CISSP ch 4

Question 1

CFAA

Answer 1

Computer fraud and abuse act

Makes it a crime to access, use, damage or modify a FEDERAL computer system, financial institution, medical records or affecting interstate commerce

Outlaws creation of malicious code that might cause damage to a computer system

Question 2

National Information Infrastructure Protection Act of 1996

Answer 2

Broadens CFAA to include international commerce and national infrastructure

Question 3

Federal Sentencing Guidelines 1991

Answer 3

Formalize prudent person rule, which requires senior executives to take personal responsibility for ensuring the due care that ordinary prudent individuals would exercise in the same situation

Allowed organizations and executives to minimize punishment for infractions by demonstrating due diligence

Question 4

FISMA

Answer 4

Federal information security management act 2007

Require federal agencies to implement an information security program

Question 5

FISMA 2014

Answer 5

Federal information systems modernization act

Centralizes federal cyber security responsibility with the department of homeland security

Question 6

Cyber security enhancement act 2014

Answer 6

Charged NIST with coordinating voluntary cyber security standards

Question 7

WIPO

Answer 7

World intellectual property organization

Question 8

DMCA

Answer 8

Digital millennium copyright act

Limits liability of Internet service providers when their circuits are used to violate copyright law

Service providers must take prompt action to remove copyrighted material upon notification to benefit from liability exemption

Question 9

Copyright lasts for…

Answer 9

70 years after death of last author

Question 10

Parents last for

Answer 10

20 years after application to register patent

Question 11

ITAR

Answer 11

International traffic in arms regulations

Question 12

USML

Answer 12

United states munitions list

List of items covered under ITAR

Question 13

EAR

Answer 13

export administration regulations

Covers a broader set of items that are designed for commercial use but have military applications

Question 14

CCL

Answer 14

Commerce control list

Items covered by EAR

Question 15

BIS

Answer 15

Department of commerce’s Bureau of Industry and Security

Question 16

ECPA

Answer 16

Electronic communications privacy act of 1986

Makes it a crime to invade the electronic privacy of an individual

Broadened the federal wiretap act

Question 17

CALEA

Answer 17

Communications assistance for law enforcement act if 1994

Amended the ECPA

Requires all communications carriers to make wiretaps possible for law enforcement with an appropriate court order, regardless of the technology in use

Question 18

HIPAA

Answer 18

Health insurance portability and accountability act of 1996

Privacy and security regulations for hospitals, physicians, insurance companies and others that process or store private medical information about individuals

Question 19

HITECH

Answer 19

Health information technology for economic and clinical health act of 2009

Updated HIPAA

Question 20

PHI

Answer 20

Protected health information

Question 21

COPPA

Answer 21

Children’s online privacy protection act of 1998

Parents must give consent to the collection of information about children younger than 13 prior to collection

Question 22

GLBA

Answer 22

Gramm Leach Bliley Act of 1999

Relaxed regulations concerning financial services

Regulates how financial institutions can handle private information

Limits type of information that could be exchanged, requiring written privacy policies to be provided to customers

Question 23

USA PATRIOT Act of 2001

Answer 23

Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act

Broadened powers of law enforcement + Intel agencies, including for monitoring of electronic communications

Allow for blanket authorization for a person to monitor all their communications

Allows government to obtain detailed information in user activity through the use of a subpoena (as opposed to a wiretap)

Question 24

FERPA

Answer 24

Family educational rights and privacy act

Affects any educational institution that accepts federal funding

Parents/students have right to inspect educational records, request correction

Schools may not release personal information from student records without written consent

Question 25

SOX

Answer 25

Sarbanes Oxley Act

Sets out information security controls for an organization’s financial systems

Question 26

®

Answer 26

Registered trade mark