150. d. Retrieval and analysis of electronically stored data that could be potential evidence in a criminal prosecution must follow a uniform and specific methodology to prove that the evidence could not have been altered while in the possession of law enforcement. Law enforcement personnel who have received the necessary training to perform this analysis or someone else with the requisite expertise who can withstand challenge in court are essential to ensure the integrity of any resulting evidence because consistency in methodology and procedure may become a critical issue in a criminal prosecution. The proper selection and use of a civilian expert witness to aid in the retrieval and analysis of computer-related evidence is critical. However, the use of a teenage hacker as an expert witness would be inadvisable, at best.
151. To properly conduct computer crime investigations, the law enforcement community must receive which of the following?
a. Training
b. Policies
c. Procedures
d. Guidelines
151. a. Law enforcement staff must be provided with specialized training for investigations in the area of technological crime investigation. The learning curve for this type of instruction can be lengthy due to the complexity and sophistication of the technology. In addition, policies and procedures are needed to ensure consistency in the investigation of computer crimes. The seizure, transportation, and storage of computers and related equipment must be completed according to uniform guidelines.
152. From a human nature point of view, a good incident-handling capability is closely linked to which of the following?
a. Contingency planning
b. Training and awareness
c. Support and operations
d. Risk management
152. b. A good incident-handling capability is closely linked to an organization’s training and awareness program and educates users about such incidents and what to do when they occur. This can increase the likelihood that incidents will be reported early, thus helping to minimize damage.
An incident handling capability can be viewed as the component of contingency planning that deals with responding to technical threats, such as viruses or hackers. Close coordination is necessary with other contingency planning efforts, particularly when planning or contingency processing in the event of a serious unavailability of system resources.
153. Which of the following are the necessary skills for an incident response team manager?
1. Liaison skills
2. Technical skills
3. Communication skills
4. Problem solving skills
a. 1 and 3
b. 3 and 4
c. 1, 3, and 4
d. 1, 2, 3, and 4
153. d. The incident response team manager must have several skills: acting as a liaison with upper management and others, defusing crisis situations (i.e., having problem-solving skills), technically adept, having excellent communications skills, and maintaining positive working relationships, even under times of high pressure.
154. Which of the following is not a primary impact of a security incident?
a. Fraud
b. Waste
c. Abuse
d. Notice
154. d. Notice is not a primary impact of a security incident. Fraud, waste, and abuse are potential adverse actions that may result from a breakdown in IT security controls and practices. Consequently, these three are primary impacts of a security incident. “Notice” occurs after an incident is known.
155. Which of the following software licensing approaches requires the user to pay for the software when used for commercial purposes after downloading it from the Internet?
a. Demoware
b. Timeware
c. Crippleware
d. Shareware
155. d. The Internet has allowed many software companies to use new means of distributing software. Many companies allow the downloading of trial versions of their product (demoware), sometimes-limited versions (crippleware) or versions that only operate for a limited period of time (timeware). However, many companies take a shareware approach, allowing fully functional copies of software to be downloaded for trial use and requiring the user to register and pay for the software when using it for commercial purposes.
156. From a copyright owner point of view, when is electronic information declared as being used?
a. When a reader has made a purchase
b. When a reader has downloaded the information for immediate use
