Laws, Regulations, and Compliance assignment

 
Chapter 4 Laws, Regulations, and Compliance
Categories of Laws
Criminal Law
Civil Law
Administrative Law
overview
Criminal Law
Preserve peace
Keep society safe
Penalties include:
Community service
Fines
Prison
Enacted through legislation
Civil Law
Provide for orderly society
Govern matters that are not crimes
Enacted through legislation
Punishment can include financial penalties
Administrative Law
Policies, procedures, and regulations
Govern the daily operations of an entity
Enacted by government agencies, not the legislature
Laws
Computer Crime
Intellectual Property
Licensing
Import/Export
Privacy
overview
Computer Crime 1/2
Computer Fraud and Abuse Act (CFAA)
Federal interest computer
Accessing classified information, accessing system, fraud, malicious damage, modify medical records, traffic passwords
Any computer in use by the government, financial institutions, and interstate offenses
Amendments
Creating malware code, interstate commerce, imprisonment, and civil action from victims
Federal Sentencing Guidelines
Prudent man rule
Burden of proof: negligence, compliance, causal
Computer Crime 2/2
National Information Infrastructure Protection Act
CFAA international, national infrastructure
Federal Information Security Management Act (FISMA)
Risk assessment, planning, training, testing, incident management
Federal Information Systems Modernization Act (FISMA)
Centralizing under DHS
Cybersecurity Enhancement Act
NIST establishing voluntary cybersecurity standards
Intellectual Property 1/2
Copyrights
Original works of authorship
Digital Millennium Copyright Act
Trademarks
Words, slogans, logos, etc., which identify a company, its products, and its services
Patents
Intellectual property rights of inventors
Intellectual Property 2/2
Trade Secrets
Intellectual property of an organization
Non-disclosure agreement (NDA)
Economic Espionage Act
Stealing trade secrets to benefit a foreign government
Stealing trade secrets
Licensing
Contractual license agreements
Shrinkwrap license agreements
Clickthrough license agreements
Cloud services license agreements
Import/Export
Transborder data flow of new technologies, intellectual property, and personally identifying information
International Traffic in Arms Regulations (ITAR)
United States Munitions List (USML)
Export Administration Regulations (EAR)
Commerce Control List (CCL)
Computer Export Controls
Encryption Export Controls
Privacy 1/5
U.S. Privacy Law (1/2)
Fourth Amendment
Privacy Act
Electronic Communications Privacy Act
Communications Assistance for Law Enforcement Act (CALEA)
Economic Espionage Act
Health Insurance Portability and Accountability Act (HIPAA)
Privacy 2/5
U.S. Privacy Law (2/2)
Health Information Technology for Economic and Clinical Health Act (HITECH)
Data Breach Notification Laws
Childrens Online Privacy Protection Act (COPPA)
GrammLeachBliley Act
USA PATRIOT Act
Family Educational Rights and Privacy Act (FERPA)
Identity Theft and Assumption Deterrence Act
Privacy 3/5
European Union Privacy Law (1/3)
Consent
Contract
Legal obligation
Vital interest of the data subject
Balance between the interests of the data holder and the interests of the data subject
Key rights of individuals
Privacy Shield agreement
Privacy 4/5
European Union Privacy Law (2/3)
Privacy Shield agreement
Informing Individuals About Data Processing
Providing Free and Accessible Dispute Resolution
Cooperating with the Department of Commerce
Maintaining Data Integrity and Purpose Limitation
Ensuring Accountability for Data Transferred to Third Parties
Transparency Related to Enforcement Actions
Ensuring Commitments Are Kept As Long As Data Is Held
Privacy 5/5
European Union Privacy Law (3/3)
European Union General Data Protection Regulation (GDPR)
Applies to organizations that are not based in the EU
24-hour data breach notification requirement
Centralized data protection authorities in each EU member state
Individuals will have access to their own data
Data portability provisions
The right to be forgotten
Compliance
Security regulation as become complex
Issues with regulatory agencies and contractual obligations
Overlapping and often contradictory requirements
May require full-time compliance staff
Compliance audits and reporting
Payment Card Industry Data Security Standard (PCI DSS)
Contracting and Procurement
Use of cloud and service vendors require contract scrutiny
Perform security review and vendor governance
Tailor the contract and review to your specific concerns
Conclusion
Read the Exam Essentials
Review the Chapter
Perform the Written Labs
Answer the Review Questions