Scribd Logo
Upload

Welcome to Scribd!

  • CISSP培训 9法律、规章、调查及合规

    Uploaded by

    kotz123
    144 views52 pages
    CISSP培训-2电信及网络安全

    Original Title

    CISSP培训-9法律、规章、调查及合规

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    CISSP培训-2电信及网络安全

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    144 views52 pages

    CISSP培训 9法律、规章、调查及合规

    Uploaded by

    kotz123
    CISSP培训-2电信及网络安全

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 52

    360

    360


    LEGAL, REGULATIONS, INVESTIGATIONS A
    ND COMPLIANCE

    APT


    A.
    A.1
    A.2
    A.3
    A.4
    A.5

    B.
    B.1 (ISC)
    B.2

    C.
    C.1
    C.2
    C.3
    C.4

    D.
    D.1
    D.2
    D.3
    D.4

    E.
    E.1
    E.2
    E.3

    F.

    Computer Assisted Crime


    Not Unique

    Computer
    Specific or Targeted Crime Direct At

    Computer is Incidental

    Customer List

    Investigation and Forensics

    Insiders

    Salami

    Data diddling

    Excessive privileges

    Dumpster diving

    Emanations capturing

    Wiretapping/Eavesdropping

    Social engineering
    Trick

    Masquerading

    Motivations
    Internal Condition
    Excitement Challenge
    External Conditions

    Opportunities
    Vulnerabilities
    Weaknesses

    Means
    Capabilities

    2600 group The Hacker Quarterly magazine


    Telephone Systems

    414 club 80
    60
    Cuckoos egg Cliff Stoll
    KGB
    . Kevin Mitnick
    FBI Most Wanted
    Criminal

    Chaos computer club


    1981
    Freedom of Information Cross Border

    Cult of the dead cow

    Backdoor Back Orifice


    Phone Phreakers
    Toll Fraud
    2600Hz Blue Box
    Red Box
    Black Box

    Common Law System


    Case
    Law Precedent

    Customs
    and Traditions

    Civil Law System

    Codified

    Civil law Tort


    Law
    Damage Loss
    Financial Restitution
    Criminal law
    Government Laws
    Jail Term or Probation
    Administrative law
    Regulatory Laws


    Intellectual Proper
    ty

    Trade secret
    Copyright
    Trademark
    Patent

    Trade secret

    Generally Known to the Public


    Effort

    Reasonable

    Formula

    Program Source Code

    Cryptographic Algorithm

    Copyright
    Distribution Reproduction
    Display Adaptation
    Right

    Expression

    Writings
    Drawings
    Source Code
    Object Code
    User Interface

    Trademark

    Word Name
    Symbol Shape
    Sound Color

    Notice


    Register

    Patent
    Legal Ownership

    Novelty
    Utility Nonobviousness
    20

    Fee


    Sarbanes-Oxley SOX
    404

    HIPAA

    Gramm-Leach-Bliley


    Basel II

    PCI DSS

    Privacy

    Left Alone

    Free from Unreasonable Intrusion

    Determine
    What Personal Information Can Be Communicated And To
    Whom

    Protection Against Unreasonable Intrusion

    Protection Against Lack of Due


    Process

    Data Controller

    Personall Data Data


    Subject

    Legal

    Dure Process
    Unreasonable Intrusion

    Data Subject

    Incident Definition

    Security Policies
    Acceptable Use Policies Standard
    Security Practice Threat

    Categories

    Denial of service

    Malicious code

    Unauthorized access

    Inappropriate usage

    Social Engineering

    Contain Repair


    Response
    Handle Recovery

    Future Damage

    Risk
    Assessment

    Internal Communications
    Preparedness

    CERT


    Policy
    Procedure Guideline
    Business Partners
    Contractors
    Centralized
    Alternate

    Anonymous

    Incident Response Team


    Triage Definition and
    Category Prioritization

    Procedures

    Response Escalation
    Process

    detection and analysis

    / / containment/eradication/recovery

    post-incident activity

    indication precursor
    IDS

    Predefined
    Category Contain

    Evidence Collect
    Preserve Document
    Chain of Custodian Admissible
    Validate
    Attackers IP Address
    Incident Databases Possible
    Attackers Communication Channels
    Eradicate
    Recovery

    Lesson Learned

    post-mortem analysis

    Performance

    Sanction
    Prosecution Job
    Sanctions

    Computer Forensics

    Image

    Notebook

    Containers

    Camera
    Evidence identification tags
    Mark

    Direct Evidence
    Oral Testimony

    Real Evidence
    Physical Evidence

    Documentary Evidence

    Jury
    Demonstrative Evidence

    / Best evidence/primary
    evidence ,

    Secondary evidence

    Direct evidence
    Presumptions Inference

    Circumstantial evidence
    Intermediate

    Conclusive evidence
    Incontrovertible
    Corroborative evidence

    Supplementary Strengthen
    Confirm
    Opinion evidence

    Hearsay evidence
    Hearsay

    Regular Business Routines


    Admissible

    Relevancy Material

    Reliability Trustworthy
    Custodian

    Legally

    Search Seizure
    Warrant Subpoena

    Entrapment No Previous Intent

    Enticement Ready and Willing

    Identification
    Preservation

    Chain of Evidence Custodian

    Document
    Accountability
    Contaminate
    Tamper

    Obtain

    Secure

    Control Possession


    Ethics Value
    Good Bad Right
    Wrong

    Behaviors
    User Groups
    Ethical Responsibilities

    Data Collector Data Subject


    Accuracy Privacy

    Data Custodian Data Owner


    Availability Integrity
    Confidentiality

    Data Users /
    Owner/Subject Confidentiality

    System Users
    System Owner Availability
    Software Integrity
    System Manager
    Users Integrity
    Integrity
    Users Other Users
    Availability

    Computer Game Fallacy

    Cheat

    Law-Abiding Fallacy

    Malicious Code

    Shatterproof Fallacy

    Candy-From-A-Baby Fallacy

    Hackers Fallacy

    Motive

    Free Information Fallacy

    ISC2

    Code of ethics ISC2


    CISSP
    Security Professionals
    Professional Ethics
    Laws and Regulations
    Professional Competence
    CISSP
    4

    ISC2
    Social Responsibilities
    Trust and Confidence Prudent
    Public Infrastructure Unsafe Practi
    ce
    Personal Integrity Honesty Fair
    Conflict of Interest Public Security
    Employer Objective
    Cautious Unnecessary Alarm

    Diligent and Competent Service


    Respect Trust Privileges
    Fully Competent and Qualified
    Professional Reputation Sponsor

    Commandments of Computer
    Ethics Computer
    Ethics Institute

    Harm
    Steal
    Bear False Witness
    Piracy Software
    Social consequences

    RFC 1087

    Internet Activities
    Board IAB Ethics
    and the Internet RFC 1087
    Unauthorized Access
    Deny Misuse

    Disrupt

    Waste Resource

    Integrity

    Privacy


    An animal protection gr
    oup launches a denial-s
    ervice attack on the NR
    A, which results in their
    Web store being disable
    d for 48 hours. What cat
    egory of attack is this?

    Terrorist
    Grudge
    Military
    Fun


    NRA
    48


    There are three basic
    types of Digital Foren
    sic Science(DFS). Wh
    ich is referred to as c
    omputer forensics?

    Media analysis
    Software analysis
    Hardware analysis
    Network analysis


    DFS


    Revenge and attentio
    n are common______
    ___ for computer crim
    inals

    Means
    Motives
    Mechanisms
    Mindsets


    _________


    A coffee company has
    created a new and uni

    que way to package t

    heir product. Which of

    the following should t


    hey pursue?

    Trademark
    Patent
    Copyright
    NDA



    NDA


    Trafficking computer passw
    ords on government syste
    ms or in situations that affe
    ct interstate or foreign com
    merce is a crime defined a
    s part of what doctrine?
    The U.S. Computer fraud an
    d Abuse Act
    The U.S. Federal Privacy Act
    of 1974
    The Computer Security Act o
    f 1987
    HIPAA

    1974
    1987
    HIPAA

    You might also like