15. Laws and regulations Flashcards

1
Q

Laws and regulations

Criminal Law

Know for certification

A
  1. Victim = Society
  2. Proof must be “beyond resonable doubt”
  3. Punish and deter (Incarceration, death, financial fines)

  • most cyber crimes fall under this law
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Laws and regulations

Civil Law

Tort Law

Know for certification

A
  1. Victim = Individuals, groups, or organisations
  2. Compensate victims (financial fines)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Laws and regulations

Administrative Law

Regulatory Law

Know for certification

A

Government Agencies

  • FDA Laws
  • HIPAA
  • FAA
  • etc..
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Laws and regulations

Private Regulations

Know for certification

A

Compliance by contract

  • PCI-DSS
  • companies responsible for compliance are quite strict as they want to avoid interference
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Laws and regulations

Customary Law

A
  1. Personal conduct and behaviour
  2. Traditions and customs of the area or region
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Laws and regulations

Religious Law

A

Religious beliefs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Laws and regulations

Liability

A

Who is;
1. Accountable
2. To blame
3. Should pay

  • Who is ULTIMATELY liable = senior leadership
  • This does not mean you are not liable. This depends on the due care enacted
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Laws and regulations

Due Dilligence

A

Research

  • Research best practices, common protections mechanisms
  • Research new systems before implementing
  • Identify the vulnerabilities and need to patch or repair
  • Due Diligence = DD = Do Detect
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Laws and regulations

Due Care

A

Implementation

  • Prudent Person Rule
  • Prudent person would keep systems patched
  • If compromised, fix the issue, notify affected users
  • Follow security policies to the letter
  • Monitoring and confirming everything is working
  • implementing fixes detected in the vulnerability scanning
  • Due Care = DC = Do Correct
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Laws and regulations

Negligence

A

Opposite of Due Care

  • Will not carry out due care i.e. not patch systems
  • if it was your job to secure a web server and just made it live without researching or securing, this is negligence
How well did you know this?
1
Not at all
2
3
4
5
Perfectly