Chapter 4: Laws, Regulations, and Compliance Flashcards
The laws that the police and other law enforcement agencies concern themselves with
Criminal Law
Laws designed to provide for an orderly society and govern matters that are not crimes but that require an impartial arbiter to settle between individuals and organizations.
Civil Law
Laws that covers topics as mundane as the procedures to be used within a federal agency to obtain a desk telephone to more substantial issues such as the immigration policies that will be used to enforce the laws passed by Congress.
Administrative law
Made it a crime to do the following:
Access classified information or financial information in a federal system without authorization or in excess of authorized privileges
Access a computer used exclusively by the federal government without authorization
Use a federal computer to perpetrate a fraud (unless the only object of the fraud was to gain use of the computer itself)
Cause malicious damage to a federal computer system in excess of $1,000
Modify medical records in a computer when doing so impairs or may impair the examination, diagnosis, treatment, or medical care of an individual
Traffic in computer passwords if the trafficking affects interstate commerce or involves a federal computer system
Computer Fraud and Abuse Act (CFAA)
This law
Broadens the CFAA to cover computer systems used in international commerce in addition to systems used in interstate commerce
Extends similar protections to portions of the national infrastructure other than computing systems, such as railroads, gas pipelines, electric power grids, and telecommunications circuits
Treats any intentional or reckless act that causes damage to critical portions of the national infrastructure as a felony
National Information Infrastructure Protection Act of 1996
Requires senior executives to take personal responsibility for ensuring the due care that ordinary, prudent individuals would exercise in the same situation.
Prudent person rule
Provided punishment guidelines to help federal judges interpret computer crime laws.
Federal Sentencing Guidelines
Federal Sentencing Guidelines has 3 burdens of proof for negligence:
First, the person accused of negligence must have a legally recognized obligation. Second, the person must have failed to comply with recognized standards. Finally, there must be a causal relationship between the act of negligence and subsequent damages.
Requires that federal agencies implement an information security program that covers the agency’s operations
Federal Information Security Management Act (FISMA)
Organization responsible for developing the FISMA implementation guidelines
The National Institute of Standards and Technology (NIST)
The 2014 FISMA modified the rules of the 2002 FISMA by centralizing federal cybersecurity responsibility to who?
The Department of Homeland Security
This standard is required for use in federal computing systems and is also commonly used as an industry cybersecurity benchmark.
NIST SP 800-53: Security and Privacy Controls for Federal Information Systems and Organizations
Compliance with this standard’s security controls (which are quite similar to those found in NIST 800-53) is often included as a contractual requirement by government agencies. Federal contractors must often comply with NIST SP 800-171.
NIST SP 800-171: Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations
A set of standards designed to serve as a voluntary risk-based framework for securing information and systems.
The NIST Cybersecurity Framework (CSF)
This law charged the Department of Homeland Security with establishing a national cybersecurity and communications integration center.
National Cybersecurity Protection Act
The legendary secret formula for Coca-Cola or KFC’s secret blend of herbs and spices are examples of
Intellectual property (IP)
This law guarantees the creators of “original works of authorship” protection against the unauthorized duplication of their work.
Copyright law