Chapter 4 - Laws, Regulations, and Compliance

Question 1

What are the categories of law

Answer 1

Criminal law - laws that police and law enforcement concern them with and threaten other people’s rights

Civil law - designed to provide an orderly society and govern matters that are not crimes but that require an impartial arbiter to settle between individuals and organizations.

Administrative law - executive orders, policies, procedures, regulations, that govern daily operations of the agency.

Question 2

Where are Administrative laws published?

Answer 2

Code of Federal Regulations (CFR)

Question 3

What is the CFAA

Answer 3

Computer Fraud and Abuse Act

crime to:
Access govt systems without authorization
Cause malicious damage in excess of $1000
MOdify med records
Any financial systems
Any combination of computers used to commit offense when not all located in the same state

Question 4

An ammendment to what act made it illegal to produce malicious code for any reason?

Answer 4

CFAA - Computer Fraud and Abuse Act

Question 5

What was the purpose of the National Information Infrastructure Protection Act of 1996

Answer 5

Broadens the CFAA to cover computer systems used in international commerce in addition to systems used in interstate commerce.

Extends similar protections to critical infrastructure (railroads, gas pipelines, electric power grids, and telecom systems)

Question 6

What law requires that federal agencies implement an information security program that covers the agency’s operations?

Answer 6

FISMA - Federal Information Security Management Act

Question 7

In 2014 President Obama signed into law - modernization of federal government approach to cyber security. Consolidated Cyber security with the Homeland security.

Answer 7

FISMA - Federal Information Systems Modernization Act

Question 8

What are the two exceptions to the FISMA consolidation of cybersecurity within DHS?

Answer 8

Defense related cyber - DoD

Intelligence related cyber - DNI

Question 9

A law that charges NIST with the responsibility for coordinating nationwide work on voluntary cybersecurity standards.

Answer 9

Cybersecurity Enhancement Act

Question 10

Law charging homeland security with establishing a national cybersecurity and communications ntegration center that serves as the interface between federal agencies and civilian orgs for sharing cybersecurity risks, incidents, analysis, and warnings.

Answer 10

National Cybersecurity Protection Act

Question 11

Intangible assets that take the form of secretive recipes, processes, or production techniques

Answer 11

Intellectual Property

Question 12

Original works of authorship can be protected by?

Answer 12

Copyright Law
Literary
music
drama
sound records
architectural 
graphical

Question 13

Can copyright protect software such as the look and feel of a graphical interface and/or the ideas and processes?

Answer 13

The courts have gone both ways on the look and feel and ideas and processes are not protected - only the source code.

Question 14

Do you need to go through copyright court to prove copyright status?

Answer 14

No - original creators have copyright as long as they can prove they were the author.

Question 15

Law was created to penalize copyright offenders through pirated media.

Answer 15

Digital Millenium Copyright Act
$1 MM fine
10 years prisonment

Question 16

Protection mechanism for words, slogans, mottos, logos

Answer 16

Trademark

Question 17

Three requirements of a utility patent

Answer 17

New - original idea
Useful - actually work and accomplish a task
Not obvious - can’t patent a drinking cup as a rainwater collection device

Question 18

Difference between design and utility patent

Answer 18

A design patent only protects something for 15 years vice 20 years
Design patent only covers the appearance of the invention
Easier to obtain design patent

Question 19

What are the benefits and disadvantages of a trade secret

Answer 19

Do not expire
No public disclosure required

Must create and maintain NDA and access policies that sufficiently demonstrate it is a trade secret. (failure to do so results in loss of trade secret status).

Question 20

What law governs protects trade secrets from theft.

Answer 20

Economic Espionage Act of 1996

Anyone found guilty of stealing trade secrets from a US corporation with the intention of benefiting a foreign government or agency may be fined up to 500k and imprisonment for 15 years

Anyone found guilty if stealing trade secrets under other circumstances may be fined up to 250k and imprisonment for ten years.

Question 21

Written agreement between the software vendor and the customer, outlining the responsibilities of each.

Answer 21

Contractual license agreement

usually found on high-priced and/or highly specialized software

Question 22

Written agreement on the outside of software packaging that includes a clause that user acknowledges agreement by opening package.

Answer 22

Shrink wrap license agreement

Question 23

Agreement terms are included in software documentation and user is required to click a button acknowledging that they agree to the terms of the agreement.

Answer 23

Click through license agreement

Question 24

Law governing import/export that controls the export of items that specifically designated as military and defense items, including technical information related to those items.

Answer 24

International Traffic in Arms Regulations (ITAR)

Question 25

Law governing import/export that controls a broad set of items that are designed for commercial use but have military applications.

Answer 25

Export Administration Regulations (EAR)

Question 26

Law severely limiting the ability of the federal government to disclose private information about individual citizens to other people or among agencies wthout written consent of affected individuals, court orders, law enforcement, or health and safety.

Answer 26

Privacy act of 1974

Question 27

Law protects against the monitoring of email and voicemail communications and prevents providers of those services from making unauthorized disclosures of their content.

Answer 27

Electronic Communications Privacy Act of 1986 (ECPA)

Question 28

Law requires all communications carriers to make wiretaps possible for law enforcement with an appropriate court order, regardless of the technology in use.

Answer 28

Communications Assistance for Law Enforcement Act (1994)

Question 29

Privacy and security regulations requiring strict security measures for hospitals, physicians, insurance companies, and other organizations that process or store private medical information about individuals

Answer 29

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Question 30

Law updated HIPPA’s privacy and security requirements and was implemented through the HIPAA Omnibus Rule in 2013. What is unique about it?

Answer 30

Helath information Technology for Economic and Clinical Health Act of 2009 (HITECH)

Provisions a data breach notification rule at the federal level.

Question 31

Law protects kids from websites collecting information about them. Parents must be provided with the opportunity to review any information collected from their children. Parents must give verifiable consent to the collection of information about their children younger than 13.

Answer 31

Children’s Online Privacy Protection Act of 1998 (COPPA)

Question 32

Allowed banks to share information but restricted the personal information that could be shared among banks to protect privacy.

Answer 32

Gramm-Leach Biley Act of 1999

Question 33

Law broadens powers of law enforcement and intelligence agencies when monitoring electronic communications. Allows blanket warrants for individuals rather than just circuits.

Answer 33

USA Patriot act of 2001

Providing Appropriate Tools Required to Intercept and Obstruct Terrorism

Question 34

Requirements of the European Union Data Protection Directive (DPD) prescribe that all processing of personal data meet one of the following criteria:

Answer 34

Consent
Contract
Legal Obligation
Vital interest of data subject
Right to access data 
Right to know data's source
Right to correct inaccurate data
Right to withhold consent to process data in some situations
Right to legal action should these rights be violated

Question 35

How does the European Union General Data Protection Regulation (GDPR) expand upon the EU Data protection Directive (DPD)

Answer 35

Widened the scope of DPD
Applies to all orgs that collect data from EU residents
Law applies to orgs not based in the EU if they collect data about EU residents

Question 36

What are the stipulations of cross-border information sharing in the EU

Answer 36

Orgs may adopt a set of standard contractual clauses that have been approved for use in situations where information is being transferred outside of EU.

ORgs may adopt binding corporate rules that regulate data transfers between internal units of the same firm.

Question 37

What are the stipulations of cross-border information sharing in the EU

Answer 37

Orgs may adopt a set of standard contractual clauses that have been approved for use in situations where information is being transferred outside of EU.

Orgs may adopt binding corporate rules that regulate data transfers between internal units of the same firm.

Question 38

What are the stipulations of cross-border information sharing in the EU

Answer 38

Orgs may adopt a set of standard contractual clauses that have been approved for use in situations where information is being transferred outside of EU.

Orgs may adopt binding corporate rules that regulate data transfers between internal units of the same firm.

Question 39

Canadian Law that restricts how commercial businesses may collect, use, and disclose personal information

Answer 39

Personal Information protection and Electronic Documentation Act - PIPEDA