CISSP (Domain 9 - Legal, Regulations, Compliance, and Investigations) Flashcards
(34 cards)
Civil Law (Tort)
No law broken, mostly monetary. Results in damage, loss, injury, or death.
Criminal Law
Crimes committed against society. Burden of proof is “Beyond a reasonable doubt”
Compensatory Damage - Civil Law
Paid for the actual damages which was suffered by a victim.
Punitive Damages - Civil Law
Punishment for the offender
Statutory Damages - Civil Law
Amount stipulated within the law rather than calculated based on the degree of harm to the plaintiff
Administrative (Regulatory) Law
- Defines standards of performance and regulates conduct for specific industries (Banking, HIPAA)
- Burden of proof is “More likely than not”
- Penalties consist of financial or imprisonment
Intellectual Property Law
Protects products of the mind
Trade Secrets - IP Protection
- Resource must provide competitive value
- Must be reasonably protected from unauthorized use or disclosure
- Proprietary to a company and import for survival
- Must be genuine and not obvious
Copyright - IP Protection
- Last lifetime of the author plus 70 years
- Pieces of work
Trademark - IP Protection
- Protect word, name, symbol used to identify a product to be distinguished from others
- My company look at feel
Patent - IP Protection
- Protection for those who have legal ownership of an invention
- Exclusive control for 20 years
4 International Boarder Issues for Data
- Each country treats computer crimes differently
- Evidence rules differ between legal systems
- Governments may not assist each other in international cases
- Jurisdiction issues
Trans-boarder Information Flow (4 Things)
- Movement and storage of data by automatic means across national/federal boundaries
- Many European countries have strong reactions on flow of personal and financial data
- Know laws before transmitting data through different areas
- Route data through other routes, if necessary
ISC^2 Code of Ethics (4 Things)
P/A/P/A
- Protect society, the commonwealth, and the infrastructure (nobody hurt)
- Act honorably, honestly, justly, responsibly, and legally (do the right thing)
- Provide diligent and competent service to principals
- Advance and protect the profession
Behavior to Encourage - ISC^2 Code of Ethics
- Research
- Teaching
- Identifying, mentoring, and sponsoring candidates for the profession
- Valuing the certificate
Behavior to Discourage - ISC^2 Code of Ethics
- Raising unnecessary alarm, fear, uncertainty, or doubt
- Giving unwarranted comfort or reassurance
- Consenting to bad practice
- Attaching weak systems to the public network
- Professional association with amateurs/criminals/non-professionals
Protect society, the commonwealth, and the infrastructure - ISC^2 Code of Ethics
- Promote and preserve public trust and confidence in information and systems
- Promote the understanding and acceptance of prudent information security measures
- Preserve and strengthen the integrity of the public infrastructure
- Discourage unsafe practice
Act honorably, honestly, justly, responsibly, and legally - ISC^2 Code of Ethics
- Tell the truth
- Observe all contracts and agreements, expired or implied
- Treat all constituents fairly
- Give prudent advise
- Give preference to the laws of the jurisdiction in which you render your service
Provide diligent and competent service to principals - ISC^2 Code of Ethics
- Preserve the value of their systems, applications, and information
- Respect their trust and the privileges that they grant you
- Avoid conflicts of interest or the appearance thereof
- Render only those services for which you are fully competent and qualified
Advance and protect the profession - ISC^2 Code of Ethics
- Sponsor for professional advancement those best qualified
- Avoid professional association with those whose practices or reputation might diminish the profession
- Take care not to injure the reputation of other professionals through malice or indifference
- Maintain your competence, keep your skills and knowledge current
Why Crimes Are Committed (MOM)
- Motivations: Who commits them and why
- Opportunities: When would someone take advantage of crimes
- Means: Who has capability to commit these crimes
4 Forensic Procedures
MNSH
- Media Analysis
- Network Analysis
- Software Analysis
- Hardware/Embedded Device Analysis
5 Things Digital Evidence Must Be
- Authentic
- Accurate
- Complete
- Convincing
- Admissible
4 Steps to a Forensic Hash on a Drive Image
- Get Image
- Hash Image
- Create Message Digest
- Apply Digital Signature
*Hide Image and digital certificate
