Leg, Inv and Comp Flashcards Preview

CISSP > Leg, Inv and Comp > Flashcards

Flashcards in Leg, Inv and Comp Deck (119)
Loading flashcards...
1

What are the three major categories of law in the US

Civil, criminal and adminstrative

2

Under criminal law, what does burden of proof mean?

Judge or jury must believe beyond a reasonable doubt that the defendant is guilty.

3

Classifications in criminal law are split into two categories. What are they?

Felony and misdemeanour

4

Civil Penalties do not provide a jail term, and instead provide financial restitution to the victim. True or False?

True

5

What three types of civil penalties are there?

Compensatory (damages, legal fees, lost profits)
Punitive (punish the offender)
Statutory (violating the law)

6

Under civil law, what does burden of proof mean?

Judge or Jury believes they are guilty based on evidence

7

Liability and due care relate to civil law and which other type?

Administrative

8

If the cost of implementing a safeguard is less than the cost of the estimated loss, could an organisation be held liable?

Yes

9

What does proximate causation mean?

An action taken or not taken was part of a sequence of events that resulted in negative consequences.

10

Which rule requires an individual to perform the following duties?
- In good faith
- In the best interests of the enterprise
- With the care and diligence that ordinary, prudent people in a similar position would exercise under similar circumstances

The Prudent Man Rule

11

In information security the steps that an individual or organisations take to perform their duties and implement information security best practices are otherwise known as what?

Due care

12

in the context of information security, research into risk identification and risk management can otherwise be known as what?

Due diligence

13

What term is used to describe an organisation that fails to follow a standard of due care in the protection of its assets

Culpable Negligence

14

Which type of law defines standards of performance and conduct for major industries, organisations and officials?

Administrative (Regulatory)

15

What is a mixed law system otherwise known as, ie religious and civil for example?

Pluralistic

16

A novice or less experienced hacker can otherwise be known as what?

Script Kiddie

17

An ideological attack is commonly known by which term?

Hactivism

18

Intellectual Property is protected under US law under which 4 classifications?

Trade Secrets
Copyright
Patents
Trademarks

19

International protection for patents is otherwise known as?

The Patent Cooperation Treaty

20

A newly granted patent is valid for how many years?

20

21

The grant of a property right to an inventor is otherwise known as what?

Patent

22

A word, name, symbol or device is commonly protected by what?

Trademark

23

In the US which Act is used to protect trademarks?

The Trademark Law Treaty Implementation Act

24

What term is used to protect authors of "original works of authorship" whether published or not?

Copyright

25

Object code or documentation would commonly be protect by what?

Copyright

26

Traditionally how long does a copyright of works last for?

An authors lifetime plus 70 years

27

In the US which Act is used to protect copyright?

The Copyright Act 1976

28

Proprietary or business related information that a company or individual uses and has exclusive rights to is commonly known as what?

Trade Secret

29

The following are requirements of which type of intellectual property?
- must be genuine and not obvious
- must provide the owner a competitive or economic advantage
- must be reasonably protect from disclosure

Trade Secret

30

The EU Privacy Rules define what requirements? 7 in total

- collected lawfully and fairly
- used for original purpose that it was collected for and for a reasonable period only
- must be accurate and up to date
- must be accessible to individuals whom data it is
- individuals have the right to correct their data
- cannot be disclosed to third parties unless required by law or consent granted by individual
- transmission of personal data to locations where the location does not have equivalent privacy laws is prohibited