CISSP - Legal and Regulation - PRACTICE
Home > Preview
The flashcards below were created by user
on FreezingBlue Flashcards.
simulating a frequency tone, which allowed attackers to gain free long distance phone service.
Evidence life cycle
- Collection and identification
- Storage, preservation, and transportation
- Presentation in court
- Return to victim or Owner
SPA & BSA
- Software protection Association and Business Software Association
- were formed to protect software vendors and their licenses against piracy
Kennedy- Kassebaum act
- same as Hippa?
Code of ethics - ISC2
- code of ethics
Computer fraud and abuse act
- 1. use federal computer in fraudulent activity
- 2. damaging federal computer
- 3. trafficking of passwords that affect commerce, or allows unauthorized access to government systems
- it can be proven that the company was actually at fault and responsible for negative activity
- personell attack
data diddling, wire taping - what type of attack?
- operations attack
dumpster diving - what kind of attack?
- physical security attack
Internet ARchitecture Board (IAB)
- is an independant committe comprised of a wide variety of
- The board is divided into 2 groups
- (IETF) Internet Engineering tAsk force and
- IRTF (Internet Reasearch Task force)
Supports the belief that the Internet is a privilege and should be treated with respect
- criminal, civil, and administrative (regulatory) law.
- Enticement - legal - creating honeypot to attract attackers
- Entrapment - illegal - tricking a would-be attacker into committing a crime
- can obtain evidence without warrent - trying to destroy evidence
Wiretaping - what act?
- Electronic Communications Privacy Act - 1986
Federal Sentancing Guidelines
- addressing white collar crimes related to technology,
- responsibilities of senior executives,
- maximum fines of 290 million per instance,
- fines can be avoided if company can prove due diligence and due care ... company-wide security policies
Laws to prosecute computer crimes
- embezzlement, fraud and wire tapping
- passive attack - not doing anything, but still illegal
- attacks on information infrastructure
- evidence created during the course of trial
Home > Flashcards > Print Preview