Chapter 4 Laws, Regulations, and Compliance

Question 1

contains prohibitions against acts such as murder, assault, robbery, and arson

criminal law
civil law
administrative law

Answer 1

criminal law

Question 2

it is incumbent upon the person who thinks they
have been wronged to obtain legal counsel and file a lawsuit

criminal law
civil law
administrative law

Answer 2

civil law

Question 3

policies, procedures, and regulations that govern daily operations

criminal law
civil law
administrative law

Answer 3

administrative law

Question 4

guarantees the creators of “original works of authorship” protection against
the unauthorized duplication of their work.

Copyright law
Digital Millennium Copyright Act

Answer 4

Copyright law

Question 5

prohibition of attempts to circumvent
copyright protection mechanisms placed on a protected work by the copyright holder.

Copyright law
Digital Millennium Copyright Act

Answer 5

Digital Millennium Copyright Act

Question 6

limits the liability of Internet service providers when their circuits are
used by criminals violating the copyright law.

Answer 6

Digital Millennium Copyright Act

Question 7

intellectual property that is absolutely critical to their business and
signif cant damage would result if it were disclosed to competitors and/or the public

Patents
Trade Secrets
Trademarks

Answer 7

Trade Secrets

Question 8

It severely limits the ability of federal government agencies
to disclose private information to other persons or agencies without the prior written consent
of the affected individual(s)

Electronic Communications Privacy Act of 1986

Privacy Act of 1974

Economic and Protection of Proprietary Information Act of 1996

Communications Assistance for Law Enforcement Act (CALEA) of 1994

Answer 8

Privacy Act of 1974

Question 9

extends the defi nition of property to
include proprietary economic information so that the theft of this information can be considered
industrial or corporate espionage

Electronic Communications Privacy Act of 1986

Privacy Act of 1974

Economic and Protection of Proprietary Information Act of 1996

Communications Assistance for Law Enforcement Act (CALEA) of 1994

Answer 9

Economic and Protection of Proprietary Information Act of 1996

Question 10

requires all communications
carriers to make wiretaps possible for law enforcement with an appropriate court order,
regardless of the technology in use

Electronic Communications Privacy Act of 1986

Privacy Act of 1974

Economic and Protection of Proprietary Information Act of 1996

Communications Assistance for Law Enforcement Ac

Answer 10

Communications Assistance for Law Enforcement Act (CALEA) of 1994

Question 11

This act makes identity theft a crime against the person whose identity was stolen and

Gramm‐Leach‐Bliley Act of 1999

USA PATRIOT Act of 2001

Family Educational Rights and Privacy Act

Identity Theft and Assumption Deterrence Act

Answer 11

Identity Theft and Assumption Deterrence Act

Question 12

Parents must give verifiable consent to the collection of information about children younger than the age of 13 prior to any such collection.

Gramm‐Leach‐Bliley Act of 1999

USA PATRIOT Act of 2001

Family Educational Rights and Privacy Act

Identity Theft and Assumption Deterrence Act

Answer 12

Family Educational Rights and Privacy Act

Question 13

greatly broadened the powers of
law enforcement organizations and intelligence agencies across a number of areas, including
when monitoring electronic communications.

Gramm‐Leach‐Bliley Act of 1999

USA PATRIOT Act of 2001

Family Educational Rights and Privacy Act

Identity Theft and Assumption Deterrence Act

Answer 13

USA PATRIOT Act of 2001

Question 14

it included a number of limitations on the types of information that
could be exchanged even among subsidiaries of the same corporation and required fi nancial
institutions to provide written privacy policies to all their customers

Gramm‐Leach‐Bliley Act of 1999

USA PATRIOT Act of 2001

Family Educational Rights and Privacy Act

Identity Theft and Assumption Deterrence Act

Answer 14

Gramm‐Leach‐Bliley Act of 1999

Question 15

These seven requirements for the processing of personal information:

Notice They must inform individuals of what information they collect about them and
how the information will be used.

Choice They must allow individuals to opt out if the information will be used for any other purpose or shared with a third party. For information considered sensitive, an opt‐in
policy must be used.

Onward Transfer Organizations can share data only with other organizations that
comply with the safe harbor principles.

Access Individuals must be granted access to any records kept containing their personal
information.

Security Proper mechanisms must be in place to protect data against loss, misuse, and unauthorized disclosure.

Data Integrity Organizations must take steps to ensure the reliability of the information
they maintain.

Enforcement Organizations must make a dispute resolution process available to individuals and
provide certifi cations to regulatory agencies that they comply with the safe harbor provisions.

are outlined by what directive?

Answer 15

European Union Privacy Law

Question 16

What standard is not dictated by law and governs the security of credit card information and is enforced through the terms
of a merchant agreement between a business that accepts credit cards and the bank that
processes the business’s transactions.

Answer 16

Payment Card Industry Data Security Standard (PCI DSS) is

Question 17

mandate baseline security requirements
for all federal agencies. such as:

To give the National Institute of Standards and Technology (NIST) responsibility for
developing standards and guidelines for federal computer systems. For this purpose,
NIST draws on the technical advice and assistance (including work products) of the
National Security Agency where appropriate.

■ To provide for the enactment of such standards and guidelines.

■ To require the establishment of security plans by all operators of federal computer
systems that contain sensitive information.

■ To require mandatory periodic training for all people involved in management, use, or
operation of federal computer systems that contain sensitive information.

Answer 17

Computer Security Act of 1987

Question 18

■ The guidelines formalized the p rudent man rule , which requires senior executives to
take personal responsibility for ensuring the due care that ordinary, prudent individuals
would exercise in the same situation. This rule, developed in the realm of fiscal
responsibility, now applies to information security as well.

■ The guidelines allowed organizations and executives to minimize punishment for
infractions by demonstrating that they used due diligence in the conduct of their information
security duties.

■ The guidelines outlined three burdens of proof for negligence. First, the person accused
of negligence must have a legally recognized obligation. Second, the person must have
failed to comply with recognized standards. Finally, there must be a causal relationship
between the act of negligence and subsequent damages.

Answer 18

Federal Sentencing Guidelines

Question 19

■ Broadens CFAA to cover computer systems used in international commerce in addition
to systems used in interstate commerce

■ Extends similar protections to portions of the national infrastructure other than computing
systems, such as railroads, gas pipelines, electric power grids, and telecommunications
circuits

■ Treats any intentional or reckless act that causes damage to critical portions of the
national infrastructure as a felony

Answer 19

National Information Infrastructure Protection Act of 1996