Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
21 Cards in this Set
- Front
- Back
|
• Dumpster diving refers to going through someone’s trash to find confidential
or useful information. It is legal, unless it involves trespassing, but in all cases it is considered unethical. |
• Wiretapping is a passive attack that eavesdrops on communications. It is only
legal with prior consent or a warrant. |
|
|
• Social engineering is the act of tricking or deceiving a person into giving
confidential or sensitive information that could then be used against him or his company. |
Civil Law System
Uses prewritten rules and is not based on precedence Is different from civil (tort) laws, which work under a common law system |
|
|
Common Law System
Made up of criminal, civil, and administrative laws |
Customary Law System
Addresses mainly personal conduct, and uses regional traditions and customs as the foundations of the laws Is usually mixed with another type of listed legal system rather than being the sole legal system used in a region |
|
|
Religious Law System Laws are derived from religious beliefs and address an individual’s religious
responsibilities; commonly used in Muslim countries or regions. |
Mixed Law System Using two or more legal systems Data diddling is the act of willfully modifying information, programs, or
documentation in an effort to commit fraud or disrupt production. |
|
|
• Excessive privileges means an employee has more rights than necessary to
complete her tasks. |
• Criminal law deals with an individual’s conduct that violates government laws
developed to protect the public. |
|
|
• Civil law deals with wrongs committed against individuals or companies
that result in injury or damages. Civil law does not use prison time as a punishment, but usually requires financial restitution. |
• Administrative, or regulatory, law covers standards of performance or conduct
expected by government agencies from companies, industries, and certain officials. |
|
|
• A patent grants ownership and enables that owner to legally enforce his rights
to exclude others from using the invention covered by the patent. |
• Copyright protects the expression of ideas rather than the ideas themselves.
|
|
|
• Trademarks protect words, names, product shapes, symbols, colors, or a
combination of these used to identify products or a company. These items are used to distinguish products from the competitors’ products. |
• Trade secrets are deemed proprietary to a company and often include
information that provides a competitive edge. The information is protected as long as the owner takes the necessary protective actions. |
|
|
• Crime over the Internet has brought about jurisdiction problems for law
enforcement and the courts. |
• Privacy laws dictate that data collected by government agencies must be
collected fairly and lawfully, must be used only for the purpose for which they were collected, must only be held for a reasonable amount of time, and must be accurate and timely. |
|
|
• If companies are going to use any type of monitoring, they need to make sure
it is legal in their business sector and must inform all employees that they may be subjected to monitoring. |
• Employees need to be informed regarding what is expected behavior
pertaining to the use of the company’s computer systems, network, e-mail system, and phone system. They need to also know what the ramifications are for not meeting those expectations. These requirements are usually communicated through policies. |
|
|
• Logon banners should be used to inform users of what could happen if they
do not follow the rules pertaining to using company resources. This provides legal protection for the company. |
• Countries differ in their view of the seriousness of computer crime and have
different penalties for certain crimes. This makes enforcing laws much harder across country borders. |
|
|
• The three main types of harm addressed in computer crime laws pertain to
unauthorized intrusion, unauthorized alteration or destruction, and using malicious code. |
• Law enforcement and the courts have a hard time with computer crimes
because of the newness of the types of crimes, the complexity involved, jurisdictional issues, and evidence collection. New laws are being written to properly deal with cybercrime. |
|
|
• If a company does not practice due care in its efforts to protect itself from
computer crime, it can be found to be negligent and legally liable for damages. |
• Elements of negligence include not fulfilling a legally recognized obligation,
failure to conform to a standard of care that results in injury or damage, and proximate causation. |
|
|
• Most computer crimes are not reported because the victims are not aware
of the crime or are too embarrassed to let anyone else know. |
• Theft is no longer restricted to physical constraints. Assets are now also viewed
as intangible objects that can also be stolen or disclosed via technological means. |
|
|
• The primary reason for the chain of custody of evidence is to ensure that it
will be admissible in court by showing it was properly controlled and handled before being presented in court. |
• Companies should develop their own incident response team, which is made
up of people from management, IT, legal, human resources, public relations, security, and other key areas of the organization. |
|
|
• Hearsay evidence is secondhand and usually not admissible in court.
|
• To be admissible in court, business records have to be made and collected
in the normal course of business, not specially generated for a case in court. Business records can easily be hearsay if there is no firsthand proof of their accuracy and reliability. |
|
|
• The life cycle of evidence includes the identification and collection of the
evidence, and its storage, preservation, transportation, presentation in court, and return to the owner. |
• Collection of computer evidence is a very complex and detail-oriented task.
Only skilled people should attempt it; otherwise, evidence can be ruined forever. |
|
|
• When looking for suspects, it is important to consider the motive,opportunity, and means (MOM).
|
• For evidence to be admissible in court, it needs to be relevant, sufficient, and
reliable. |
|
|
• Evidence must be legally permissible, meaning it was seized legally and the
chain of custody was not broken. |
• In many jurisdictions, law enforcement agencies must obtain a warrant to
search and seize an individual’s property, as stated in the Fourth Amendment. Private citizens are not required to protect the Fourth Amendment rights of others unless acting as a police agent. |
|
|
• Enticement is the act of luring an intruder and is legal. Entrapment induces a
crime, tricks a person, and is illegal. |
• The salami attack is executed by carrying out smaller crimes with the hope
that the larger crime will not be noticed. The common salami attack is the act of skimming off a small amount of money. |
|
|
• After a computer system is seized, the investigators should make a bit mirror
image copy of the storage media before doing anything else. |
• After a computer system is seized, the investigators should make a bit mirror
image copy of the storage media before doing anything else. |
