Topic 11 Flashcards
Cyber law and compliance
What is the best method for preventing illegal or unethical behavior?
The best method for preventing illegal or unethical behavior is deterrence. Deterrents include laws, policy, and technical controls.
Of the professional organizations discussed in this topic, which is focused on auditing and control?
The Information Systems Audit and Control Association (ISACA) focuses on auditing and control as well as other topics often associated with InfoSec.
What is the stated purpose of the SANS organization? In what ways is it involved in professional certification for InfoSec professionals?
SANS is dedicated to the protection of information and systems by promoting GIAC certifications and requiring members to agree to its code of ethics.
What is privacy in the context of information security?
In the context of information security, privacy is an individual’s right to guard personal information from unauthorized use. It is also defined as the “state of being free from unsanctioned intrusion,” which means that information can be gathered and used only if the individual providing the information agrees to the manner in which it will be used.
What is intellectual property? Is it offered the same protection in every country?
Intellectual property is any material or words created by individuals on their own free time or at any time, depending on the policy their employers issue. Any country in the world may have its own definition of “intellectual property.” Therefore, intellectual property is difficult to protect worldwide.
What is a policy? How does it differ from a law?
A policy is a formalized description of acceptable and unacceptable employee behavior, which, when properly defined and enforced, functions the same way as laws within the organization. Unlike with law, however, ignorance is an acceptable defense, so steps must be taken to assure that policy is communicated, understood, and accepted by employees.
What is due care? Why would an organization want to make sure it exercises due care in its usual course of operations?
Due care is a company taking measures to make sure that every employee knows what is acceptable and what is not, and that every employee knows the consequences of illegal or unethical actions. In its usual course of operations, a company employs due care to protect itself against liability resulting from illegal or unethical actions by any employee.
What is digital forensics, and when is it used in a business setting?
Digital forensics involves the preservation, identification, extraction, documentation, and interpretation of computer media for evidentiary and root-cause analysis. Digital forensics is used in a business setting to investigate policy or legal violations by an employee, contractor, or outsider, and to investigate attacks on a physical or information asset.
