CISSP (Domain 9 - Legal, Regulations, Compliance, and Investigations)

Question 1

Civil Law (Tort)

Answer 1

No law broken, mostly monetary. Results in damage, loss, injury, or death.

Question 2

Criminal Law

Answer 2

Crimes committed against society. Burden of proof is “Beyond a reasonable doubt”

Question 3

Compensatory Damage - Civil Law

Answer 3

Paid for the actual damages which was suffered by a victim.

Question 4

Punitive Damages - Civil Law

Answer 4

Punishment for the offender

Question 5

Statutory Damages - Civil Law

Answer 5

Amount stipulated within the law rather than calculated based on the degree of harm to the plaintiff

Question 6

Administrative (Regulatory) Law

Answer 6

• Defines standards of performance and regulates conduct for specific industries (Banking, HIPAA)
• Burden of proof is “More likely than not”
• Penalties consist of financial or imprisonment

Question 7

Intellectual Property Law

Answer 7

Protects products of the mind

Question 8

Trade Secrets - IP Protection

Answer 8

• Resource must provide competitive value
• Must be reasonably protected from unauthorized use or disclosure
• Proprietary to a company and import for survival
• Must be genuine and not obvious

Question 9

Copyright - IP Protection

Answer 9

• Last lifetime of the author plus 70 years

- Pieces of work

Question 10

Trademark - IP Protection

Answer 10

• Protect word, name, symbol used to identify a product to be distinguished from others
• My company look at feel

Question 11

Patent - IP Protection

Answer 11

• Protection for those who have legal ownership of an invention
• Exclusive control for 20 years

Question 12

4 International Boarder Issues for Data

Answer 12

• Each country treats computer crimes differently
• Evidence rules differ between legal systems
• Governments may not assist each other in international cases
• Jurisdiction issues

Question 13

Trans-boarder Information Flow (4 Things)

Answer 13

• Movement and storage of data by automatic means across national/federal boundaries
• Many European countries have strong reactions on flow of personal and financial data
• Know laws before transmitting data through different areas
• Route data through other routes, if necessary

Question 14

ISC^2 Code of Ethics (4 Things)

P/A/P/A

Answer 14

• Protect society, the commonwealth, and the infrastructure (nobody hurt)
• Act honorably, honestly, justly, responsibly, and legally (do the right thing)
• Provide diligent and competent service to principals
• Advance and protect the profession

Question 15

Behavior to Encourage - ISC^2 Code of Ethics

Answer 15

• Research
• Teaching
• Identifying, mentoring, and sponsoring candidates for the profession
• Valuing the certificate

Question 16

Behavior to Discourage - ISC^2 Code of Ethics

Answer 16

• Raising unnecessary alarm, fear, uncertainty, or doubt
• Giving unwarranted comfort or reassurance
• Consenting to bad practice
• Attaching weak systems to the public network
• Professional association with amateurs/criminals/non-professionals

Question 17

Protect society, the commonwealth, and the infrastructure - ISC^2 Code of Ethics

Answer 17

• Promote and preserve public trust and confidence in information and systems
• Promote the understanding and acceptance of prudent information security measures
• Preserve and strengthen the integrity of the public infrastructure
• Discourage unsafe practice

Question 18

Act honorably, honestly, justly, responsibly, and legally - ISC^2 Code of Ethics

Answer 18

• Tell the truth
• Observe all contracts and agreements, expired or implied
• Treat all constituents fairly
• Give prudent advise
• Give preference to the laws of the jurisdiction in which you render your service

Question 19

Provide diligent and competent service to principals - ISC^2 Code of Ethics

Answer 19

• Preserve the value of their systems, applications, and information
• Respect their trust and the privileges that they grant you
• Avoid conflicts of interest or the appearance thereof
• Render only those services for which you are fully competent and qualified

Question 20

Advance and protect the profession - ISC^2 Code of Ethics

Answer 20

• Sponsor for professional advancement those best qualified
• Avoid professional association with those whose practices or reputation might diminish the profession
• Take care not to injure the reputation of other professionals through malice or indifference
• Maintain your competence, keep your skills and knowledge current

Question 21

Why Crimes Are Committed (MOM)

Answer 21

• Motivations: Who commits them and why
• Opportunities: When would someone take advantage of crimes
• Means: Who has capability to commit these crimes

Question 22

4 Forensic Procedures

MNSH

Answer 22

• Media Analysis
• Network Analysis
• Software Analysis
• Hardware/Embedded Device Analysis

Question 23

5 Things Digital Evidence Must Be

Answer 23

• Authentic
• Accurate
• Complete
• Convincing
• Admissible

Question 24

4 Steps to a Forensic Hash on a Drive Image

Answer 24

• Get Image
• Hash Image
• Create Message Digest
• Apply Digital Signature

*Hide Image and digital certificate

Question 25

Computer Forensics

Answer 25

Discipline of using proven methods toward the collection, preservation, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence

Question 26

Forensic Investigative Process

IPCEAPD

Answer 26

• Identification
• Preservation
• Collection
• Examination
• Analysis
• Presentation
• Decision

Question 27

Chain of Custody of Evidence (3 Things)

Answer 27

• Who obtained the evidence and security it?
• Where and when it was obtained?
• Who had control or possession of the evidence?

Question 28

Evidence Life Cycle (5 Things)

Answer 28

• Collection and identification
• Analysis
• Storage, preservation, transportation
• Present in court
• Return to victim (owner)

Question 29

4 Most common reason for improper evidence collection

Answer 29

• No established incident response team
• No established incident response procedures
• Poorly written policy
• Broken chain of custody

Question 30

3 Things Chain of Custody Dictates

Answer 30

• Extreme Documentation
• All evidence is labeled with information indicated who security and controlled it
• Who, what, where, when, and how

Question 31

Hearsay Evidence

Answer 31

• Oral/Written evidence
• No firsthand proof of its reliability and accuracy
• Computer generated evidence

Question 32

2 Exceptions to Hearsay Rule

Answer 32

• Business Record Exemption to Hearsay Rule
  + Docs can only be submitted if created in course of regular business hours
  + Audit trails can only be used if during normal course of business
• Accepting Business Records as Evidence
  + Chain of custody was maintained
  + Rel event by a Judge

Question 33

Enticement

Answer 33

Legal, tempting a potential criminal, honeypot

Question 34

Entrapment

Answer 34

Not Legal, tricking a person into committing a crime