers
Computer as the target category
involve sabotage of computers and networks
stealing information
Computer as the instrument category
computer used as a means to create chaos
computer as incidental to other crimes category
computers aren’t essential for the crimes, just facilitate
crimes associated with the prevalence of computers
software piracy
stealing computer equipment
Breach of physical security
involves a breach in the actual hardware that makes up the system, network, or building
dumpster diving
wiretapping
shoulder surfing
breach of personnel security
attackers trick employees
breach of communications security
unauthorized people use digital communication lines to compromise the integrity and confidentiality of information transmitted between authorized parties. trap doors tunneling timing virus/worm/trojan salami
salami attack
attacker takes a small amount of money from a large quantity of individuals
breach of data security
attackers alter or compromise the static data stored on computers.
breach of operations security
attackers take advantage of day to day processes or procedures IP spoofing password sniffing scanning excess privileges data diddling
Data diddling
an attacker alters data either when it is entered or soon after the data is processed by the application and is ready for output.
civil law
basis of legal system in Europe
based on Roman law
derives from broad legal principles and the interpretation of doctrinal writings
common law
depends on judicial decisions that were based on tradition, custom, and precedent.
Criminal codes dealing with computer crimes
18 USC 1029
18 USC 1362
18 USC 2510
18 USC 3121
Laws dealing with privacy
Federal Privacy Act
HIPPA
Gramm-Leach-Bliley
direct evidence
eyewitness statement
demonstrative evidence
chart used to explain a concept to a jury
documentary evidence
printed transcripts of telephone conversations
real evidence
perishable object capable of reproduction
5 evidence life cycle stages
collection and identification analysis storage, preservation, and transportation court presentation return to owner
definition of due care
an organization takes all reasonable steps to protect against security breaches
definition of due diligence
an organization properly investigates possible weaknesses and vulnerabilities
Where does the greatest risk of cybercrime come from? A. outsiders B. nation-states C. insiders D. script kiddies
C. insiders
What is the largest hindrance to fighting computer crime?
A. computer criminals are generally smarter than computer investigators
B. adequate funding to stay ahead of the computer criminals.
C. activity associated with computer crime is truly international
D. there are so many more computer criminals than investigators that it is impossible to keep up.
C. activity associated with computer crime is truly international
Computer forensics is the marriage of computer science, information technology, and engineering with A. Law B. Information Systems C. analytical thought D. scientific method
A. Law
What principal allows an investigator to identify aspects of the person responsible for a crime when, whenever committing a crime, the perpetrator leaves traces while stealing assets?
A. meyer’s principal of legal impunity
B. criminalistic principals
C. IOCE/Group of 8 nations principals for computer forensics.
D. Locard’s principle of exchange
D. Locard’s principle of exchange
Which of the following is part of the five rules of evidence?
A. be authentic, be redundant, be admissible
B. be complete, be authentic, and be admissible
C. be complete, be redundant, and be authentic
D. be redundant, be admissible, and be complete
B. be complete, be authentic, and be admissible
What is not mentioned as a phase of an incident response? A. documentation B. prosecution C. containment D. investigation
B. prosecution
Which best emphasizes the abstract concepts of law and is influenced by the writings of legal scholars and academics. A. criminal law B. civil law C. religious law D. administrative law
B. civil law
Which type of intellectual property cover the expression of ideas than the ideas themselves? A. trademark B. patent C. copyright D. trade secret
C. copyright
Which type of intellectual property protects the goodwill a merchant or vendor invests in its products? A. trademark B. patent C. copyright D. trade secret
A. trademark
Which of the following are computer forensics guidelines? A. IOCE, MOM, SWGDE B. MOM, SWGDE, IOCE C. IOCE, SWGDE, ACPO D. ACPO, MOM, IOCE
C. IOCE, SWGDE, ACPO
Which of the following are categories of software licensing? A. freeware, open source, commercial B. commercial, academic, open source C. academic, freeware, open source D. freeware, commercial, academic
D. freeware, commercial, academic
What are the rights and obligations of individuals and organizations with respect to the collection, use, retention, and disclosure of personal information best related to? A. privacy B. secrecy C. availability D. reliability
A. privacy
triage encompasses which of the following incident response subphases?
A. collection, transport, testimony
B. traceback, feedback, loopback
C. detection, identification, notification
D. confidentiality, integrity, availability
C. detection, identification, notification
The integrity of a forensic bit stream image is determined by
A. comparing hash totals to the original source
B. keeping good notes
C. taking pictures
D. encrypting keys
A. comparing hash totals to the original source
When dealing with digital evidence, the crime scene
A. must never be altered
B. must be completely reproducible in a court of law
C. must exist in only one country
D. must have the least amount of contamination that is possible.
D. must have the least amount of contamination that is possible.
When outsourcing IT systems
A. all regulatory and compliance requirements must be passed on to the provider
B. the outsourcing organization is free from compliance obligations
C. the outsourced IT systems are free from compliance obligations
D. the provider is free from compliance obligations
A. all regulatory and compliance requirements must be passed on to the provider
The ISC2 code of ethics resolves conflicts between canons by
A. there can never be conflicts between canons
B. working through adjudication
C. the order of the canons
D. vetting all canon conflicts through the board of directors
C. the order of the canons
When dealing with digital evidence, the chain of custody
A. must never be altered
B. must be completely reproducible in a court of law
C. must exist in only one country
D. must follow a formal documented process
D. must follow a formal documented process
To ensure proper forensics action when needed, an incident response program must
A. avoid conflicts of interest by ensuring organization legal council is not part of the process
B. routinely create forensic images of all desktops and servers
C. only promote closed incidents to law enforcement
D. treat every incident as though it may be a crime
D. treat every incident as though it may be a crime
A hard drive is recovered from a submerged vehicle. The drive is needed for a court case. What is the best approach to pull information off the drive.
A. wait for the drive to dry and then install it in a desktop and attempt to retrieve the information via normal operating system commands.
B. place the drive in a forensic oven to dry it and then use a degausser to remove any residual humidity prior to installing the drive in a laptop and using the OS to pull off information.
C. While the drive is still wet, use a forensic bit to bit copy program to ensure the drive is preserved in its native state.
D. Contact a professional data recovery organization, explain the situation and request they pull a forensic image.
D. Contact a professional data recovery organization, explain the situation and request they pull a forensic image.
Which organization has been developed to deal with economic, social, and governance issues, and how sensitive data is transported over borders?
A. European Union
B. Council of Europe
C. Safe Harbor
D. Organization for Economic Cooperation and Development.
D. Organization for Economic Cooperation and Development.
Different countries have different legal systems. Which of the following correctly describes customary law?
A. Not many countries work under this law purely. Most instead use a mixed system where this law, which deals mainly with personal conduct and patterns of behavior is an integrated component.
B. It is a rule-based law focused on codified law
C. Based on previous interpretations of laws, this system reflects the community’s morals and expectations.
A. Not many countries work under this law purely. Most instead use a mixed system where this law, which deals mainly with personal conduct and patterns of behavior is an integrated component.
Widgets Inc wishes to protect its logo from unauthorized use. Which of the following will protect the logo and ensure that others cannot copy and use it? A. Patent B. Copyright C. Trademark D. Trade Secret
C. Trademark
There are 4 categories of software licensing. Which of the following refers to software sold a reduced cost? A. Shareware B. Academic software C. Freeware D. Commercial software
B. Academic software
There are different types of approaches to regulations. Which of the following is an example of self-regulation?
A. The Health Insurance Portability and Accountability Act.
B. Sarbanes-Oxley
C. Computer fraud and abuse act
D. PCI data security standard
D. PCI data security standard
Which of the following means that a company did all it could have reasonably done to prevent a security breach? A. Downstream liability B. Responsibility C. Due diligence D. Due Care
D. Due Care
There are 3 different types of incident response teams. Which of the following correctly describes a virtual team?
A. It consists of experts who have other duties within the organization.
B. It can be cost prohibitive to smaller organizations.
C. It is a hybrid model.
D. Core members are permanently assigned to the team.
A. It consists of experts who have other duties within the organization
A suspected crime has been reported within your organization. Which of the following steps should the incident response team take first?
A. Establish a procedure for responding to the incident.
B. Call in forensics experts.
C. Determine that a crime has been committed.
D. Notify senior management.
C. Determine that a crime has been committed.
During an incident response, what stage involves mitigating the damage caused by an incident? A. Investigation B. Containment C. Triage D. Analysis
B. Containment
Which of the following is a correct statement regarding computer forensics?
A. It is the study of computer technology
B. It is a set of hardware-specific processes that must be followed in order for evidence to be admissible in a court of law.
C. It encompasses network and code analysis, and may be referred to as electronic data discovery.
D. Computer forensics responsibilities should be assigned to a network administrator before an incident occurs.
C. It encompasses network and code analysis, and may be referred to as electronic data discovery.
Which of the following dictates that all evidence be labeled with information indicating who secured and validated it? A. Chain of custody B. Due Care C. Investigation D. Motive, Opportunity, and Means
A. Chain of custody
There are several categories of evidence. How is a witness'es oral testimony categories? A. Best evidence B. Secondary evidence C. Circumstantial evidence D. Conclusive evidence
B. Secondary evidence
For evidence to be legally admissible, it must be authentic, complete, sufficient, and reliable. Which characteristic refers to the evidence having a reasonable and sensible relationship to the findings? A. Complete B. Reliable C. Authentic D. Sufficient
C. Authentic
Which of the following best describes exigent circumstances?
A. The methods used to capture a suspect’s actions are neither legal nor ethical.
B. Enticement is used to capture a suspect’s actions
C. Hacking does not actually hurt anyone
D. The seizure of evidence by law enforcement because there is concern that a suspect will attempt to destroy it.
D. The seizure of evidence by law enforcement because there is concern that a suspect will attempt to destroy it.
What role does the Internet Architecture Board play regarding technology and ethics?
A. It creates criminal sentencing guidelines
B. It issues ethics-related statements concerning the use of the internet.
C. It edits Requests for Comment
D. It maintains ten commandments for ethical behavior
B. It issues ethics-related statements concerning the use of the internet.
Which of the following statements is not true of dumpster diving? A. It is legal B. It is unethical C. It is illegal D. It is a non-technical attack
C. It is illegal
Which of the following is a legal form of eavesdropping when performed with prior consent or a warrant? A. Denial of Service B. Dumpster Diving C. Wiretapping D. Data diddling
C. Wiretapping
What type of common law deals with violations committed by individuals against government laws, which are created to protect the public? A. Criminal Law B. Civil Law C. Tort Law D. Regulatory law
A. Criminal Law
During what stage of incident response is it determined if the source of the incident was internal or external, and how the offender penetrated and gained access to the asset? A. Analysis B. Containment C. Tracking D. Follow-up
C. Tracking
Which of the following is not true of a forensics investigation?
A. The crime scene should be modified as necessary.
B. A file copy tool may not recover all data areas of the device that are necessary for investigation.
C. Contamination of the crime scene may not negate derived evidence, but it should still be documented.
D. Only individual with knowledge of basic crime scene analysis should have access to the crime scene.
A. The crime scene should be modified as necessary.
Great care must be taken to capture clues from a computer or device during a forensics exercise. Which of the following does not correctly describe the efforts that should be taken to protect an image?
A. The original image should be hashed with MD5 or SHA-256.
B. Two time-stamps should be created
C. New media should be properly purged before images are created on them.
D. Some systems must be imaged while they are running.
D. Some systems must be imaged while they are running.
Which of the following attacks can be best prevented by limiting the amount of electrical signals emitted from a computer system? A. Salami B. Emanations capturing C. Password sniffing D. IP spoofing
B. Emanations capturing
As a CISSP candidate, you must sign a code of ethics. Which of the following is from the ISC2 code of ethics for the CISSP?
A. Information should be shared freely and openly; thus sharing confidential information should be ethical.
B. Think about the social consequences of the program you are writing or the system you are designing
C. Discourage unnecessary fear or doubt
D. Do not participate in internet wide experiments in a negligent manner.
C. Discourage unnecessary fear or doubt
What concept states that a criminal leaves something behind and takes something with them? A. Modus operandi B. Profiling C. Locard's principal of exchange D. Motive, opportunity, and means
C. Locard’s principal of exchange
Which of the following was the first international treaty seeking to address computer crimes by coordinating national laws and improving investigative techniques and international cooperation?
A. Council of Global Convention on Cybercrime
B. Council of European Convention on Cybercrime
C. Organization for economic cooperation and development
D. Organization for cybercrime cooperation and development
B. Council of European Convention on Cybercrime
Lee is a new security manager who is in charge of ensuring that his company complies with the European Union principles on privacy when his company is interacting with their European partners. The set of principles that deals with transmitting data considered private is encompassed within which of the following laws or regulation?
A. Data protection directive
B. Organization for economic cooperation and development
C. Federal private bill
D. Privacy protection law
A. Data protection directive
The common law system is broken down into which of the following categories? A. common, civil, criminal B. legislation, bills, regulatory C. civil, criminal, regulatory D. legislation, bills, civil
C. civil, criminal, regulatory
Privacy is becoming more threatened as the world relies more and more on technology. There are several approaches to addressing privacy, including the generic approach and regulation by industry. Which of the following best describes these two approaches?
A. The generic approach is vertical enactment. Regulation by industry is horizontal enactment
B. The generic approach is horizontal enactment. Regulation by industry is vertical enactment
C. The generic approach is government enforced. Regulation by industry is self-enforced
D. The generic approach is self enforced. Regulation by industry is government enforced.
B. The generic approach is horizontal enactment. Regulation by industry is vertical enactment
Which of the following best describes the organization that developed the best practices that Stephanie needs to ensure her company’s procedures map to?
A. Internet activities board
B. International organization on computer evidence
C. Department of defense forensics committee
D. International forensics standards board
B. International organization on computer evidence
Which of the following best describes what Stephanie needs to build for the deployment teams? A. Local and remote imaging B. Forensics field kit C. Chain of custody procedures and tools D. Digital evidence collection software
B. Forensics field kit