a. A law enforcement staff trained in computers

b. A computer consultant with requisite technical experience

c. A civilian witness with expertise in computers

d. A teenage hacker who is a computer expert

150. d. Retrieval and analysis of electronically stored data that could be potential evidence in a criminal prosecution must follow a uniform and specific methodology to prove that the evidence could not have been altered while in the possession of law enforcement. Law enforcement personnel who have received the necessary training to perform this analysis or someone else with the requisite expertise who can withstand challenge in court are essential to ensure the integrity of any resulting evidence because consistency in methodology and procedure may become a critical issue in a criminal prosecution. The proper selection and use of a civilian expert witness to aid in the retrieval and analysis of computer-related evidence is critical. However, the use of a teenage hacker as an expert witness would be inadvisable, at best.

151. To properly conduct computer crime investigations, the law enforcement community must receive which of the following?

a. Training

b. Policies

c. Procedures

d. Guidelines

151. a. Law enforcement staff must be provided with specialized training for investigations in the area of technological crime investigation. The learning curve for this type of instruction can be lengthy due to the complexity and sophistication of the technology. In addition, policies and procedures are needed to ensure consistency in the investigation of computer crimes. The seizure, transportation, and storage of computers and related equipment must be completed according to uniform guidelines.

152. From a human nature point of view, a good incident-handling capability is closely linked to which of the following?

a. Contingency planning

b. Training and awareness

c. Support and operations

d. Risk management

152. b. A good incident-handling capability is closely linked to an organization’s training and awareness program and educates users about such incidents and what to do when they occur. This can increase the likelihood that incidents will be reported early, thus helping to minimize damage.

An incident handling capability can be viewed as the component of contingency planning that deals with responding to technical threats, such as viruses or hackers. Close coordination is necessary with other contingency planning efforts, particularly when planning or contingency processing in the event of a serious unavailability of system resources.

153. Which of the following are the necessary skills for an incident response team manager?

1. Liaison skills

2. Technical skills

3. Communication skills

4. Problem solving skills

a. 1 and 3

b. 3 and 4

c. 1, 3, and 4

d. 1, 2, 3, and 4

153. d. The incident response team manager must have several skills: acting as a liaison with upper management and others, defusing crisis situations (i.e., having problem-solving skills), technically adept, having excellent communications skills, and maintaining positive working relationships, even under times of high pressure.

154. Which of the following is not a primary impact of a security incident?

a. Fraud

b. Waste

c. Abuse

d. Notice

154. d. Notice is not a primary impact of a security incident. Fraud, waste, and abuse are potential adverse actions that may result from a breakdown in IT security controls and practices. Consequently, these three are primary impacts of a security incident. “Notice” occurs after an incident is known.

155. Which of the following software licensing approaches requires the user to pay for the software when used for commercial purposes after downloading it from the Internet?

a. Demoware

b. Timeware

c. Crippleware

d. Shareware

155. d. The Internet has allowed many software companies to use new means of distributing software. Many companies allow the downloading of trial versions of their product (demoware), sometimes-limited versions (crippleware) or versions that only operate for a limited period of time (timeware). However, many companies take a shareware approach, allowing fully functional copies of software to be downloaded for trial use and requiring the user to register and pay for the software when using it for commercial purposes.

156. From a copyright owner point of view, when is electronic information declared as being used?

a. When a reader has made a purchase

b. When a reader has downloaded the information for immediate use

c. When a reader buys access to the information

d. When a reader has downloaded the information for future use

156. c. In using an online information service, readers do not purchase any piece of property; rather they buy access to the electronic information. After the access is permitted, the information is out of the control of the copyright owner and the publisher. For the most part, publishers have no way of knowing the final disposition of the material (that is, downloaded now or later or used now). For this reason, publishers consider information as used as soon as it reaches the reader.

157. What is the major downside to publishing information via digital media?

a. A series of contracts in the distribution chain.

b. Many layers of end users.

c. A series of data storage media employed by end users.

d. Any reader is a potential publisher.

157. d. Traditionally, copyright law does not give copyright owners rights to control the access that readers have to information. Copyright owners in the electronic world use contracts to impose restrictions to make sure that they are paid for every instance of access or use. Still, as a practical matter, these restrictions do not prevent unauthorized copying. After users have paid for one legitimate copy of something, there is often not much except moral suasion to prevent them making other copies. Digital information is easily copied and easily transmitted to many locations. These characteristics make electronic distribution an attractive publishing medium; but they have a flip side (downside); almost any reader is a potential publisher of unauthorized copies.

158. For libraries, the copyright law applies to which of the following?

a. Computer data

b. Mixed media

c. Computer programs

d. Digital information

158. c. Digital information allows libraries new ways to offer services, and completely new services to offer. Libraries have some uncertainties with regard to copyright laws. For example, libraries may not be the owners of the computer programs. Vendors often say that programs are licensed, not sold. The library, as a licensee rather than an owner, does not have the rights described in the copyright law; these are abrogated by the terms of the license. For example, the copyright law gives the owner of a computer program the right to make an archival (backup) copy under certain conditions.