Shared Flashcard Set

Details

CISSP: Legal, Regulations, Investigations, and Compliance
CISSP
48
Computer Science
Professional
09/06/2012

Additional Computer Science Flashcards

 


 

Cards

Term
What are the three categories of traditional crime?
Definition
Violent crime, Property crime, and Public Order crime
Term
___________ crime is harder to detect, increasingly sophisticated, and can involve tangible as well as intangible assets.
Definition
Computer
Term
What are the three primary motives for criminal behavior?
Definition
Ego, Personal Gain, and Finance
Term
What do patents protect?
Definition
Novel, useful, and non-obvious inventions
Term
What is the strongest form of Intellectual property protection?
Definition
Patents
Term
What do trademarks protect?
Definition
The good will associated with a product
Term
What do copyrights protect?
Definition
The Expression of ideas
Term
When is a copyright assumed?
Definition
When it is fixed in a tangible form
Term
How long are trade secrets good for?
Definition
As long as the company can keep them a secret
Term
What is the name of the agreement that governs the export of encryption systems?
Definition
Wassenaar Agreement
Term
___________ can be defined as acting without care
Definition
Negligence
Term
Setting policy is considered _________
Definition
Due Care
Term
Enforcing policy is considered __________
Definition
Due Diligence
Term
In order to monitor employee traffic in a legal fashion internationally, what three conditions must be met?
Definition
Inform those who are being monitored, Monitor fairly and consistently, and and only monitor work related activities
Term
What does personally Identifiable Information cover?
Definition
Information that identifies, can be used to contact or locate the person to which it pertains
Term
What restricts a company's ability to monitor employees?
Definition
Reasonable Expectation of Privacy
Term
______________ is about proactively preparing for, and reactively responding to, an incident
Definition
Incident Management
Term
__________ is any event that has the potential to negatively impact the business or its assets
Definition
Incident
Term
What are the four steps of Incident Response?
Definition
1. Detecting a problem
2. Determining cause
3. Minimizing damage
4. Resolving the problem
Term
What are the three main elements of Incident Response?
Definition
Detection, Triage, and Response
Term
What is the first step in establishing a foundation for Incident Response?
Definition
Policy
Term
What are the four stages in the Incident Response and Handling Process?
Definition
Triage, Investigation, Containment, and Analysis and Tracking
Term
What are the three steps in the triage process?
Definition
Detection, Classification, and Notification
Term
What are the four parts of the investigative process?
Definition
Identify Suspects, Identify Witnesses, Identify System, and Identify Team
Term
What is Ownership and Possession Analysis?
Definition
Identifying who Created, Modified, or Accessed data
Term
What does MOM stand for?
Definition
Means Opportunity and Motive
Term
What is the difference between Interviewing and Interrogation?
Definition
Interviewing is open ended questioning and is not adversarial and Interrogation is adversarial and uses closed ended questioning
Term
What are the two possible outcomes of public disclosure of a security incident?
Definition
Compound the negative impact and provide an opportunity to regain the public trust
Term
The idea that a criminal will bring something to the crime scene and leave with something is known as ___________
Definition
Locard's Principle of Exchange
Term
In what order should you collect digital evidence?
Definition
By order of volatility
Term
A statement made to a witness where the witness cannot personally attest to its accuracy is known as __________.
Definition
Hearsay
Term
Computer forensics is made up of procedures and protocols which are ________, ________, ________ and __________.
Definition
Methodical, Repeatable, Defensible, and Auditable
Term
______________ is the disciplined and detailed process of searching a drive for information.
Definition
Media Analysis
Term
___________ is meant to enhance corporate governance through measures that will strengthen internal checks and balances and, ultimately, strengthen corporate accountability.
Definition
Sarbanes-Oxley (SOX)
Term
___________ is designed to protect the privacy of consumer information held by financial institutions.
Definition
Gramm-Leach-Bliley Act (GLBA)
Term
The ___________ sets out the classification levels and access controls for each piece of sensitive information.
Definition
Information Owner
Term
The ____________ is responsible for ensuring personnel in his or her area are complying with policy.
Definition
Local Manager
Term
The ___________ provides verification of risks and the compliance environment as a third-party obeserver.
Definition
Auditor
Term
What is an audit?
Definition
A formal, written examination of one or more crucial components of the organization
Term
___________ are metrics or quantifiable measurements
Definition
Key Performance Indicators
Term
What is the role of the auditor?
Definition
Comparing the stated policies with the actual controls in place
Term
Compliance should be in accordance with _________, _________, and _________.
Definition
Guidelines, specifications, and legislation
Term
Who is the person with the greatest single responsibility for compliance?
Definition
The Information Owner
Term
What are the three categories of computer forensics?
Definition
Media, Network Traffic, and Software
Term
What must be answered as it relates to the chain of custody?
Definition
Who, what, when, where, and how
Term
Why is it important to have two copies of investigated media?
Definition
To have a control copy in the event that the working copy is damaged
Term
___________ is free for use but the author still retains the copyright.
Definition
Freeware
Term
What is the most important guideline to provide to incident investigators?
Definition
Do not exceed your knowledge or capabilities
Supporting users have an ad free experience!