CISSP - Legal and Regulation - PRACTICE

  1. blue boxing
    simulating a frequency tone, which allowed attackers to gain free long distance phone service.
  2. Evidence life cycle
    • Collection and identification
    • Storage, preservation, and transportation
    • Presentation in court
    • Return to victim or Owner
  3. SPA & BSA
    • Software protection Association and Business Software Association
    • were formed to protect software vendors and their licenses against piracy
  4. Kennedy- Kassebaum act
    - same as Hippa?
  5. Code of ethics - ISC2
    - code of ethics
  6. Computer files
    hearsay evidence
  7. Computer fraud and abuse act
    • 1. use federal computer in fraudulent activity
    • 2. damaging federal computer
    • 3. trafficking of passwords that affect commerce, or allows unauthorized access to government systems
  8. proximate causation
    - it can be proven that the company was actually at fault and responsible for negative activity
  9. Masquerading
    - personell attack
  10. data diddling, wire taping - what type of attack?
    - operations attack
  11. dumpster diving - what kind of attack?
    - physical security attack
  12. Internet ARchitecture Board (IAB)
    • is an independant committe comprised of a wide variety of
    • professionals.

    • The board is divided into 2 groups
    • (IETF) Internet Engineering tAsk force and
    • IRTF (Internet Reasearch Task force)

    Supports the belief that the Internet is a privilege and should be treated with respect
  13. Common law
    - criminal, civil, and administrative (regulatory) law.
  14. Enticement
    • Enticement - legal - creating honeypot to attract attackers
    • Entrapment - illegal - tricking a would-be attacker into committing a crime
  15. Exigent circumstances
    - can obtain evidence without warrent - trying to destroy evidence
  16. Wiretaping - what act?
    - Electronic Communications Privacy Act - 1986
  17. Federal Sentancing Guidelines
    • addressing white collar crimes related to technology,
    • responsibilities of senior executives,
    • maximum fines of 290 million per instance,
    • fines can be avoided if company can prove due diligence and due care ... company-wide security policies
  18. Laws to prosecute computer crimes
    - embezzlement, fraud and wire tapping
  19. Wire tapping
    - passive attack - not doing anything, but still illegal
  20. Information warfare
    - attacks on information infrastructure
  21. hearsay
    - evidence created during the course of trial
Card Set
CISSP - Legal and Regulation - PRACTICE
CISSP - Legal and Regulation