Term
| 1sr Computer Ethics Institute Commandment |
|
Definition
| Not use a computer to harm other people. |
|
|
Term
| Internet Architecture Board (IAB) |
|
Definition
| Coordinating committee for Internet design, engineering, and management. Has two principal subsidiary task forces: the Internet Engineering Task Force (IETF) and the Internet Research Task Force (IRFT). |
|
|
Term
| IAB unethical and unacceptable behavior |
|
Definition
• Purposely seeking to gain unauthorized access to Internet resources
• Disrupting the intended use of the Internet
• Wasting resources (people, capacity, and computers) through purposeful actions
• Destroying the integrity of computer-based information
• Compromising the privacy of others
• Conducting Internet-wide experiments in a negligent manner |
|
|
Term
|
Definition
| Accesses a computer system by circumventing its security system |
|
|
Term
|
Definition
| Attacker commits several small crimes with the hope that the overall larger crime will go unnoticed. |
|
|
Term
|
Definition
| Breaks into a computer system, often on a network for profit, maliciously entent, or for some altruistic purpose or cause. |
|
|
Term
|
Definition
| Hackers who do not necessarily have the skill to carry out specific attacks without the tools that are provided for them on the Internet and through friends. |
|
|
Term
|
Definition
| Occurs when a user has more computer rights, permissions, and privileges than what is required for the tasks she needs to fulfil. |
|
|
Term
|
Definition
| Sniffing network traffic with the hope of capturing passwords being sent between computers. |
|
|
Term
|
Definition
| Creation of Internet Protocol (IP) packets with a forged source IP address with the purpose of concealing the identity of the sender or impersonating another computing system. |
|
|
Term
|
Definition
| Rummaging through a company’s or individual’s garbage for discarded documents, information, and other precious items that could then be used in an attack against that person or company. |
|
|
Term
|
Definition
| Non-intrusive, as in eavesdropping or wiretapping |
|
|
Term
|
Definition
| Intrusive, as in DoS (Denial of Service) or penetration attacks |
|
|
Term
|
Definition
| Art of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques. |
|
|
Term
|
Definition
| Book describing how Clifford Stolltracked tracked an intruder that had been breaking into U.S. military systems |
|
|
Term
| Consider a martyr to Hackers |
|
Definition
|
|
Term
|
Definition
| A group of German hackers committed to freedom of information across borders. Cloned information from European ATM cards and defraud financial institutions and used a web-based Trojan horse to siphon money from bank accounts. |
|
|
Term
|
Definition
| Group of hackers that has come up with many different hacking tools. |
|
|
Term
|
Definition
| Virus cost companies billions of dollars, and the responsible person did not get fined a dollar or spend any time in jail because there was no specific law in the Philippines indicating that these actions were illegal. |
|
|
Term
|
Definition
| A company did all that it could have reasonably done, under the circumstances, to prevent security breaches, and also took reasonable steps to ensure that if a security breach did take place, proper controls or countermeasures were in place to mitigate the damages. |
|
|
Term
|
Definition
| Company properly investigated all of its possible weaknesses and vulnerabilities. |
|
|
Term
|
Definition
| Requires management members to perform duties that prudent and responsible people would exercise in similar circumstances. |
|
|
Term
|
Definition
| Deals with wrongs against individuals or companies that result in damages or loss. |
|
|
Term
|
Definition
| Deals with wrongs against individuals or companies that result in damages or loss. |
|
|
Term
|
Definition
| Used when an individual’s conduct violates the government laws, which have been developed to protect the public. |
|
|
Term
| Administrative/regulatory law |
|
Definition
| Deals with regulatory standards that regulate performance and conduct. |
|
|
Term
|
Definition
| Made up of criminal, civil (tort), and administrative laws |
|
|
Term
|
Definition
| Addresses mainly personal conduct, and uses regional traditions and customs as the foundations of the laws |
|
|
Term
|
Definition
| Something that is proprietary to a company and important for its survival and profitability. |
|
|
Term
|
Definition
| Used to protect an author’s writings, an artist’s drawings, a programmer’s source code, or specific rhythms and structures of a musician’s creation. |
|
|
Term
|
Definition
| Protects a word, name, symbol, sound, shape, color, or combination of these |
|
|
Term
|
Definition
| A grant of legal ownership of, that excludes others from using or copying, the invention. |
|
|
Term
|
Definition
| When the intellectual or creative work of an author is used or duplicated without permission or compensation to the author. |
|
|
Term
| Software Protection Association (SPA) |
|
Definition
| Formed by major companies to enforce proprietary rights of software. |
|
|
Term
| Federation Against Software Theft (FAST) |
|
Definition
| HQ in London, international groups that have formed into a group to protect against software piracy. |
|
|
Term
| Business Software Alliance (BSA) |
|
Definition
| HQ in Washington, D.C., international groups that have formed into a group to protect against software piracy. |
|
|
Term
| Digital Millennium Copyright Act (DMCA) |
|
Definition
| Makes it illegal to create products that circumvent copyright protection mechanisms. |
|
|
Term
| Chain of custody of evidence |
|
Definition
| Dictates that all evidence be labeled with information indicating who secured and validated it. |
|
|
Term
|
Definition
| A history that shows how evidence was collected, analyzed, transported, and preserved in order to be presented as evidence in court. |
|
|
Term
|
Definition
| Evidence is secondhand evidence. |
|
|
Term
|
Definition
• Collection and identification
• Storage, preservation, and transportation
• Presentation in court
• Return to the victim or owner |
|
|
Term
|
Definition
| Must have a reasonable and sensible relationship to the findings |
|
|
Term
|
Definition
| Must be consistent with fact |
|
|
Term
|
Definition
| Must be persuasive enough to convince a reasonable person of the validity of the evidence. This means that the evidence cannot be subject to personal interpretation. Sufficient evidence also means that it cannot be easily doubted. |
|
|
Term
|
Definition
| Pertains to oral or written evidence presented in court that is secondhand and that has no firsthand proof of accuracy or reliability. |
|
|
Term
|
Definition
| When a witness testifies, they must testify to only the facts of the issue and not their opinion of the facts. |
|
|
Term
|
Definition
| Supporting evidence used to help prove an idea or point. It cannot stand on its own, but is used as a supplementary tool to help prove a primary piece of evidence. |
|
|
Term
|
Definition
| Prove an intermediate fact that can then be used to deduce or assume the existence of another fact. |
|
|
Term
|
Definition
| Irrefutable and cannot be contradicted. Is very strong all by itself and does not require corroboration. |
|
|
Term
|
Definition
| Can prove a fact all by itself and does not need backup information to refer to. |
|
|
Term
|
Definition
| Not viewed as reliable and strong in proving innocence or guilt (or liability in civil cases). Oral evidence, such as a witness’s testimony, and copies of original documents are examples. |
|
|
Term
|
Definition
| Primary evidence used in a trial because it provides the most reliability. An example of something that would be categorized as best evidence is an original signed contract. |
|
|
Term
|
Definition
| Law enforcement may quickly seize evidence to prevent its destruction. |
|
|
Term
| Federal Privacy Act of 1974 |
|
Definition
| Protect the U.S. citizens’ sensitive information that is collected by government agencies. |
|
|
Term
| Health Insurance Portability and Accountability Act (HIPPA) |
|
Definition
| Provide national standards and procedures for the storage, use, and transmission of personal medical information and health care data. |
|
|
Term
| Gramm-Leach-Bliley Act of 1999 |
|
Definition
| Requires financial institutions to develop privacy notices and give their customers the option to prohibit banks from sharing their information with nonaffiliated third parties. |
|
|
Term
| Computer Fraud and Abuse Act 1986, amended in 1996 |
|
Definition
| Antihacking statute, prohibits seven forms of activity and makes them federal crimes. |
|
|
Term
| 1st European Union Principle on Privacy |
|
Definition
| The reason for gathering of data must be specified at the time of collection. This helps reduce the possible misuse of data and forces the individual to justify the reason for gathering the information. |
|
|
Term
| Computer Security Act of 1987 |
|
Definition
| Requires U.S. federal agencies to identify computer systems that will contain sensitive information. |
|
|
Term
| Security and Freedom Through Encryption Act 1977 |
|
Definition
| Guarantees the right of all U.S. citizens and residents to be able to use and sell encryption products and technology |
|
|
Term
| Economic Espionage Act of 1996 |
|
Definition
| Provides the necessary structure when dealing with these types of cases and further defines trade secrets to be technical, business, engineering, scientific, or financial. |
|
|
Term
|
Definition
| A passive attack that eavesdrops on communications. It is only legal with prior consent or a warrant. |
|
|
Term
|
Definition
| Used to inform users of what could happen if they do not follow the rules pertaining to using company resources. This provides legal protection for the company. |
|
|
Term
| 3 main types of harm addressed in computer crime laws |
|
Definition
- unauthorized intrusion
- unauthorized alteration
- destruction using malicious code |
|
|
Term
| When looking for suspects, it is important to consider |
|
Definition
| Motive, opportunity, and means (MOM) |
|
|
Term
| 2nd European Union Principle on Privacy |
|
Definition
| Data cannot be used for other purposes. The data can only be used for the original reason it was gathered. |
|
|
Term
| 3rd European Union Principle on Privacy |
|
Definition
| Unnecessary data should not be collected. Only information that is required to meet the stated purpose should be gathered and no more. |
|
|
Term
| 4th European Union Principle on Privacy |
|
Definition
| Data should only be kept for as long as it is needed to accomplish the stated task. This helps to ensure that the data is current and prevents indefinite archiving of data. |
|
|
Term
| 5th European Union Principle on Privacy |
|
Definition
| Only the necessary individuals who are required to accomplish the stated task should be allowed access to the data. This helps prevent the selling of private data to others. |
|
|
Term
| 6th European Union Principle on Privacy |
|
Definition
| Whoever is responsible for securely storing the data should not allow unintentional “leaking” of data. This helps enforce strong security for those who are responsible for storing private information. |
|
|
Term
| 2nd Computer Ethics Institute Commandment |
|
Definition
| Not interfere with other people’s computer work. |
|
|
Term
| 3rd Computer Ethics Institute Commandment |
|
Definition
| Not snoop around in other people’s computer files. |
|
|
Term
| 4th Computer Ethics Institute Commandment |
|
Definition
| Not use a computer to steal. |
|
|
Term
| 5th Computer Ethics Institute Commandment |
|
Definition
| Not use a computer to bear false witness. |
|
|
Term
| 6th Computer Ethics Institute Commandment |
|
Definition
| Not copy or use proprietary software for which you have not paid. |
|
|
Term
| 7th Computer Ethics Institute Commandment |
|
Definition
| Not use other people’s computer resources without authorization or proper compensation. |
|
|
Term
| 8th Computer Ethics Institute Commandment |
|
Definition
| Not appropriate other people’s intellectual output. |
|
|
Term
| 9th Computer Ethics Institute Commandment |
|
Definition
| Think about the social consequences of the program you are writing or the system you are designing. |
|
|
Term
| 10th Computer Ethics Institute Commandment |
|
Definition
| Always use a computer in ways that ensure consideration and respect for your fellow humans. |
|
|
