Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
96 Cards in this Set
- Front
- Back
|
|
|
|
|
Define computer assisted crime
|
is where a computer was used as a tool to help carry out a crime
|
|
|
Define computer targeted crime
|
concerns incidents where a computer was the victim of an attack crafted to harm it (and its owners) specifically
|
|
|
Define computer incidental
|
is where a computer is not necessarily the attacker or the attackee, but just happened to be involved when a crime was carried out.
|
|
|
What is the main issue addressing computer crime laws
|
The main issues addressed in computer crime laws are unauthorized modification, disclosure, destruction, or access, and inserting malicious programming code.
|
|
|
What is the Council of Europe (CoE) Convention on Cybercrime
|
it is the first international treaty seeking to address computer crimes by coordinating national laws and improving investigative techniques and international cooperation. The Convention’s objectives include the creation of a framework for establishing jurisdiction and extradition of the accused. For example, extradition can only take place when the event is a crime in both jurisdictions.
|
|
|
What is the OECD
|
The OECD is an international organization that helps different governments come together and tackle the economic, social, and governance challenges of a globalized economy.
|
|
|
What are the seven principles of the OECD
|
• Collection of personal data should be limited, obtained by lawful and fair means, and with the knowledge of the subject.
• Personal data should be kept complete and current, and be relevant to the purposes for which it is being used. • Subjects should be notified of the reason for the collection of their personal information at the time that it is collected, and organizations should only use it for that stated purpose. • Only with the consent of the subject or by the authority of law should personal data be disclosed, made available, or used for purposes other than those previously stated. • Reasonable safeguards should be put in place to protect personal data against risks such as loss, unauthorized access, modification, and disclosure. • Developments, practices, and policies regarding personal data should be openly communicated. In addition, subjects should be able to easily establish the existence and nature of personal data, its use, and the identity and usual residence of the organization in possession of that data. • Subjects should be able to find out whether an organization has their personal information and what that information is, to correct erroneous data, and to challenge denied requests to do so. • Organizations should be accountable for complying with measures that support the previous principles. |
|
|
What is the European Union Principles on Privacy
|
This set of principles has six areas that address using and transmitting information considered sensitive in nature. All states in Europe must abide by these six principles to be in compliance.
|
|
|
What are script kiddies
|
Script kiddies are hackers who do not necessarily have the skill to carry out specific attacks without the tools provided for them on the Internet and through friends.
|
|
|
What is safe harbor
|
outlines how any entity that is going to move privacy data to and from Europe must go about protecting it.
|
|
|
What are the types of laws
|
Civil (Code) Law, Common Law, Customary Law, Religious Law Systems, Mixed Law Systems
|
|
|
Define Civil (Code) Law
|
• Civil law is rule-based law not precedence based.
|
|
|
Define common law
|
"• Developed in England.• Based on previous interpretations of laws
• Today, common law uses judges and juries of peers. If the jury trial is waived, the judge decides the facts. • Typical systems consist of a higher court, several intermediate appellate courts, and many local trial courts. Precedent flows down through this system. |
|
|
What are the different types of common law
|
• Criminal
• Civil tort • Administrative (regulatory) |
|
|
Define Administrative/regulatory law
|
administrative law deals with regulatory standards that regulate performance and conduct. Government agencies create these standards, which are usually applied to companies and individuals within those specific industries. Some examples of administrative laws could be that every building used for business must have a fire detection and suppression system, must have easily seen exit signs, and cannot have blocked doors, in case of a fire. Companies that produce and package food and drug products are regulated by many standards so the public is protected and aware of their actions.
|
|
|
Define Tort (civil) Law
|
Civil law deals with wrongs against individuals or companies that result in damages or loss. This is referred to as tort law. Examples include trespassing, battery, negligence, and products liability. A civil lawsuit would result in financial restitution and/or community service instead of a jail sentence. When someone sues another person in civil court, the jury decides upon liability instead of innocence or guilt. If the jury determines the defendant is liable for the act, then the jury decides upon the punitive damages of the case.
|
|
|
Define Criminal law
|
Criminal Law is used when an individual’s conduct violates the government laws, which have been developed to protect the public. Jail sentences are commonly the punishment for criminal law cases, whereas in civil law cases the punishment is usually an amount of money that the liable individual must pay the victim. For example, in the
|
|
|
Which law is generally is derived from common law (case law), cases are initiated by private parties, and the defendant is found “liable” or “not liable” for damages.
|
Civil law
|
|
|
Which law is typically is statutory, cases are initiated by government prosecutors, and the defendant is found guilty or not guilty.
|
Criminal law
|
|
|
What are trade secrets
|
A trade secret is something that is proprietary to a company and important for its survival and profitability. An example of a trade secret is the formula used for a soft drink, such as Coke or Pepsi. The resource that is claimed to be a trade secret must be confidential and protected with certain security precautions and actions. A trade secret
|
|
|
What are copyright
|
copyright law protects the right of an author to control the public distribution, reproduction, display, and adaptation of his original work. The law covers many categories of work: pictorial, graphic, musical, dramatic, literary, pantomime, motion picture, sculptural, sound recording, and architectural. Copyright law does not cover the specific resource, as does trade secret law. A copyright law is usually used to protect an author’s writings, an artist’s drawings, a programmer’s source code, or specific rhythms and structures of a musician’s creation. copyright is weaker than patent protection, but the duration of copyright protection is longer. People are provided copyright protection for life plus 50 years.
|
|
|
What is a trademark
|
A trademark is slightly different from a copyright in that it is used to protect a word, name, symbol, sound, shape, color, or combination of these. The reason a company would trademark one of these, or a combination, is that it represents their company (brand identity) to a group of people or to the world. Usually good for 10 years.
|
|
|
What is a patent
|
Patents are given to individuals or companies to grant them legal ownership of, and enable them to exclude others from using or copying, the invention covered by the patent. The invention must be novel, useful, and not obvious—which means, for example, that a company could not patent air. A patent last for 20 years.
|
|
|
What is the strongest form of intellectual property protection
|
Patent
|
|
|
What are four categories of software licensing.
|
-Freeware is software that is publicly available free of charge and can be used, copied, studied, modified, and redistributed without restriction.
-Shareware, or trialware, is used by vendors to market their software. Users obtain a free, trial version of the software. Once the user tries out the program, the user is asked to purchase a copy of it. -Commercial software is, quite simply, software that is sold for or serves commercial purposes. -academic software is software that is provided for academic purposes at a reduced cost. It can be open source, freeware, or commercial software. |
|
|
What is the digital millennium copyright act
|
The DMCA (Digital Millennium Copyright Act) makes it a crime to circumvent encryption or other copyright protecting techniques.
|
|
|
What is the The Sarbanes-Oxley Act (SOX)
|
The Public Company Accounting Reform and Investor Protection Act of 2002, generally referred to as the Sarbanes-Oxley Act (named after the authors of the bill), was created in the wake of corporate scandals and fraud which cost investors billions of dollars and threatened to undermine the economy. The law, also known as SOX for short, applies to any company that is publicly traded on United States markets. Much of the law governs accounting practices and the methods used by companies to report on their financial status. However, some parts ,Section 404 in particular, apply directly to information technology. SOX provides requirements for how companies must track, manage, and report on financial information.
|
|
|
What is HIPPA
|
The Health Insurance Portability and Accountability Act (HIPAA), a U.S. federal regulation, has been mandated to provide national standards and procedures for the storage, use, and transmission of personal medical information and health care data. This regulation provides a framework and guidelines to ensure security, integrity, and privacywhen handling confidential medical information. HIPAA outlines how security should be managed for any facility that creates, accesses, shares, or destroys medical information.
|
|
|
What is The Gramm-Leach-Bliley Act of 1999 (GLBA)
|
The Gramm-Leach-Bliley Act of 1999 (GLBA) requires financial institutions to develop privacy notices and give their customers the option to prohibit financial institutions from sharing their information with nonaffiliated third parties. The act dictates that the board of directors is responsible for many of the security issues within a financial institution, that risk management must be implemented, that all employees need to be trained on information security issues, and that implemented security measures must be fully tested. It also requires these institutions to have a written security policy in place.
|
|
|
What is the Computer Fraud and Abuse Act
|
The Computer Fraud and Abuse Act, written in 1986 and amended in 1996, is the primary U.S. federal antihacking statute. It prohibits seven forms of activity and makes them federal crimes
|
|
|
What are the seven acts that are considered a crime by the Computer Fraud and Abuse Act
|
• The knowing access of computers of the federal government to obtain classified information without authorization or in excess of authorization• The intentional access of a computer to obtain information from a financial institution, the federal government, or any protected computer involved in interstate or foreign communications without authorization or through the use of excess of authorization• The intentional and unauthorized access of computers of the federal government, or computers used by or for the government when the access affects the government’s use of that computer• The knowing access of a protected computer without authorization or in excess of authorization with the intent to defraud• Knowingly causing the transmission of a program, information, code, or command and, as a result of such conduct, intentionally causing damage without authorization to a protected computer • The knowing trafficking of computer passwords with the intent to defraud• The transmission of communications containing threats to cause damage to a protected computer
|
|
|
What is the The Federal Privacy Act of 1974
|
The Privacy Act applies to records and documents developed and maintained by specific branches of the federal government, such as executive departments, government corporations, independent regulatory agencies, and government-controlled corporations. It does not apply to congressional, judiciary, or territorial subdivisions. The Privacy Act dictates that an agency cannot disclose this information without written permission from the individual.
|
|
|
What is Basel II
|
a means for protecting banks from overextending themselves and becoming insolvent. Basel II is built on three main components, called “Pillars.” Minimum Capital Requirements measures the risk and spells out the calculation for determining the minimum capital. Supervision provides a framework for oversight and review to continually analyze risk and improve security measures. Market Discipline requires member institutions to disclose their exposure to risk and validate adequate market capital.
|
|
|
What is Payment Card Industry Data Security Standards (PCI DSS)
|
PCI DSS is a private-sector industry initiative. As mentioned before, privacy is being dealt with through laws,regulations, self-regulations, and individual protection. PCI is an example of a self-regulation approach. It is not a regulation that came down from the government and that is being governed by a government agency. It is an attempt by the credit card companies to reduce fraud and govern themselves so the government does not have to get involved.
|
|
|
What is The Computer Security Act of 1987
|
The Computer Security Act of 1987 requires U.S. federal agencies to identify computer systems that contain sensitive information. The agency must develop a security policy and plan for each of these systems and conduct periodic training for individuals who operate, manage, or use these systems.
|
|
|
What is The Economic Espionage Act of 1996
|
The Economic Espionage Act of 1996 provides the necessary structure when dealing with these types of cases and further defines trade secrets to be technical, business, engineering, scientific, or financial. This means that an asset does not necessarily need to be tangible to be protected or be stolen. Thus, this act enables the FBI to investigate industrial and corporate espionage cases.
|
|
|
What are Downstream liabilities
|
If one of the companies does not provide the necessary level of protection and its negligence affects a partner it is working with, the affected company can sue the upstream company. Both companies need to make sure they are doing their part to ensure their activities, or the lack of them, will not negatively affect another company
|
|
|
What is an event
|
is a negative occurrence that can be observed, verified, and documented
|
|
|
what is a incident
|
is a series of events that negatively affects the company and/or impacts its security posture.
|
|
|
What are basic items an incident response team should have
|
• A list of outside agencies and resources to contact or report to.
• Roles and responsibilities outlined. • A call tree to contact these roles and outside entities. • A list of computer or forensics experts to contact. • Steps on how to secure and preserve evidence. • A list of items that should be included on a report for management and potentially the courts. • A description of how the different systems should be treated in this type of situation. |
|
|
What are the incident response procedures
|
• Triage
• Investigation • Containment • Analysis • Tracking • Recovery |
|
|
Define the Incident response Triage procedure
|
takes in the information available, investigate its severity, and set priorities on how to deal with the incident.
|
|
|
Define the Incident response Investigation procedure
|
involves the proper collection of relevant data, which will be used in the analysis and following stages.
|
|
|
Define the Incident response Containment procedure
|
buys the incident response team time for a proper investigation and determination of the incident’s root cause.
|
|
|
Define the Incident response Analysis procedure
|
- gather (audit logs, video captures, human accounts of activities, system activities) to try and figure out the root cause of the incident.
|
|
|
Define the Incident response tracking procedure
|
-determine if the source of the incident was internal or external and how the offender penetrated and gained access to the asset.
|
|
|
Define the Incident response Recovery procedure
|
implement the necessary fix to ensure this type of incident cannot happen again.
|
|
|
What uses a bit level copy of a disk
|
Forensics
|
|
|
What are some tools that forensic teams need
|
The forensics team needs specialized tools, an evidence collection notebook, containers, a camera, and evidence identification tags. The notebook should not be a spiral notebook but rather a notebook that is bound in a way that one can tell if pages have been removed.
|
|
|
What are the steps in forensic investigation
|
1st step: Make a sound image of the attacked system and perform forensic analysis on this copy. This will ensure that the evidence stays unharmed on the original system in case some steps in the investigation actually corrupt or destroy data.
2nd step Dump the memory of the system to a file before doing any work on the system or powering it down. 3rd step Chain of custody: Must follow a very strict and organized procedure when collecting and tagging evidence. all evidence should be labeled with information indicating who secured and validated it. |
|
|
Define chain of custody
|
The chain of custody is a history that shows how evidence was collected, analyzed, transported and preserved in order to be presented as evidence in court. Because electronic evidence can be easily modified, a clearly defined chain of custody demonstrates that the evidence is trustworthy.
|
|
|
What is International Organization on Computer Evidence (IOCE)
|
was created to develop international principles dealing with how digital evidence is to be collected and handled so various courts will recognize and use the evidence in the same manner.
|
|
|
What is Scientific Working Group on Digital Evidence (SWDGE),
|
which also aims to ensure consistency across the forensic community.
|
|
|
What is MOM
|
Motivations – Who and why of a crime
Opportunities - Where and when of a crime Means - The capabilities a criminal would need to be successful. |
|
|
What is Locard’s Principle of Exchange
|
The principle states that a criminal leaves something behind and takes something with them. This principle is the foundation of criminalistics. Even in an entirely digital crime scene, Locard’s Principle of Exchange can shed light on who the perpetrator(s) may be.
|
|
|
When analyzing media the original media should have two copies created what are they :
|
a primary image (a control copy that is stored in a library) a working image (used for analysis and evidence collection). These should be time stamped to show when the evidence was collected.
|
|
|
What is the life cycle of evidence
|
Collection and identification, Storage, preservation and transportation, Presentation in court, Being returned to victim or owner.
|
|
|
Define Best evidence
|
Is the primary evidence used in a trial because it provides the most reliability. Is used for documentary evidence such as contracts.
|
|
|
Define Secondary evidence
|
Is not viewed as reliable and strong in proving innocence or guilt when compared to best evidence.
|
|
|
Define Direct evidence
|
Can prove fact all by itself instead of needing backup information to refer to.
|
|
|
Define Conclusive evidence
|
Is irrefutable and cannot be contradicted.
|
|
|
Define Circumstantial evidence
|
Can prove an intermediate fact that can then be used to deduce or assume the existence of another fact.
|
|
|
Define Corroborative evidence
|
Is supporting evidence used to help prove an idea or point. It cannot stand on its own, but is used as a supplementary tool to help prove a primary piece of evidence.
|
|
|
Define Opinion rule
|
When a witness testifies, the opinion rule dictates that she must testify to only the facts of the issue and not her opinion of the facts.
|
|
|
Define Hearsay evidence
|
Pertains to oral or written evidence that is presented in court that is secondhand and that has no firsthand proof of accuracy or reliability.
|
|
|
What are the characteristic for evidence to be admissible in court
|
Must be Sufficient - It must be persuasive enough to convince a reasonable person of the validity of the findings. Means also that it cannot be easily doubtedMust be Reliable / Competent - It must be consistent with fact, must be factual and not circumstantial.Must be Relevant - It must have a reasonable and sensible relationship to the findings.Must be Legally permissible - It was obtained in a legal way.
|
|
|
What are exigent circumstances
|
In some circumstances, a law enforcement agent may seize evidence that is not included in the warrant, such as if the suspect tries to destroy the evidence. In other words, if there is an impending possibility that evidence might be destroyed, law enforcement may quickly seize the evidence to prevent its destruction.
|
|
|
What is the difference between Enticement and Entrapment
|
Enticement - Is legal and ethical. Entrapment -Is neither legal nor ethical.
|
|
|
What is a salami attack
|
A salami attack is one in which the attacker commits several small crimes with the hope that the overall larger crime will go unnoticed. Salami attacks usually take place in the accounting departments of companies, and the most common example of a salami attack involves subtracting a small amount of funds from many accounts with the hope that such an insignificant amount would be overlooked.
|
|
|
Define Data Diddling
|
the act of willfully modifying information, programs, or documentation in an effort to commit fraud or disrupt production.
|
|
|
Define Excessive Privileges
|
Occurs when a user has more computer rights, permissions and privileges than what is required for the tasks she needs to fulfill.
|
|
|
Define Password Sniffing
|
Sniffing network traffic in the hopes of capturing passwords being sent between computers.
|
|
|
Define IP Spoofing:
|
Manually change the IP address within a packet to point to another address.
|
|
|
Define Denial of Service - DoS
|
Denying others the service that the victim system usually provides.
|
|
|
Define Dumpster Diving
|
Refers to someone rummaging through another person’s garbage for discarded document, information and other precious items that could then be used against that person or company.
|
|
|
Define Emanations Capturing
|
Eavesdropping of the electrical waves emitted by every electrical device.
|
|
|
Define Wiretapping
|
Eavesdropping of communication signals.
|
|
|
Define Social Engineering
|
The art of tricking people and using the information they know unknowingly supply in a malicious way.
|
|
|
Define Masquerading
|
A method that an attacker can use to fool others of her real identity
|
|
|
What is Due Care
|
Steps that are taken to show that a company has taken responsibility for the activities that take place within the corporation and have taken the necessary steps to help protect the company, its resources and employees.
|
|
|
What is Due Diligence
|
Continual activities that make sure the protection mechanisms are continually maintained and operational.
|
|
|
Define the Prudent man rule
|
To perform duties that prudent people would exercise in similar circumstances.
|
|
|
What is Legally recognized obligation
|
There is a stand of conduct expected of the company to protect others from unreasonable risks. The company must fail to conform to this standard, which results in injury or damage to another.
|
|
|
What is Proximate causation
|
Someone can prove that the damage that was caused was the company’s fault. (The information provided by Medical Information, Inc., caused Don Hammy great embarrassment and prevented him from obtaining a specific job.)
|
|
|
What 6 action does the - Internet Activities Board (IAB) consider unethical and unacceptable behavior
|
Purposely seeking to gain unauthorized access to Internet resources - Wasting resources through purposeful actions -Destroying the integrity of computer-based information -Compromising the privacy of others -Involving negligence in the conduct of Internet-wide experiments
|
|
|
What are ISC2 Code of Ethics Canons -
|
-Protect society, the commonwealth and the infrastructure,
-Act honorably, honestly, justly, responsibly and legally, -Provide diligent and competent service to principals, -Advance and Protect the profession. |
|
|
If companies are going to use any type of monitoring, what must they do
|
they need to make sure it is legal in their business sector and must inform all employees that they may be subjected to monitoring.
|
|
|
What are Logon banners used for
|
should be used to inform users of what could happen if they do not follow the rules pertaining to using company resources. This provides legal protection for the company.
|
|
|
Why is it hard to enforce crime across different country boundaries
|
Countries differ in their view of the seriousness of computer crime and have different penalties for certain crimes. This makes enforcing laws much harder across country borders.
|
|
|
What are the three main types of harm addressed in computer crime laws
|
unauthorized intrusion, unauthorized alteration or destruction, using malicious code.
|
|
|
Why do many computer crimes go unreported
|
Most computer crimes are not reported because the victims are not aware of the crime or are too embarrassed to let anyone else know.
|
|
|
What is the primary reason for chain of custody
|
The primary reason for the chain of custody of evidence is to ensure that it will be admissible in court by showing it was properly controlled and handled before being presented in court.
|
|
|
If a company was to develop its own incident response team who should be on the team
|
Companies should develop their own incident response team made up of people from management, IT, legal, human resources, public relations, security, and other key areas of the organization.
|
|
|
For business records to not be considered hearsay what must be done
|
To be admissible in court, business records have to be made and collected in the normal course of business, not specially generated for a case in court. Business records can easily be hearsay if there is no firsthand proof of their accuracy and reliability.
|
|
|
What is the difference in 4th amendment rights from a police and private citizen prospective
|
In many jurisdictions, law enforcement agencies must obtain a warrant to search and seize an individual’s property, as stated in the Fourth Amendment. Private citizens are not required to protect the Fourth Amendment rights of others unless acting as a police agent.
|
