Chapter 4: Laws, Regulations, and Compliance Flashcards

1
Q

The laws that the police and other law enforcement agencies concern themselves with

A

Criminal Law

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Laws designed to provide for an orderly society and govern matters that are not crimes but that require an impartial arbiter to settle between individuals and organizations.

A

Civil Law

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Laws that covers topics as mundane as the procedures to be used within a federal agency to obtain a desk telephone to more substantial issues such as the immigration policies that will be used to enforce the laws passed by Congress.

A

Administrative law

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Made it a crime to do the following:

Access classified information or financial information in a federal system without authorization or in excess of authorized privileges

Access a computer used exclusively by the federal government without authorization

Use a federal computer to perpetrate a fraud (unless the only object of the fraud was to gain use of the computer itself)

Cause malicious damage to a federal computer system in excess of $1,000

Modify medical records in a computer when doing so impairs or may impair the examination, diagnosis, treatment, or medical care of an individual

Traffic in computer passwords if the trafficking affects interstate commerce or involves a federal computer system

A

Computer Fraud and Abuse Act (CFAA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

This law

Broadens the CFAA to cover computer systems used in international commerce in addition to systems used in interstate commerce

Extends similar protections to portions of the national infrastructure other than computing systems, such as railroads, gas pipelines, electric power grids, and telecommunications circuits

Treats any intentional or reckless act that causes damage to critical portions of the national infrastructure as a felony

A

National Information Infrastructure Protection Act of 1996

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Requires senior executives to take personal responsibility for ensuring the due care that ordinary, prudent individuals would exercise in the same situation.

A

Prudent person rule

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Provided punishment guidelines to help federal judges interpret computer crime laws.

A

Federal Sentencing Guidelines

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Federal Sentencing Guidelines has 3 burdens of proof for negligence:

A

First, the person accused of negligence must have a legally recognized obligation. Second, the person must have failed to comply with recognized standards. Finally, there must be a causal relationship between the act of negligence and subsequent damages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Requires that federal agencies implement an information security program that covers the agency’s operations

A

Federal Information Security Management Act (FISMA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Organization responsible for developing the FISMA implementation guidelines

A

The National Institute of Standards and Technology (NIST)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The 2014 FISMA modified the rules of the 2002 FISMA by centralizing federal cybersecurity responsibility to who?

A

The Department of Homeland Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

This standard is required for use in federal computing systems and is also commonly used as an industry cybersecurity benchmark.

A

NIST SP 800-53: Security and Privacy Controls for Federal Information Systems and Organizations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Compliance with this standard’s security controls (which are quite similar to those found in NIST 800-53) is often included as a contractual requirement by government agencies. Federal contractors must often comply with NIST SP 800-171.

A

NIST SP 800-171: Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A set of standards designed to serve as a voluntary risk-based framework for securing information and systems.

A

The NIST Cybersecurity Framework (CSF)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

This law charged the Department of Homeland Security with establishing a national cybersecurity and communications integration center.

A

National Cybersecurity Protection Act

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The legendary secret formula for Coca-Cola or KFC’s secret blend of herbs and spices are examples of

A

Intellectual property (IP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

This law guarantees the creators of “original works of authorship” protection against the unauthorized duplication of their work.

A

Copyright law

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

In 1998, Congress recognized the rapidly changing digital landscape that was stretching the reach of existing copyright law. To help meet this challenge, it enacted the hotly debated ________

A

Digital Millennium Copyright Act (DMCA)

19
Q

Words, slogans, and logos used to identify a company and its products or services.

A

Trademark

20
Q

Protect the intellectual property rights of inventors

A

Utility patents

21
Q

What are the 3 requirements of a patent?

A

The invention must be new. Inventions are patentable only if they are original ideas.

The invention must be useful. It must actually work and accomplish some sort of task.

The invention must not be obvious. You could not, for example, obtain a patent for your idea to use a drinking cup to collect rainwater. This is an obvious solution. You might, however, be able to patent a specially designed cup that optimizes the amount of rainwater collected while minimizing evaporation.

22
Q

Intellectual property that is absolutely critical to their business, and significant damage would result if it were disclosed to competitors and/or the public

A

Trade secrets

23
Q

A written contract between the software vendor and the customer, outlining the responsibilities of each.

A

Contractual license agreements

24
Q

Are written on the outside of the software packaging. They commonly include a clause stating that you acknowledge agreement to the terms of the contract simply by breaking the shrink-wrap seal on the package.

A

Shrink-wrap license agreements

25
Q

The contract terms are either written on the software box or included in the software documentation. During the installation process, you are required to click a button indicating that you have read the terms of the agreement and agree to abide by them

A

Click-through license agreements

26
Q

Provides a link to legal terms and a check box for users to confirm that they read and agree to the terms.

A

Cloud services license agreements

27
Q

Controls the export of items that are specifically designated as military and defense items, including technical information related to those items.

A

International Traffic in Arms Regulations (ITAR)

28
Q

Cover a broader set of items that are designed for commercial use but may have military applications

A

Export Administration Regulations (EAR)

29
Q

This organization sets forth regulations on the export of encryption products outside the United States.

A

The Department of Commerce’s Bureau of Industry and Security (BIS)

30
Q

Designed to protect the private information the government maintains about citizens as well as key portions of the private sector such as financial, educational, and healthcare institutions.

A

U.S. Privacy Law

31
Q

Mandates that agencies maintain only the records that are necessary for conducting their business and that they destroy those records when they are no longer needed for a legitimate function of government.

A

Privacy Act of 1974

32
Q

Makes it a crime to invade the electronic privacy of an individual.

A

The Electronic Communications Privacy Act of 1986 (ECPA)

33
Q

Requires all communications carriers to make wiretaps possible for law enforcement with an appropriate court order, regardless of the technology in use.

A

The Communications Assistance for Law Enforcement Act (CALEA) of 1994

34
Q

Extends the definition of property to include proprietary economic information so that the theft of this information can be considered industrial or corporate espionage.

A

The Economic Espionage Act of 1996

35
Q

Requires strict security measures for hospitals, physicians, insurance companies, and other organizations that process or store private medical information about individuals.

A

Health Insurance Portability and Accountability Act (HIPAA)

36
Q

This law updated many of HIPAA’s privacy and security requirements and was implemented through the HIPAA Omnibus Rule in 2013. HIPAA-covered entities that experience a data breach must notify affected individuals of the breach and must also notify both the secretary of health and human services and the media when the breach affects more than 500 individuals.

A

Health Information Technology for Economic and Clinical Health Act of 2009

37
Q

COPPA makes a series of demands on websites that cater to children or knowingly collect information from children.

A

Children’s Online Privacy Protection Act of 199

38
Q

Banks, insurance companies, and credit providers were severely limited in the services they could provide and the information they could share with each other.

A

Gramm–Leach–Bliley Act (GLBA) became law in 1999

39
Q

Allows authorities to obtain a blanket authorization for a person and then monitor all communications to or from that person under the single warrant.

A

USA PATRIOT Act of 2001

40
Q

Specialized privacy bill that affects any educational institution that accepts any form of funding from the federal government (the vast majority of schools).

A

The Family Educational Rights and Privacy Act (FERPA)

41
Q

Makes identity theft a crime against the person whose identity was stolen and provides severe criminal penalties (up to a 15-year prison term and/or a $250,000 fine) for anyone found guilty of violating this law.

A

Identity Theft and Assumption Deterrence Act

42
Q

Outlines privacy measures that must be in place for protecting personal data processed by information systems.

A

European Union Data Protection Directive (DPD)

43
Q

Provide a single, harmonized law that covers data throughout the European Union, bolstering the personal privacy protections originally provided by the DPD.

A

European Union General Data Protection Regulation

44
Q

Governs the security of credit card information and is enforced through the terms of a merchant agreement between a business that accepts credit cards and the bank that processes the business’s transactions.

A

Payment Card Industry Data Security Standard (PCI DSS)