Chapter 6: Laws and Regulations Flashcards
provides a framework for ensuring the effectiveness of information security controls in government
FISMA (The Federal Information Security Modernization Act)
legislation intended to protect government information, operations, and assets from any natural or manmade threat
FISMA (The Federal Information Security Modernization Act)
requires each federal agency to develop, document, and implement an information security program to protect its info and info systems
Federal Information Security Modernization Act)
improves efficiency and effectiveness of the health care system
Health Insurance Portability and Accountability Act (HIPAA)
certain provisions within HIPAA require privacy protections for individually identifiable health information
Protected Health Information (PHI)
mandate safeguards to protect patient privacy
HIPAA Privacy Rule
sets limits on the use of disclosure of patient information without authorization and grants individuals rights over their own health records
HIPAA Privacy Rule
protects the privacy of students and their parents
The Family Educational Rights Privacy Act (FERPA)
requires all schools that receive funds from programs administered by the U.S. Department of Education to comply with the standards regarding the disclosure and maintenance of educational information, personally identifiable information, and directory information
The Family Educational Rights Privacy Act (FERPA)
grants certain rights to students and parents regarding the student’s own records
The Family Educational Rights and Privacy Act (FERPA)
regulated the financial practice and governance of corporations
Sarbanes-Oxley Act (SOX)
designed to protect investors and the general public by establishing requirements regarding reporting and disclosure practices
Sarbanes-Oxley Act (SOX)
mandates standard in regards to areas such as corporate board responsibility, auditor independence, fraud accountability, internal controls assessment, and enhanced financial disclosures
Sarbanes-Oxley Act (SOX)
established the Public Company Accounting Oversight Board (PCAOB)
Sarbanes-Oxley Act (SOX)
oversees public accounting firms and independently ensures compliance with SOX for auditing practices
Public Company Accounting Oversight Board (PCAOB)
protects the customers of financial institutions, essentially any company offering financial products or services, financial or investment advice, or insurance.
The Gramm-Leach-Bliley (GLBA)
requires financial institutions to safeguard a consumer’s “nonpublic personal information or NPI”
The Gramm-Leach-Bliley Act (GLBA) Privacy Rule
mandates the disclosure of an institution’s information collection and information sharing practices, and establishes requirements for providing privacy notices and opt-out to consumers
The Gramm-Leach-Bliley Act (GLBA)
money laundering
Bank Secrecy Act (BSA)
Telecommunications assistance for law enforcement
Communications Assistance for Law Enforcement Act of 1994(CALEA)
Rules for spam
Controlling the Assault of Non-Solicited Pornography and Marketing (CAN SPAM)
computer fraud and abuse
Computer Fraud and Abuse Act of 1986(CFAA)
protecting children from harmful content
Children’s Internet Protection Act of 2001 (CIPA)
Private data of children
Children’s Online Privacy Protection act of 1998 (COPPA)