15. Laws and regulations Flashcards
1
Q
Laws and regulations
Criminal Law
Know for certification
A
- Victim = Society
- Proof must be “beyond resonable doubt”
- Punish and deter (Incarceration, death, financial fines)
- most cyber crimes fall under this law
2
Q
Laws and regulations
Civil Law
Tort Law
Know for certification
A
- Victim = Individuals, groups, or organisations
- Compensate victims (financial fines)
3
Q
Laws and regulations
Administrative Law
Regulatory Law
Know for certification
A
Government Agencies
- FDA Laws
- HIPAA
- FAA
- etc..
4
Q
Laws and regulations
Private Regulations
Know for certification
A
Compliance by contract
- PCI-DSS
- companies responsible for compliance are quite strict as they want to avoid interference
5
Q
Laws and regulations
Customary Law
A
- Personal conduct and behaviour
- Traditions and customs of the area or region
6
Q
Laws and regulations
Religious Law
A
Religious beliefs
7
Q
Laws and regulations
Liability
A
Who is;
1. Accountable
2. To blame
3. Should pay
- Who is ULTIMATELY liable = senior leadership
- This does not mean you are not liable. This depends on the due care enacted
8
Q
Laws and regulations
Due Dilligence
A
Research
- Research best practices, common protections mechanisms
- Research new systems before implementing
- Identify the vulnerabilities and need to patch or repair
- Due Diligence = DD = Do Detect
9
Q
Laws and regulations
Due Care
A
Implementation
- Prudent Person Rule
- Prudent person would keep systems patched
- If compromised, fix the issue, notify affected users
- Follow security policies to the letter
- Monitoring and confirming everything is working
- implementing fixes detected in the vulnerability scanning
- Due Care = DC = Do Correct
10
Q
Laws and regulations
Negligence
A
Opposite of Due Care
- Will not carry out due care i.e. not patch systems
- if it was your job to secure a web server and just made it live without researching or securing, this is negligence