Some provisions in the copyright law also deal with copying and other uses of computer programs, but do not specifically extend to digital information. Digital information includes multimedia or mixed media databases, which may include images, music, text, or other types of work. Digital information is not just words and numbers. Anything that can be seen or heard can be digitized, so databases can include music, motion pictures, or photographs of art works.

Copyright laws currently refer only to computer programs and not to data or digital information. Computer data is stored in the same medium as computer programs, and it would seem logical to treat them in the same way, but the argument remains that digital data does not fit the definitions currently set out in the copyright laws, so owners have no right to make archival copies. The two points raised here become even more complicated for libraries in the case of mixed-media works where printed material, digital data, computer programs, microfiche, and other forms might be packaged and used together.

159. Which of the following is not protected by copyright laws?

a. Program structure

b. Program sequence

c. Program organization

d. User interface

159. d. A court (case law) found that computer programs are protected under copyright against “comprehensive non-literal similarity,” and held that “copyright protection of computer programs may extend beyond a program’s literal code to its structure, sequence, and organization.” The court also said that user interface in the form of input and output reports are not copyrightable.

160. Which of the following is not copyrightable?

a. Formats

b. Databases

c. Program functions

d. Program code

160. a. A court (case law) held that formats are not copyrightable. Databases are protected under copyright law as compilations. However, copyright protection in a compilation does not provide protection for every element of the compilation. It extends only to the material contributed by the author of such work, not to preexisting material used in the work. Both program functions and program code are copyrightable.

161. Which of the following Pacific Rim countries has trade secret protection provided for computer programs?

a. Japan

b. Korea

c. Taiwan

d. Thailand

161. a. Japan is the only Pacific Rim nation whose law provides for trade secret protection. Computer programs can be a part of the trade secrets. The owner of a trade secret may request that the media on which the computer program is stored be destroyed. The other countries such as Korea, Taiwan, and Thailand do not have such laws or are in the process of developing one.

162. Which of the following logs are useful for security monitoring?

a. Network-based security software logs

b. Host-based security software logs

c. Operating system logs

d. Application system logs

162. d. Some applications, such as Web and e-mail services, can record usage information that might also be useful for security monitoring. (That is, a ten-fold increase in e-mail activity might indicate a new e-mail-borne malware threat.)

Both network-based and host-based security software logs contain basic security-related information such as user access profiles and access rights and permissions, which is not useful for security monitoring. Operating system logs collect information on servers, workstations, and network connectivity devices (e.g., routers and switches) that could be useful in identifying suspicious activity involving a particular host, but not useful for security monitoring.

163. From a computer security viewpoint, accountability of a person using a computer system is most closely tied to which of the following?

a. Responsibility

b. Usability

c. Traceability

d. Accessibility

163. c. The issue here is to determine who did what and when. For accountability to function, information about who attempted an action, what action, when, and what the results were must be logged. This log can be used to trace a person’s actions. The logs must not be subject to tampering or loss. Logs provide traceability of user actions.

Responsibility is a broader term defining obligations and expected behavior. The term responsibility implies a proactive stance on the part of the responsible party and a casual relationship between the responsible party and a given outcome. The term accountability refers to the ability to hold people responsible for their actions. People could be responsible for their actions but not held accountable. For example, an anonymous user on a system is responsible for not compromising security but cannot be held accountable if a compromise occurs because the action cannot be traced to an individual.

Usability is incorrect because it deals with a set of attributes that bear on the effort needed for use, and on the individual assessment of such use, by a stated or implied set of users.

Accessibility is incorrect because it is the ability to obtain the use of a computer system or a resource or the ability and means necessary to store data, retrieve data, or communicate with a system. Responsibility, usability, and accessibility are not traceable to an individual’s actions.

164. Detection measures are needed to identify computer-related criminal activities. Which one of the following measures is reactive in nature?

a. Recording all login attempts

b. Checking the system logs

c. Notifying someone about system anomalies

d. Limiting the number of login attempts

164. b. Reactive measures are designed to detect ongoing crimes and crimes that have already been committed. Such measures include performing regular audits of the system and checking the system logs generated automatically by the system. Proactive measures detect crimes before or as they are being committed. Examples include recording all login attempts, notifying the user or security officer about system anomalies by sounding an alarm or displaying a message, and limiting the number of login attempts before automatically disconnecting the login process.

165. Which one of the following is not intrinsically a computer crime or even a misdeed?

a. Wiretapping

b. Eavesdropping

c. Superzapping

d. Masquerading

165. c. Superzapping, a utility program in the IBM mainframe environment, can be thought of as the master key to the computer system. It unlocks most of the security safeguards and integrity controls. In the wrong hands, its use can be damaging. Use of supervisor privileges, root privileges, or the running of programs that bypass security controls is needed to troubleshoot certain operating system problems. In other words, superzapping can be used for both good and bad purposes. The problem is that no audit trail exists.