Chapter 4: Laws, Regulations, and Compliance Flashcards
The laws that the police and other law enforcement agencies concern themselves with
Criminal Law
Laws designed to provide for an orderly society and govern matters that are not crimes but that require an impartial arbiter to settle between individuals and organizations.
Civil Law
Laws that covers topics as mundane as the procedures to be used within a federal agency to obtain a desk telephone to more substantial issues such as the immigration policies that will be used to enforce the laws passed by Congress.
Administrative law
Made it a crime to do the following:
Access classified information or financial information in a federal system without authorization or in excess of authorized privileges
Access a computer used exclusively by the federal government without authorization
Use a federal computer to perpetrate a fraud (unless the only object of the fraud was to gain use of the computer itself)
Cause malicious damage to a federal computer system in excess of $1,000
Modify medical records in a computer when doing so impairs or may impair the examination, diagnosis, treatment, or medical care of an individual
Traffic in computer passwords if the trafficking affects interstate commerce or involves a federal computer system
Computer Fraud and Abuse Act (CFAA)
This law
Broadens the CFAA to cover computer systems used in international commerce in addition to systems used in interstate commerce
Extends similar protections to portions of the national infrastructure other than computing systems, such as railroads, gas pipelines, electric power grids, and telecommunications circuits
Treats any intentional or reckless act that causes damage to critical portions of the national infrastructure as a felony
National Information Infrastructure Protection Act of 1996
Requires senior executives to take personal responsibility for ensuring the due care that ordinary, prudent individuals would exercise in the same situation.
Prudent person rule
Provided punishment guidelines to help federal judges interpret computer crime laws.
Federal Sentencing Guidelines
Federal Sentencing Guidelines has 3 burdens of proof for negligence:
First, the person accused of negligence must have a legally recognized obligation. Second, the person must have failed to comply with recognized standards. Finally, there must be a causal relationship between the act of negligence and subsequent damages.
Requires that federal agencies implement an information security program that covers the agency’s operations
Federal Information Security Management Act (FISMA)
Organization responsible for developing the FISMA implementation guidelines
The National Institute of Standards and Technology (NIST)
The 2014 FISMA modified the rules of the 2002 FISMA by centralizing federal cybersecurity responsibility to who?
The Department of Homeland Security
This standard is required for use in federal computing systems and is also commonly used as an industry cybersecurity benchmark.
NIST SP 800-53: Security and Privacy Controls for Federal Information Systems and Organizations
Compliance with this standard’s security controls (which are quite similar to those found in NIST 800-53) is often included as a contractual requirement by government agencies. Federal contractors must often comply with NIST SP 800-171.
NIST SP 800-171: Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations
A set of standards designed to serve as a voluntary risk-based framework for securing information and systems.
The NIST Cybersecurity Framework (CSF)
This law charged the Department of Homeland Security with establishing a national cybersecurity and communications integration center.
National Cybersecurity Protection Act
The legendary secret formula for Coca-Cola or KFC’s secret blend of herbs and spices are examples of
Intellectual property (IP)
This law guarantees the creators of “original works of authorship” protection against the unauthorized duplication of their work.
Copyright law
In 1998, Congress recognized the rapidly changing digital landscape that was stretching the reach of existing copyright law. To help meet this challenge, it enacted the hotly debated ________
Digital Millennium Copyright Act (DMCA)
Words, slogans, and logos used to identify a company and its products or services.
Trademark
Protect the intellectual property rights of inventors
Utility patents
What are the 3 requirements of a patent?
The invention must be new. Inventions are patentable only if they are original ideas.
The invention must be useful. It must actually work and accomplish some sort of task.
The invention must not be obvious. You could not, for example, obtain a patent for your idea to use a drinking cup to collect rainwater. This is an obvious solution. You might, however, be able to patent a specially designed cup that optimizes the amount of rainwater collected while minimizing evaporation.
Intellectual property that is absolutely critical to their business, and significant damage would result if it were disclosed to competitors and/or the public
Trade secrets
A written contract between the software vendor and the customer, outlining the responsibilities of each.
Contractual license agreements
Are written on the outside of the software packaging. They commonly include a clause stating that you acknowledge agreement to the terms of the contract simply by breaking the shrink-wrap seal on the package.
Shrink-wrap license agreements
