midterm Flashcards
How does online communication challenge traditional legal structures?
It bypasses geographical and jurisdictional restraints, making enforcement of laws across borders difficult
What are the key legal concerns in cybersecurity?
Jurisdictional fragmentation, lack of legal harmonization, and difficulties in attributing cyberattacks.
Why is cybercrime difficult to regulate internationally?
Different countries have varying legal definitions and laws related to cybercrime, making global cooperation challenging.
Who coined the term “cyberspace” and when?
William Gibson in 1982.
What makes cyberattacks difficult to attribute?
Anonymity, use of proxy servers, and techniques like botnets that disguise the origin of the attack.
Why is jurisdictional fragmentation a challenge in combating cybercrime?
Cybercrime is borderless, while legal systems are based on national sovereignty, creating enforcement gaps.
What are the three emerging cyber threats that require legal regulation?
Cybercrime, cyberwar, and cyberterrorism.
What is the Tallinn Manual?
A document outlining how international law applies to cyber warfare.
How does asymmetry in cyberspace contribute to cyber threats?
A small group or individual can launch large-scale cyberattacks without requiring extensive resources.
Why is the internet inherently vulnerable to cyberattacks?
Why is the internet inherently vulnerable to cyberattacks?
What is an example of jurisdictional challenges in prosecuting cybercrime?
The 2001 “Love Bug” virus originated in the Philippines, but lack of local laws prevented prosecution or extradition.
Why do cybercriminals use “slave” computers?
To disguise their location and make it harder to trace the attack back to them.
What factors make cyberspace difficult to regulate?
Global reach, anonymity, lack of borders, and decentralized structure.
Which organizations and policies play a role in international cybersecurity regulation?
Cybersecurity Strategy of the European Union
EU Cybersecurity Act
ITU (International Telecommunication Union) Cybersecurity Strategy
ENISA (European Union Agency for Cybersecurity) Risk Management Standards
What is the Budapest Convention on Cybercrime, and why is it important?
An international treaty aimed at harmonizing cybercrime laws, enhancing cooperation, and improving cybercrime investigations.
What is the NIS 2 Directive, and what does it regulate?
An updated EU directive on network and information security, strengthening cybersecurity requirements for essential and important entities.
What is the purpose of the EU General Data Protection Regulation (GDPR)?
To protect individuals’ personal data and privacy within the EU, setting strict rules on data processing and storage.
What are the main cybersecurity threats according to ENISA?
Ransomware
Phishing attacks
Data breaches
Supply chain attacks
Insider threats
What are the substantive aspects of cybercrime law covered in the course?
Definition and classification of cybercrimes
Criminal liability for cyber offenses
Legal frameworks governing cybercrime investigations
What are the procedural aspects of cybercrime law?
Investigative procedures for digital crimes
Legal mechanisms for cross-border cooperation
Handling digital evidence and forensic procedures
Why is jurisdictional fragmentation a challenge in cybersecurity law?
Because cybercrimes can be committed across borders, national laws often conflict, making enforcement and prosecution difficult.
What is the role of ENISA in cybersecurity?
ENISA (European Union Agency for Cybersecurity) provides guidance, risk assessment frameworks, and cybersecurity policies for EU member states.
What is the IBM X-Force Threat Intelligence Index, and why is it important?
A cybersecurity report analyzing global threat trends, vulnerabilities, and risks to help organizations enhance their defenses.
What legal frameworks exist for cybersecurity in finance and AI sectors?
EU Artificial Intelligence Act
High-Level Expert Group on AI Ethics Guidelines
EBA Guidelines on ICT and Security Risk Management
What is cyber risk management, and why is it important?
A process of identifying, analyzing, and mitigating cybersecurity risks to protect critical infrastructure and sensitive data.
What are the key aspects of cybersecurity incident management?
Incident classification
Threat detection
Incident response and reporting
Mitigation strategies
What are ICT third-party risks, and why must they be managed?
Risks arising from outsourcing IT services or using third-party vendors, which can introduce vulnerabilities into an organization’s network.
What is the responsibility of private entities in cyber operations?
Private organizations must ensure cybersecurity compliance, protect user data, and report cyber incidents as required by regulations.
