CISSP ch 4 Flashcards
CFAA
Computer fraud and abuse act
Makes it a crime to access, use, damage or modify a FEDERAL computer system, financial institution, medical records or affecting interstate commerce
Outlaws creation of malicious code that might cause damage to a computer system
National Information Infrastructure Protection Act of 1996
Broadens CFAA to include international commerce and national infrastructure
Federal Sentencing Guidelines 1991
Formalize prudent person rule, which requires senior executives to take personal responsibility for ensuring the due care that ordinary prudent individuals would exercise in the same situation
Allowed organizations and executives to minimize punishment for infractions by demonstrating due diligence
FISMA
Federal information security management act 2007
Require federal agencies to implement an information security program
FISMA 2014
Federal information systems modernization act
Centralizes federal cyber security responsibility with the department of homeland security
Cyber security enhancement act 2014
Charged NIST with coordinating voluntary cyber security standards
WIPO
World intellectual property organization
DMCA
Digital millennium copyright act
Limits liability of Internet service providers when their circuits are used to violate copyright law
Service providers must take prompt action to remove copyrighted material upon notification to benefit from liability exemption
Copyright lasts for…
70 years after death of last author
Parents last for
20 years after application to register patent
ITAR
International traffic in arms regulations
USML
United states munitions list
List of items covered under ITAR
EAR
export administration regulations
Covers a broader set of items that are designed for commercial use but have military applications
CCL
Commerce control list
Items covered by EAR
BIS
Department of commerce’s Bureau of Industry and Security
ECPA
Electronic communications privacy act of 1986
Makes it a crime to invade the electronic privacy of an individual
Broadened the federal wiretap act
CALEA
Communications assistance for law enforcement act if 1994
Amended the ECPA
Requires all communications carriers to make wiretaps possible for law enforcement with an appropriate court order, regardless of the technology in use
HIPAA
Health insurance portability and accountability act of 1996
Privacy and security regulations for hospitals, physicians, insurance companies and others that process or store private medical information about individuals
HITECH
Health information technology for economic and clinical health act of 2009
Updated HIPAA
PHI
Protected health information
COPPA
Children’s online privacy protection act of 1998
Parents must give consent to the collection of information about children younger than 13 prior to collection
GLBA
Gramm Leach Bliley Act of 1999
Relaxed regulations concerning financial services
Regulates how financial institutions can handle private information
Limits type of information that could be exchanged, requiring written privacy policies to be provided to customers
USA PATRIOT Act of 2001
Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act
Broadened powers of law enforcement + Intel agencies, including for monitoring of electronic communications
Allow for blanket authorization for a person to monitor all their communications
Allows government to obtain detailed information in user activity through the use of a subpoena (as opposed to a wiretap)
FERPA
Family educational rights and privacy act
Affects any educational institution that accepts federal funding
Parents/students have right to inspect educational records, request correction
Schools may not release personal information from student records without written consent
SOX
Sarbanes Oxley Act
Sets out information security controls for an organization’s financial systems
®
Registered trade mark