Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
36 Cards in this Set
- Front
- Back
What is Safe Harbor?
|
Outlines how an entity that is going to move privacy data to and from Europe must go about protecting it
|
|
What is The Organisation for Economic Co-operation and Development (OECD)
|
An international org that helps different governments come together to tackle the economic, social and governance challenges of a global economy.
Provides for data collection, specifications, safeguards |
|
What is Criminal Law?
|
The victim is society
Purpose of prosecution is punishment (not reformation or deterrent thought it does have a deterrent effect) Burdon of proof - beyond reasonable doubt |
|
What is Civil (Tort) Law?
|
Damage loss to business or individual
No incarceration. Punishment is financial |
|
What is Common Law?
|
Developed in England
Based on previous interpretations of laws Broken down into Criminal, Civil, Administrative Responsibility on prosecution to prove beyond reasonable doubt Used in Canada, UK, Australia, US and NZ |
|
What are Administrative/regulatory laws
|
Deals with regulatory standards. Government agencies create these standards
|
|
What is Customary Law?
|
Deals mainly with personal conduct and patterns of behavior
Based on traditions and customs of region |
|
What is a Trade Secret?
|
Protects certain types of information or resources from unauthorized use or disclosure
Resource is trade secret if it provides company with a competitive edge Examples could include source code for a program Must take due care with your TS or it may not hold up in court |
|
Where do different countries stand on Trade Secret?
|
Japan is the only Pacific Rim nation who provides trade secret protection
Latin America: Only Mexico protects trade secrets |
|
What is Copyright
|
Protects rights of an author to control public distribution, reproduction, display or adaptation of an original work
Any form of expression (even email) is by default copyrighted Does not cover the particular resource as trade secret does. Covers the expression of an idea of the resources Programmers source code is copyright Computer programs and manuals protected as literary works |
|
Where do other countries stand on Copyright?
|
Japan has copyright laws.Both source code and objects are all copyrightable
Latin America - Only Mexico has copyright protections |
|
What is Trademark?
|
Used to protect a word, name, symbol, sound, shape, color, or combination
Good-will or marketing Filed with government |
|
Where do other countries stand on Trademark?
|
Japan ?
Europe does protect trademarks Brazil and Argentina have no protection. Mexco generally protects trademarks |
|
What is Patent?
|
Legal ownership of an invention. Invention must be novel, useful and not obvious
Protected for 20 years of date of filing Compiled source code File in different countries |
|
Where do other countries stand on Patent?
|
Pacific Rim countries do not have Patent laws
Europe "might" protect under patent law Argentina does not have Patent protection Brazil, hardware is protected, but software is not |
|
What is Due Care?
|
Company does all it reasonably can do under the circumstances and takes reasonable steps. Common sense
Minimum Level of protection |
|
What is Due Diligence?
|
Company properly investigated all of its possible weaknesses and vulnerabilities. What are you protecting yourself against
Investigate threats and vulnerabilities Doing Due Care |
|
What is Defamation?
|
Libel due to inaccuracy of data
Unauthorized released of confidential information Alteration of visual images Opinion is not defamation "I think Joe's feet stink" If you are saying something that can be proven inaccurate AND intended to cause harm |
|
What is an event?
|
Negative occurrence that can be observed, verified and documented
|
|
What is an incident?
|
Series of events that negatively affects the company
|
|
What are the 6 steps of Incident Handling?
|
1. Preparation - critical
2. Identification 3. Containment 4. Eradication 5. Recovery 6. Lessons Learned (or called follow up) |
|
What is Direct Evidence?
|
Can prove a fact by itself
Witness testimony (not best evidence, but doesn't need to be backed up) |
|
What is Real Evidence?
|
Tangible objects, physial evidence
|
|
What is Documentary Evidence?
|
Printed business records
|
|
What is Demonstrative Evidence?
|
Used to aid the jury
|
|
What is Best Evidence Rule?
|
May not use some evidence directly if you need to limit potential for alteration
|
|
What is Hearsay Rule?
|
Rule 803 of Federal Rules of Evidence
Business docs created at the time by person with knowledge part of regular business routinely kept supported by testimony (for example, you have to routinely review log files) |
|
What is Blue Boxing?
|
A device that simulates a tone that tricks the telephone company’s system into thinking the user is authorized for long distance service, which enables him to make the call.
|
|
What is Red Boxes?
|
Simulates the sound of coins being dropped into a payphone.
|
|
What is Black boxes?
|
Manipulates the line voltage to receive a toll-free call.
|
|
What is Statutory Law
|
Enacted by Congress
|
|
What is a business attack?
|
Concern information loss through competitive intelligence gathering and computer-related attacks. These attacks can be very costly due the loss of trade secrets and reputation. Intelligence attacks are aimed at sensitive military and law enforcement files containing military data and investigation reports. Financial attacks are concerned with frauds to banks and large corporations whereas grudge attacks are targeted at individuals and companies who have done something that the attacker doesn't like.
|
|
Describe the The Federal Sentencing Guidelines of 1991.
|
In 1991, U.S. Federal Sentencing Guidelines were developed to provide judges with courses of action in dealing with white collar crimes. These guidelines provided ways that companies and law enforcement should prevent, detect and report computer crimes. It also outlined how senior management are responsible for the computer and information security decisions that they make and what actually took place within their organizations.
|
|
What is Exigent Circumstance Doctrine?
|
an exception to the search warrant requirement that allows an officer to conduct a search without having the warrant in-hand if probable cause is present and destruction of the evidence is deemed imminent
|
|
What is the US Computer Fraud and Abuse Act?
|
Trafficking in computer passwords or information that causes a loss of $1,000 or more or could impair medical treatment.
|
|
What is Downstream liability?
|
Effect that a company may have toward a partner organization.
|