Shared Flashcard Set

Details

Domain 9 - ISC2
CISSP - Law, Investigation and Ethics
75
Computer Science
Professional
08/01/2011

Additional Computer Science Flashcards

 


 

Cards

Term
Many computer crimes go unreported
Definition
Because it is difficult to estimate
Term
Categories of Crhimes
Definition
-Crimes against the computer
-Crimes using a computer
Term
Denial of Service (DoS)
Definition
Hogging system resources to point of degraded service
Term
Network Intrusions
Definition
Unauthorized penetrations
Term
Emanation Eavesdropping
Definition
Interception of computer terminal images through use of Radio Frequency (RF) Signals. U.S. Government developed Tempest to defeat this by shielding RF.
Term
Social Engineering
Definition
Using social skills to gain information
Term
Fraud
Definition
Using computer to perpetuate crimes, i.e. auctions of non-existent merchandise
Term
Software Piracy
Definition
Illegal copying
Term
Dumpster Diving
Definition
Going through garbage to find paper trails
Term
Malicious Code
Definition
Viruses and Trojan Horses
Term
Spoofing of IP Addresses
Definition
Inserting false IP to disguise original location
Term
Masquerading
Definition
Pretending to be someone else
Term
Embezzlement
Definition
Illegally acquiring funds
Term
Data-Diddling
Definition
Modification of data
Term
Criminal Law
Definition
Violates government laws for the protection of the people. Financial penalties and imprisonment
Term
Civil Law
Definition
Wrong inflicted upon an individual or organization results in damage or loss, no prison
Term
Administrative Law
Definition
Standards of performance and conduct, financial penalties and imprisonment
Term
Patent
Definition
Provides owner legally enforceable right to exclude others for specified time (U.S. 17 years)
Term
Copyright
Definition
Protects original works of authorship, can be used for software and databases
Term
Trade Secret
Definition
Secures confidentiality of proprietary technical and business related information
Term
Trademark
Definition
Establishes word, name, symbol, color or sounds used to identify and distinguish goods
Term
US Computer Fraud and Abuse Act
Definition
Addresses fraud using government omputers can be found at 18 U.S.C. § 1030 (1986)
Term
Title 18 of the 1992 Edition of the U.S.C.
Definition
Contains Crimes and Criminal Procedures. Many computer crimes are prosecuted under this title.
Term
Electronic Monitoring
Definition
Keystroke monitoring, e-mail monitoring, surveillance cameras, badges and magnetic card keys all allow monitoring of individuals.
Term
E-mail monitoring
Definition
-Inform users that all e-mail is being monitored by displaying log-on banner
-Banner should state: logging on to system consents user to being monitored. Unauthorized access is prohibited. Subject to prosecution.
-Ensure monitoring is uniformly applied
-Explain acceptable use
-Explain who can read e-mail and how long it is backed up
-No guarantee of privacy
Term
Enticement
Definition
Occurs after individual has gained unlawful access to a system, then lured to an attractive area “honey pot” in order to provide time to identify the individual
Term
Entrapment
Definition
Encourages the commitment of a crime that the individual had no intention of committing
Term
computer forensics
Definition
Collecting information from and about computer systems that is admissible in a court of law.
Term
Chain of Command components
Definition
-Location of evidence
-Time evidence obtained
-Identification of individual who discovered evidence
-Identification of individual who obtained evidence
-Identification of individual who controlled/maintained possession of evidence
Term
Evidence Life Cycle
Definition
-Discovery and recognition
-Protection
-Recording
-Collection
-Identification (tagging and marking)
-Preservation
-Transportation
-Presentation in court
-Return to evidence owner
Term
Relevant
Definition
Must be related to the crime, shows crime has been committed
Term
Legally Permissible
Definition
Obtained in lawful manner
Term
Reliable
Definition
Not been tampered or modified
Term
Properly Identified
Definition
Identified without changing or damaging evidence
Term
Preservation
Definition
Not subject to damage or destruction
Term
Best Evidence
Definition
Original or primary evidence rather than a copy
Term
Secondary evidence
Definition
A copy of evidence, or description of contents
Term
Direct Evidence
Definition
Proves or disproves a specific act based on witness testimony using five senses
Term
Conclusive Evidence
Definition
Incontrovertible, overrides all evidence
Term
Expert Opinion
Definition
May offer opinion based on expertise and facts
Term
Non-expert Opinion
Definition
May testify only to the facts
Term
Circumstantial
Definition
Inference on other information
Term
Hearsay
Definition
Not based on first hand knowledge, not admissible in court, often computer generated reports fall under this rule.
Term
Corporate investigation should include
Definition
-Management
-Corporate security
-Human Resources
-Legal department
-other appropriate staff
Term
MOM
Definition
Motive/Opportunity/Means
Term
1991 US Federal Sentencing Guidelines
Definition
-Unauthorized possession without the intent to profit is a crime
-Address both individuals and organizations
-Degree of punishment corresponds to level of due diligence
-Invoke “prudent man” rule due care of Senior Officials – Civil Law
-Place responsibility on Senior Management for prevention and detection programs up to $290 Million
Term
Due Care
Definition
Means to prevent computer resources from being used as a source of attack on another organization
Term
Downstream liabilities
Definition
Steps that are taken to show that a company has taken responsibility for the activities that take place within the corporation and have taken the necessary steps to help protect the company, its resources and employees.
Term
Due Diligence
Definition
Continual activities that make sure the protection mechanisms are continually maintained and operational.
Term
Prudent man rule
Definition
To perform duties that prudent people would exercise in similar circumstances.
Term
Ethics
Definition
Certified professionals are morally and legally held to a higher standard.
Should be included in organizational computing policy
Term
ISC2 Code of Ethics
Definition
1.Conduct themselves with highest standards of ethical, moral and legal behavior
2.Not commit any unlawful or unethical act that may impact the reputation of the profession
3.Appropriately report unlawful behavior
4.Support efforts to promote prudent information security measures
5.Provide competent service to their employers and clients; avoid conflicts of interest
6.Execute responsibilities with highest standards
7.Not misuse information in which they come into contact with during their duties
Term
Computer Ethics Institute Top Ten
Definition
1.Not use a computer to harm others
2.Interfere with other’s computer work
3.Snoop around other files
4.Use a computer to steal
5.Use a computer to bear false witness
6.Not copy or use proprietary software
7.Not use others computer without permission
8.Not appropriate others intellectual output
9.Think about social consequences of the programs you write
10.Ensure considerations and respect for others
Term
Internet Activities Board (IAB) Unacceptable actions
Definition
-Seeks to gain unauthorized access to resources of the Internet
-Disrupts intended use of the internet
-Wastes resources
-Compromises privacy of others
-Involves negligence in conduct of Internet Experiments
Term
Blue boxing
Definition
A device that simulates a tone that tricks the telephone company’s system into thinking the user is authorized for long distance service, which enables him to make the call.
Term
Red boxes
Definition
Simulates the sound of coins being dropped into a payphone
Term
Black boxes
Definition
Manipulates the line voltage to receive a toll-free call.
Term
1996 National Information Infrastructure Protection Act
Definition
Amended the computer fraud and abuse act patterned after the OECD.
Term
GAASSP – Generally Accepted Systems Security Principles
Definition
-Computer security supports the business mission
-Computer security is integral to sound management
-Computer security should be cost effective
-System Owners have responsibility outside of their organization
-Computer security requires a comprehensive integrated approach
-Computer security should be periodically reassessed
-Computer security is constrained by societal factors
Term
n 1996 U.S. Kennedy-Kassenbaum Health Insurance portability and Accountability Act.
Definition
HIPAA
Term
n 1996 – US Economic and Protection of Proprietary Information Act
Definition
Industrial and corporate espionage
Term
1995 Council Directive Law on Data Protection for the European Union
Definition
Declares EU is similar to OECD
Term
1994 - Computer Abuse Amendments Act
Definition
-Changed federal interest computer to a computer used in interstate commerce or communications
-Covers viruses and worms
-Includes intentional damage as well as reckless disregard
-Limited imprisonment for unintentional damage to one year
-Provides civil action for compensatory damages
Term
1992 OECD – Guidelines to serve as Total Security Framework
Definition
Laws, policies, procedures, training
Term
1991 US Federal Sentencing Guidelines
Definition
-Unauthorized possession without the intent to profit is a crime
-Address both individuals and organizations
-Degree of punishment corresponds to level of due diligence
-Invoke “prudent man” rule due care of Senior Officials – Civil Law
-Place responsibility on Senior Management for prevention and detection programs up to $290 Million - Civil Law
Term
1990 United Kingdom Misuse Act
Definition
defines computer related crimes
Term
1987 – Computer Security Act
Definition
Requires federal government to:
-Provide security-related training
-Identify sensitive systems
-Develop security plan for sensitive systems
-Developed Sensitive But Unclassified (SBU) designation
-Split responsibility between National Institute of Standards and Technology (NIST) and National Security Agency (NSA)
*NIST – commercial and SBU
*NSA – cryptography and classified government and military applications
Term
1986 Electronic Communications Privacy Act
Definition
Prohibits eavesdropping
Term
1986 (Amended 1996) – US Computer Fraud and Abuse Act
Definition
Clarified 1984 law, Added three laws:
-use of federal interest computer to further intended fraud
-altering or destroying information on federal interest computer that causes $1,000 in loss or medical treatment
-Trafficking in computer passwords if it affects commerce or allows access to government computers
Term
1984 – US Medical Computer Crime Act
Definition
Illegal alteration of computerized medical records
Term
1980 Organization for Economic Cooperation and Development (OECD)
Definition
Data collection limitations
Term
1974 – US Privacy Act
Definition
Applies to federal agencies
Term
1973 – US Code of Fair Information Practices
Definition
Personal record keeping
Term
1970 - US Racketeer Influenced and Corrupt Organization Ace
Definition
Racketeers influencing business
Term
1970 – US Fair Credit Reporting Act
Definition
Consumer reporting agencies
Supporting users have an ad free experience!