Term
| What are the three categories of traditional crime? |
|
Definition
| Violent crime, Property crime, and Public Order crime |
|
|
Term
| ___________ crime is harder to detect, increasingly sophisticated, and can involve tangible as well as intangible assets. |
|
Definition
|
|
Term
| What are the three primary motives for criminal behavior? |
|
Definition
| Ego, Personal Gain, and Finance |
|
|
Term
|
Definition
| Novel, useful, and non-obvious inventions |
|
|
Term
| What is the strongest form of Intellectual property protection? |
|
Definition
|
|
Term
| What do trademarks protect? |
|
Definition
| The good will associated with a product |
|
|
Term
| What do copyrights protect? |
|
Definition
|
|
Term
| When is a copyright assumed? |
|
Definition
| When it is fixed in a tangible form |
|
|
Term
| How long are trade secrets good for? |
|
Definition
| As long as the company can keep them a secret |
|
|
Term
| What is the name of the agreement that governs the export of encryption systems? |
|
Definition
|
|
Term
| ___________ can be defined as acting without care |
|
Definition
|
|
Term
| Setting policy is considered _________ |
|
Definition
|
|
Term
| Enforcing policy is considered __________ |
|
Definition
|
|
Term
| In order to monitor employee traffic in a legal fashion internationally, what three conditions must be met? |
|
Definition
| Inform those who are being monitored, Monitor fairly and consistently, and and only monitor work related activities |
|
|
Term
| What does personally Identifiable Information cover? |
|
Definition
| Information that identifies, can be used to contact or locate the person to which it pertains |
|
|
Term
| What restricts a company's ability to monitor employees? |
|
Definition
| Reasonable Expectation of Privacy |
|
|
Term
| ______________ is about proactively preparing for, and reactively responding to, an incident |
|
Definition
|
|
Term
| __________ is any event that has the potential to negatively impact the business or its assets |
|
Definition
|
|
Term
| What are the four steps of Incident Response? |
|
Definition
1. Detecting a problem
2. Determining cause
3. Minimizing damage
4. Resolving the problem |
|
|
Term
| What are the three main elements of Incident Response? |
|
Definition
| Detection, Triage, and Response |
|
|
Term
| What is the first step in establishing a foundation for Incident Response? |
|
Definition
|
|
Term
| What are the four stages in the Incident Response and Handling Process? |
|
Definition
| Triage, Investigation, Containment, and Analysis and Tracking |
|
|
Term
| What are the three steps in the triage process? |
|
Definition
| Detection, Classification, and Notification |
|
|
Term
| What are the four parts of the investigative process? |
|
Definition
| Identify Suspects, Identify Witnesses, Identify System, and Identify Team |
|
|
Term
| What is Ownership and Possession Analysis? |
|
Definition
| Identifying who Created, Modified, or Accessed data |
|
|
Term
|
Definition
| Means Opportunity and Motive |
|
|
Term
| What is the difference between Interviewing and Interrogation? |
|
Definition
| Interviewing is open ended questioning and is not adversarial and Interrogation is adversarial and uses closed ended questioning |
|
|
Term
| What are the two possible outcomes of public disclosure of a security incident? |
|
Definition
| Compound the negative impact and provide an opportunity to regain the public trust |
|
|
Term
| The idea that a criminal will bring something to the crime scene and leave with something is known as ___________ |
|
Definition
| Locard's Principle of Exchange |
|
|
Term
| In what order should you collect digital evidence? |
|
Definition
|
|
Term
| A statement made to a witness where the witness cannot personally attest to its accuracy is known as __________. |
|
Definition
|
|
Term
| Computer forensics is made up of procedures and protocols which are ________, ________, ________ and __________. |
|
Definition
| Methodical, Repeatable, Defensible, and Auditable |
|
|
Term
| ______________ is the disciplined and detailed process of searching a drive for information. |
|
Definition
|
|
Term
| ___________ is meant to enhance corporate governance through measures that will strengthen internal checks and balances and, ultimately, strengthen corporate accountability. |
|
Definition
|
|
Term
| ___________ is designed to protect the privacy of consumer information held by financial institutions. |
|
Definition
| Gramm-Leach-Bliley Act (GLBA) |
|
|
Term
| The ___________ sets out the classification levels and access controls for each piece of sensitive information. |
|
Definition
|
|
Term
| The ____________ is responsible for ensuring personnel in his or her area are complying with policy. |
|
Definition
|
|
Term
| The ___________ provides verification of risks and the compliance environment as a third-party obeserver. |
|
Definition
|
|
Term
|
Definition
| A formal, written examination of one or more crucial components of the organization |
|
|
Term
| ___________ are metrics or quantifiable measurements |
|
Definition
| Key Performance Indicators |
|
|
Term
| What is the role of the auditor? |
|
Definition
| Comparing the stated policies with the actual controls in place |
|
|
Term
| Compliance should be in accordance with _________, _________, and _________. |
|
Definition
| Guidelines, specifications, and legislation |
|
|
Term
| Who is the person with the greatest single responsibility for compliance? |
|
Definition
|
|
Term
| What are the three categories of computer forensics? |
|
Definition
| Media, Network Traffic, and Software |
|
|
Term
| What must be answered as it relates to the chain of custody? |
|
Definition
| Who, what, when, where, and how |
|
|
Term
| Why is it important to have two copies of investigated media? |
|
Definition
| To have a control copy in the event that the working copy is damaged |
|
|
Term
| ___________ is free for use but the author still retains the copyright. |
|
Definition
|
|
Term
| What is the most important guideline to provide to incident investigators? |
|
Definition
| Do not exceed your knowledge or capabilities |
|
|
