Systems Security Certified Practitioner – SSCP – Question0644

Under the Business Exemption Rule to the hearsay evidence, which of the following exceptions would have no bearing on the inadmissibility of audit logs and audit trails in a court of law?

A.
Records are collected during the regular conduct of business.
B. Records are collected by senior or executive management.
C. Records are collected at or near the time of occurrence of the act being investigated to generate automated reports.
D. You can prove no one could have changed the records/data/logs that were collected.

Correct Answer: B

Explanation:

Hearsay evidence is not normally admissible in court unless it has firsthand evidence that can be used to prove the evidence’s accuracy, trustworthiness, and reliability like a business person who generated the computer logs and collected them.
It is important that this person generates and collects logs as a normal part of his business and not just this one time for court. It has to be a documented process that is carried out daily.
The value of evidence depends upon the genuineness and competence of the source; therefore, since record collection is not an activity likely to be performed by senior or executive management, records collected by senior or executive management are not likely to be admissible in court.
Hearsay evidence is usually not admissible in court unless it meets the Business Records Exemption rule to the Hearsay evidence.
• In certain instances computer records fall outside of the hearsay rule (e.g., business records exemption)
• Information relates to regular business activities
• Automatically computer generated data
• No human intervention
• Prove system was operating correctly
• Prove no one changed the data
If you have a documented business process and you make use of intrusion detection tools, log analysis tools, and you produce daily reports of activities, then the computer generated data might be admissible in court and would not be considered Hearsay Evidence.
Reference(s) used for this question: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 10: Law, Investigation, and Ethics (page 676).