Professional Documents
Culture Documents
360
LEGAL, REGULATIONS, INVESTIGATIONS A
ND COMPLIANCE
APT
A.
A.1
A.2
A.3
A.4
A.5
B.
B.1 (ISC)
B.2
C.
C.1
C.2
C.3
C.4
D.
D.1
D.2
D.3
D.4
E.
E.1
E.2
E.3
F.
Computer
Specific or Targeted Crime Direct At
Computer is Incidental
Customer List
Insiders
Salami
Data diddling
Excessive privileges
Dumpster diving
Emanations capturing
Wiretapping/Eavesdropping
Social engineering
Trick
Masquerading
Motivations
Internal Condition
Excitement Challenge
External Conditions
Opportunities
Vulnerabilities
Weaknesses
Means
Capabilities
414 club 80
60
Cuckoos egg Cliff Stoll
KGB
. Kevin Mitnick
FBI Most Wanted
Criminal
Customs
and Traditions
Codified
Intellectual Proper
ty
Trade secret
Copyright
Trademark
Patent
Trade secret
Reasonable
Formula
Cryptographic Algorithm
Copyright
Distribution Reproduction
Display Adaptation
Right
Expression
Writings
Drawings
Source Code
Object Code
User Interface
Trademark
Word Name
Symbol Shape
Sound Color
Notice
Register
Patent
Legal Ownership
Novelty
Utility Nonobviousness
20
Fee
Sarbanes-Oxley SOX
404
HIPAA
Gramm-Leach-Bliley
Basel II
PCI DSS
Privacy
Left Alone
Determine
What Personal Information Can Be Communicated And To
Whom
Data Controller
Legal
Dure Process
Unreasonable Intrusion
Data Subject
Incident Definition
Security Policies
Acceptable Use Policies Standard
Security Practice Threat
Categories
Denial of service
Malicious code
Unauthorized access
Inappropriate usage
Social Engineering
Contain Repair
Response
Handle Recovery
Future Damage
Risk
Assessment
Internal Communications
Preparedness
CERT
Policy
Procedure Guideline
Business Partners
Contractors
Centralized
Alternate
Anonymous
Incident Response Team
Triage Definition and
Category Prioritization
Procedures
Response Escalation
Process
/ / containment/eradication/recovery
post-incident activity
indication precursor
IDS
Predefined
Category Contain
Evidence Collect
Preserve Document
Chain of Custodian Admissible
Validate
Attackers IP Address
Incident Databases Possible
Attackers Communication Channels
Eradicate
Recovery
Lesson Learned
post-mortem analysis
Performance
Sanction
Prosecution Job
Sanctions
Computer Forensics
Image
Notebook
Containers
Camera
Evidence identification tags
Mark
Direct Evidence
Oral Testimony
Real Evidence
Physical Evidence
Documentary Evidence
Jury
Demonstrative Evidence
/ Best evidence/primary
evidence ,
Secondary evidence
Direct evidence
Presumptions Inference
Circumstantial evidence
Intermediate
Conclusive evidence
Incontrovertible
Corroborative evidence
Supplementary Strengthen
Confirm
Opinion evidence
Hearsay evidence
Hearsay
Relevancy Material
Reliability Trustworthy
Custodian
Legally
Search Seizure
Warrant Subpoena
Identification
Preservation
Document
Accountability
Contaminate
Tamper
Obtain
Secure
Control Possession
Ethics Value
Good Bad Right
Wrong
Behaviors
User Groups
Ethical Responsibilities
Data Users /
Owner/Subject Confidentiality
System Users
System Owner Availability
Software Integrity
System Manager
Users Integrity
Integrity
Users Other Users
Availability
Cheat
Law-Abiding Fallacy
Malicious Code
Shatterproof Fallacy
Candy-From-A-Baby Fallacy
Hackers Fallacy
Motive
ISC2
ISC2
Social Responsibilities
Trust and Confidence Prudent
Public Infrastructure Unsafe Practi
ce
Personal Integrity Honesty Fair
Conflict of Interest Public Security
Employer Objective
Cautious Unnecessary Alarm
Commandments of Computer
Ethics Computer
Ethics Institute
Harm
Steal
Bear False Witness
Piracy Software
Social consequences
RFC 1087
Internet Activities
Board IAB Ethics
and the Internet RFC 1087
Unauthorized Access
Deny Misuse
Disrupt
Waste Resource
Integrity
Privacy
An animal protection gr
oup launches a denial-s
ervice attack on the NR
A, which results in their
Web store being disable
d for 48 hours. What cat
egory of attack is this?
Terrorist
Grudge
Military
Fun
NRA
48
There are three basic
types of Digital Foren
sic Science(DFS). Wh
ich is referred to as c
omputer forensics?
Media analysis
Software analysis
Hardware analysis
Network analysis
DFS
Revenge and attentio
n are common______
___ for computer crim
inals
Means
Motives
Mechanisms
Mindsets
_________
A coffee company has
created a new and uni
hey pursue?
Trademark
Patent
Copyright
NDA
NDA
Trafficking computer passw
ords on government syste
ms or in situations that affe
ct interstate or foreign com
merce is a crime defined a
s part of what doctrine?
The U.S. Computer fraud an
d Abuse Act
The U.S. Federal Privacy Act
of 1974
The Computer Security Act o
f 1987
HIPAA
1974
1987
HIPAA