LAW Flashcards Preview

CISSP > LAW > Flashcards

Flashcards in LAW Deck (62):

Real evidence

which consists of tangible or physical objects such such as hard drives, DVDs, USB, or printed business records.


Direct evidence

is testimony provided by a witness regarding what the witness actually experienced with his five senses, rather than having gained the knowledge indirectly through another person (hearsay).


Circumstantial evidence

is evidence that serves to establish the circumstances related to other evidence.

It is an inference of information from relevant facts.
Offers indirect proof and cannot be used as sole evidence.

Ex: support claims made regarding other evidence or the accuracy of other evidence.


Corroborative evidence

provides additional support for a fact that might have been called into question and it does not establish a particular fact on its own.

It used as a supplementary tool to help prove a primary piece of evidence. In order to strengthen a particular fact or element of a case.



Second-hand evidence and treated as less reliable.

Computer-based evidence is an example, but there are exceptions related to routine business records, binary disk and memory images.

Rule 1001 of the US Federal Rules of Evidence allows for readable reports of data contained on a computer to be considered as best evidence.


Best evidence

Original documents are preferred over copies.

The best evidence rule that meets these criteria, which relevant, authentic, accurate, complete, and convincing.

Rule1001 of the US Federal Rules of Evidence allows for readable reports of data contained on a
computer to be considered as best evidence.


Secondary evidence

consists of copies of original documents, and oral descriptions. Computer-generated logs and documents might also constitute secondary rather than best evidence.

Rule 1001 of the US Federal Rules of Evidence allows for readable reports of data contained on a computer to be considered as best evidence.


Exigent Circumstances

Justification for the seizure of evidence without a warrant due to the extreme likelihood that the evidence will be destroyed or threat to human life.


Common law

- is the legal system used in the United States, UK Canada

-significant emphasis on particular cases and judicial (legal, court, justice) examples as determinants of laws.

It emphasizes the role of court rulings to provide legal precedent. This emphasis allows the interpretation of law to
evolve over time with new judicial rulings.


The most significant difference between civil and common law is

under civil law, judicial precedents and particular case rulings do not carry the weight they do under common law.


Civil law

- is also called Tort law.
- Based on rules, not precedence.
 Codification of law and heavy reliance on legislation as the primary source of law, as opposed to jurisprudence.
 Emphasizes the abstract concepts of law and is influenced by the writings of legal scholars and academics.
 victim will be an individual, group, or organization.
 Judges play a more active role in determining the facts.


Tort law

is the primary component of civil law and is the most significant source of lawsuits seeking financial damages.

deals with injury, loosely defined, that results from someone violating their responsibility to provide a duty of care.


Criminal law

- pertains to those laws where the victim can be seen as society itself.
- The crime must be proved beyond any reasonable doubt.
- Punishment loss of freedom or monetary


Common Types of Financial Damages

Statutory damages are prescribed by law and can be awarded to the victim even if the victim incurred no actual loss or injury.


Common Types of Financial Damages

The purpose is to provide the victim with a financial award to compensate for the loss or injury incurred as a direct result of the wrongdoing.

These are some of the oldest in history. It's designed to bring justice to victim.

An eye for an eye and a tooth for a tooth is purely compensatory.


Common Types of Financial Damages

These damages are typically awarded to attempt to discourage a particularly bad violation where the compensatory or statutory damages alone would not act as a deterrent.


Computer Security Act of 1987

pertains to confidential and sensitive information maintained by federal agencies. This act does not deal with data held by private organizations.



indicates why a crime is committed



indicates when and where a crime occurred.



how a criminal committed the crime.


Customary law

to determine what is generally accepted as good practice, which might be treated as a law.
These practices can be later codified as laws.
The concept of best practices is closely associated with customary law. Punishment is some kind of fine.


five rules of evidence

o Be authentic.
o Be accurate.
o Be complete.
o Be convincing.
o Be admissible


exclusionary rule

evidence must be gathered legally or it can't be used.

The exclusionary rule is designed to exclude evidence obtained in violation of a criminal defendant's Fourth Amendment rights.


Preponderance of evidence

means that the majority of the evidence presented indicates that the defended is liable for the offensive.


Data quality principle

OECD privacy guideline principle that states that personal data should be complete, accurate, and maintained in a fashion consistent with the purposes for
the data collection.


Purpose specification principle

OECD privacy guideline principle that states that the
purpose for the data collection should be known, and the subsequent use of the data should be limited to the purposes outlined at the time of collection.


Individual participation principle

OECD privacy guideline principle that states that
individuals should have control over their data.


What is a data aggregator?

Data aggregators are companies that compile, store, and sell personal information. Often these companies compile profiles of this information.


What is burden of proof?

in a criminal court is beyond a reasonable doubt,

The burden of proof in civil proceedings is the preponderance of the evidence. “Preponderance” means it is more likely than not.


What is the purpose of Council of Europe Convention on Cybercrime?

establishing standards in cybercrime policy to promote international cooperation during the investigation and prosecution of cybercrime.


which is strongest form of intellectual property protection?




 Associated with marketing: the purpose is to allow for the creation of a brand that distinguishes the source of products or services.
 Protect the goodwill an organization invests in its products, services or image.


What are the two different symbols with Trademark?

The superscript TM symbol (™) can be used freely to
indicate an unregistered mark

The circle R symbol (r) is used with marks that have been formally registered as a trademark with the U.S. Patent and Trademark Office



provide a monopoly to the patent holder on the right to use, make, or sell an invention for a period of time in exchange for the patent holder’s making the invention

Must be novel and unique



 Covers the expression of ideas rather than the ideas themselves


fair use doctrine

allows someone to duplicate copyrighted material without requiring the payment, consent, or even knowledge of the copyright holder.


first sale doctrine

allows a legitimate purchaser of copyrighted material to sell it to another person.


Trademark dilution

an unintentional attack in which the trademarked brand name is used to refer to the larger general class of products of which the brand is a specific instance. Ex. Kleenex



refers to an individual or organization registering or using, in bad faith, a domain name that is associated
with another person’s trademark.

Money is the motiviation



refers to a specific type of cybersquatting in which the cybersquatter registers likely misspellings or mistypings of legitimate domain trademarks.


CoCom, the Coordinating Committee for Multilateral
Export Controls

a multinational agreement to not export certain technologies, which included encryption, to many communist countries.


Wassenaar Arrangement

far less restrictive than the former CoCom but did still suggest significant restrictions on the export of cryptographic algorithms and technologies to countries not included in the Wassenaar Arrangement.


EU Data Protection Directive

allows for the free flow of information while still
maintaining consistent protections of each member nation’s citizen’s data.

• Notifying individuals how their personal data is collected and used
• Allowing individuals to opt out of sharing their personal data with third parties
• Requiring individuals to opt into sharing the most sensitive personal data
• Providing reasonable protections for personal data


Privacy Act of 1974

was created to codify protection of US citizens’ data that is being used by the federal government.

It defined guidelines regarding how US citizens’ personally identifiable information would be used, collected, and distributed.


Prudent man rule

Organizations should engage in business practices that a prudent, right thinking person would consider to be appropriate.

When attempting to determine whether certain actions or inactions constitute negligence, the prudent man rule is often applied. Due diligence and due care


Chain of custody

requires that, once evidence is attained, who, what, when, and where with regard to the handling of evidence must be fully documented.

The goal is to show that throughout the evidence lifecycle it is both known and documented how the evidence was handled. This also supports evidence integrity.



a legal defense where the defendant claims an agent of law enforcement persuaded the defendant to commit a crime that he or she would otherwise not have committed.

Ex: allowing downloads on a honeypot is a possible example of entrapment if it is used to make formal trespassing charges. Entrapment is illegal.



encouraging someone to commit a crime after that person was already intent on the commission of a crime.

Honeypot: The attacker will be enticed to go to the honeypot system because it has many open ports. Enticement is legal.


Computer Fraud and Abuse Act—18 CFR } 1030

pertaining to computer crimes.

It covered criminalized attacks on protected computers,
including government and financial computers, as well
as those engaged in foreign or interstate commerce,


Electronic Communications Privacy Act - ECPA

Electronic Communications Privacy Act—Provides search and seizure protection to non-telephony electronic communications.


Gramm–Leach–Bliley Act (GLBA):

requires financial institutions to protect the confidentiality and integrity of consumer financial information and forces them to notify consumers of their privacy practices.


California Senate Bill 1386 (SB1386)

first U.S. state-level breach notification laws. Requires organizations experiencing a personal data breach involving California residents to notify them of the potential disclosure.


Sarbanes–Oxley Act of 2002 (SOX):

created regulatory compliance mandates for publicly traded companies. The primary goal is to ensure adequate financial disclosure and financial auditor independence.


Information security attestation

involves having a third-party organization review the practices of the service provider and make a statement about the security posture of the organization. Ex: SAS 70 and ISO 27001 certification

The goal of the service provider is to provide evidence that they should be trusted.


vendor management

The goal of vendor governance is to ensure that the business is continually getting sufficient quality from its third-party providers.


What was the primary purpose of the 1997 U.S. Federal Sentencing Guidelines?

to provide guidelines for dealing with white collar crimes


What are the three basic questions answered by the chain of custody?

who controlled the evidence
who secured the evidence
who obtained the evidence


What is the primary concern of the natural surveillance facet of the CPTED approach?

to ensure that criminals feel uncomfortable making an attack


What is the proper life cycle of evidence steps?

court presentation
return to owner


Unallocated space

Portions of a disk partition that do not contain active data.

This includes memory that has never been allocated, and previously allocated memory that has been marked unallocated. If a file is deleted, the portions of the disk that held the deleted file are marked


Slack space

Data is stored in specific size chunks known as clusters.

A cluster is the minimum size that can be allocated by a file system. If a particular file, or final portion of a file, does not require the use of the entire cluster, then some
extra space will exist within the cluster. This leftover space is known as slack space.


A hacker is attacking your web sites. Which plan you need to use?

Cyber Incident Response Plan—

Plan designed to respond to disruptive cyber events, including network-based attacks, worms, computer viruses, Trojan horses, etc.