Security+ SY0-301 Chapter 3 – Flashcards
Unlock all answers in this set
Unlock answersquestion
Cybercrime
answer
involves studying how the computer is involved in the criminal act. Three types of computer crimes commonly occur: computer-assisted crime, computer-targeted crime, and computer-incidental crime.
question
Common Internet Crime Schemes
answer
a list provided by the Internet Crime Complaint Center, an online clearinghouse that communicates issues associated with cybercrime.
question
Sources of Laws
answer
three sources have an involvement in computer security: statutory laws, administrative rule making and common law.
question
Computer Trespass
answer
is the unauthorized entry into a computer system via any means, including remote network connections. These crimes have introduced a new area of law that has both national and international consequences.
question
Convention on Cybercrime
answer
is the first international treaty on crimes committed via the Internet and other computer networks. His main objective is to set out in the preamble, is to pursue a common criminal policy aimed at the protection of society against cybercrime, especially by adopting appropriate legislation and fostering international cooperation.
question
Electronic Communications Privacy Act (ECPA)
answer
sections of this law address e-mail, cellular communications, workplace privacy, and a host of other issues related to communicating electronically.
question
Computer Fraud and Abuse Act (1986)
answer
serves as the current foundation for criminalizing unauthorized access to computer systems.
question
Patriot Act
answer
passed in response to the September 11 terrorist attack, extends the tap and trace provisions of existing wiretap statutes to the Internet and mandates certain technological modifications at ISPs to facilitate electronic wiretaps on the Internet.
question
Gramm-Leach-Bliley Act (GLB)
answer
introduced the U.S. consumer to privacy notices, where firms must disclose what they collect, how they protect the information, and with whom they will share it.
question
Sarbanes-Oxley (SOX)
answer
is a passed sweeping legislation overhauling the financial accounting standards for publicly traded firms in the United States.
question
Payment Card Industry Data Security Standards
answer
is a private sector initiative to protect payment card information between banks and merchants, is a set of six control objectives, containing a total of 12 requirements.
question
Import/Export Encryption Restrictions
answer
the control over those is a vital method of maintaining a level of control over encryption technology in general.
question
U.S. Law
answer
the encryption export control policy continues to rest on three principles: review of encryption products prior to sale, streamlined post-export reporting, and license review of certain exports of strong encryption to foreign government end users.
question
Non-U.S. Laws
answer
The Wassenaar Arrangement has been established in order to contribute to regional and international security and stability, by promoting transparency and greater responsibility in transfers of conventional arms and dual-use goods and technologies, thus preventing destabilizing accumulations.
question
Digital Signature Laws
answer
E-Sign law implements a simple principle: a signature, contract, or other record may not be denied legal effect, validity, or enforceability solely because it is in electronic form.
question
Non-U.S. Signature Laws
answer
is the United Nations Commission on International Trade Law (UNCITRAL) Model Law on E-Commerce. To implement specific technical aspects of this model law, more work on electronic signatures was needed.
question
Canadian Laws
answer
the Uniform Electronic Commerce Act (UECA), allows the use of electronic signatures in communications with the government.
question
European Laws
answer
Towards a European Framework for Digital Signatures and Encryption
question
Digital Rights Management
answer
The ability of anyone with a PC to make a perfect copy of digital media has led to industry fears that individual piracy actions could cause major economic issues in the recording industry.
question
Digital Millennium Copyright Act (DMCA)
answer
to amend title 17, United States Code, to implement the World Intellectual Property Organization Copyright Treaty and Performances and Phonograms Treaty, and for other purposes."
question
Privacy
answer
can be defined as the power to control what others know about you and what they can do with this information.
question
U.S. Privacy Laws
answer
the Identity Theft and Assumption Deterrence Act makes it a violation of federal law to knowingly use another's identity.
question
Health Insurance Portability & Accountability Act (HIPAA)
answer
calls for sweeping changes in the way health and medical data is stored, exchanged, and used including security standards and electronic signature provisions.
question
California Senate Bill 1386 (SB 1386)
answer
It mandates that Californians be notified whenever personally identifiable information is lost or disclosed.
question
European Laws
answer
are known as data protection laws. These privacy statutes cover all personal data, whether collected and used by government or private firms.
question
Safe Harbor
answer
is a mechanism for self-regulation that can be enforced through trade practice law via the FTC.
question
Ethics
answer
the challenge in today's business environment is to establish and communicate a code of ethics so that everyone associated with an enterprise can understand the standards of expected performance.
question
SANS Institute IT Code of Ethics
answer
- I will strive to know myself and be honest about my capability. - I will conduct my business in a manner that assures the IT profession is considered one of integrity and professionalism. - I respect privacy and confidentiality.