Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
56 Cards in this Set
- Front
- Back
|
Civil Law
|
preponderance of evidence
wrong against another person or business normally results in loss or damage Liability, due care, due diligence, prudent person rule easier to convict just prove liable |
|
|
Criminal Law
|
wrongs against society (victim)
jail time, probation, financial reward purpose to punish offender |
|
|
Compensatory Damages (civil)
|
Paid for the actual damage suffered by the victim
medical costs, attorney fees |
|
|
Punitive damages (civil)
|
Designed to punish the offender
|
|
|
Statutory damages (civil)
|
amount stipulated by the law not on degree of harm
|
|
|
Criminal Law
|
Beyond reasonable doubt
jail time, death goal of criminal is punishment, deterrence, loss of freedom |
|
|
Oran's Law (1983)
|
treason is citizens action to help foreign government overthrow or make war
|
|
|
Administrative (regulatory) law
|
Standards of performance
regulates conduct for specific industries burden of proof "more likely than not" |
|
|
Intellectual Property law
|
company must take steps to protect resources or law may not protect them
licensing, plagiarism, piracy |
|
|
World Intellectual Property Organization (WPO)
|
run by the UN
handles complaints and enforcement |
|
|
Trade Secret
|
early in the process before patents
should provide competitive value property to a company and important for survival must be genuine and not obvious |
|
|
Copyright
|
Last for the lifetime of author plus 70 years
75 years for corporations does not need to be registered or published expression of ideas rather than the idea author controls distribution, reproductions, derivatives |
|
|
Trademark
|
Branding
words, symbols, sound, color shapes, color combinations company "look and feel" |
|
|
Patent
|
inventions
owner has exclusive control for 20 years strongest form of protection no organization enforces patents, has to go to court |
|
|
Software Protection Agency (SPA)
|
enforce proprietary rights of software
international: Federation Against Software Theft (FAST)-London Business Software Alliance (BSA) - D.C. |
|
|
Cybersquatting
|
buying up domain names to sell
|
|
|
Typosquatting
|
leverage typo's "GOOOGLE"
|
|
|
Dilution
|
"Kleenex"
tissues |
|
|
Business Associate
|
performs an action on behalf of the covered entity
|
|
|
Downstream Liability
|
insures organizations working together under a contract are responsible for their info security
|
|
|
WASSENAAR
|
makes it illegal to export munitions to terrorist
|
|
|
Strong encryption
|
any algorithm with key sizes over 40 bits
|
|
|
Safe Harbor
|
illegal to transmit certain types of data (different countries)
|
|
|
Data Haven
|
refuge for uninterrupted or unregulated data
weak information system enforcement and extradition laws a location with intentionally strong protections of data domains designed to secure data via technical means(encryption) |
|
|
ISC2 code of ethics canons
|
1. Protect the society, commonwealth and infrastructure
2. Act honorably, honestly, justly, responsibly 3. Provide diligent and competent service to principles 4.Advance and protect the profession |
|
|
Internet Activities Board (IAB)
|
Committee for internet design, engineering and management
Unethical: gaining unauthorized access to internet resources Comprising privacy Wasting resouces |
|
|
Computer assisted crime
|
computer used as a tool in the crime
|
|
|
Computer targeted crime
|
computer was the victim
|
|
|
Computer incidental crime
|
computer not necessary but just happened to be involved
|
|
|
Salami
|
skimming small amounts of money with the hopes of not getting noticed
|
|
|
Data diddling
|
altering data before input or after output
|
|
|
Reason for Internal investigations
|
information is controlled
time and resources BAD-limited knowledge |
|
|
consultants doing investigations
|
NDA NDA NDA
information is controlled |
|
|
fourth amendment
|
search and seizure must have probable cause
private citizen not subject to this |
|
|
Computer evidence
|
needs subpoena, search warrant, voluntary consent
EXCEPT if suspect is about to destroy |
|
|
exigent circumstances
|
can get evidence without supeona, search warrant, voluntary consent
|
|
|
Digital evidence must
|
be authentic
be accurate be complete be convincing be admissible |
|
|
Forensic investigation process (IPCEAPD)
|
Identification
Preservation - chain of custody Collection Examination Analysis Presentation Decision |
|
|
Chain of custody
|
who obtained and secured it
where and when it was obtained who had control or possession |
|
|
evidence life cycle
|
collection and id
analysis storage, preservation, transportation present in court return to owner(victim) |
|
|
Prudent Man Rule
|
perform duties that prudent people would exercise in similar circumstances
downstream liabilities connected technology can extend responsibility outside normal bounds |
|
|
Value Added Network (VAN)
|
Extranets
|
|
|
Organization under HIPAA must provide privacy notice:
|
at the time of FIRST service delivery
anytime it's requested must post a copy |
|
|
HIPAA, employers can advocate when
|
only after receiving employee's consent
|
|
|
HIPAA Gap Analysis for transactions
|
identifies and matches data content required by HIPAA
|
|
|
HIPAA Gap Analysis for privacy
|
identifies the CURRENT polices and procedures in an org regarding CONFIDENTIALITY
|
|
|
3 times ok for disclosure of patient data
|
qualified personnel for AUDIT
qualified personnel for RESEARCH medical personnel for medical emergency |
|
|
HIPAA is only ??? providers?
|
SOME
|
|
|
HIPAA enforced by
|
Office of civil rights of Dept of Health and Human services (DSS)
|
|
|
Computer Fraud and Abuse Act
|
prohibits knowingly accessing federal gov computers to obtain info without authorizaiton
|
|
|
Federal Privacy Act of 1974
|
Written permission must be obtained by gov agency to disclose private info the ageny has
|
|
|
BASEL II
|
required "minimum capital requirements"
|
|
|
Computer Security Act of 1987
|
should be security awareness training
computer security plan should developed for a network computers containing sensitive info should be identified |
|
|
1991 Federal Sentencing Guidelines
|
Deals with White Collar Crimes
|
|
|
Electronic Communications Privacy Act of 1986
|
Prohibits eavesdropping of wire, oral, and electronic communications
|
|
|
Gramm Leach Bliley Act (GLBA)
|
deals with privacy
|
