Domain 1: Legal and Regulatory Issues

Question 1

• Major legal system
• The distinguishing feature here is that precedents and certain case rulings do not carry any weight when it comes to new cases.

Answer 1

Civil law (legal system)

Question 2

• Major legal system
• A significant emphasis is placed on particular cases and judicial precedents of the past when determining the outcome of current cases.
• Used in the U.S., Canada, U.K. and most former British colonies.

Answer 2

Common Law

Question 3

• Laws in which the primary goal is to deter crime and punish offenders.
• Branch of law

Answer 3

Criminal law

Question 4

• Laws that provide financial damages by a preponderance (more likely than not) of evidence.
• Branch of law

Answer 4

Civil law

Question 5

• Injury (loosely defined) resulting from someone violating their responsibility to provide a duty of care.
• Branch of law

Answer 5

Tort Law

Question 6

• Type of financial damage

- Damages prescribed by law, which can be awarded to the victim even if the victim incurred no actual loss or injury.

Answer 6

Statutory

Question 7

• Type of financial damage
• Provides the victim with financial award in effort to compensate for the loss or injury incurred as a direct result of wrongdoing.

Answer 7

Compensatory

Question 8

• Type of financial damage
• Damages typically awarded to discourage a egregious violation where compensatory or statutory damages alone would not act a deterrent.

Answer 8

Punitive

Question 9

• Type of Law

- Government mandated regulations that ensure certain industries meet compliance.

Answer 9

Administrative law

Question 10

Determines whether an organization is legally on the hook for specific actions or inactions.

Answer 10

Liability

Question 11

Doing what a reasonable person would do in a given situation (aka “prudent man” rule)

Answer 11

Due care

Question 12

Practicing the activities that maintain the due care effort

Answer 12

Due diligence

Question 13

Not demonstrating due care resulting damages.

Answer 13

Gross negligence

Question 14

Requires senior executives to take personal responsibility for ensuring the due care that ordinary, individuals would exercise in the same situation

Answer 14

Prudent man rule

Question 15

• Type of evidence

- Consists of tangible or physical objects.

Answer 15

Real evidence

Question 16

• Type of evidence

- Testimony provided by witnesses regarding what they actually experienced through their five senses.

Answer 16

Direct evidence

Question 17

• Type of evidence

- Serves to establish the circumstances related to other evidence

Answer 17

Circumstantial evidence

Question 18

• Type of evidence

- Provides additional support for a fact that might have been called into question.

Answer 18

Corroborative evidence

Question 19

• Type of evidence

- Constitutes second-hand evidence. Typically indirect info relating to direct evidence.

Answer 19

Hearsay evidence

Question 20

• Type of evidence

- Consists of copies of original documents and oral descriptions.

Answer 20

Secondary evidence

Question 21

Courts prefer the best evidence possible. i.e. Original docs are preferred over copies, and conclusive tangible objects preferred over oral testimony

Answer 21

Best evidence rule

Question 22

Documentation regarding who, what, when and where handled the evidence in question

Answer 22

Chain of custody

Question 23

When someone is persuaded to commit a crime when the person otherwise had no intention to commit a crime.

Answer 23

Entrapment

Question 24

Making the conditions for committing a crime favorable, but the person is already determined to break the law or intent on doing so.

Answer 24

Enticement

Question 25

Law put into place that to address computer fraud aka hacking

Answer 25

Computer Fraud and Abuse Act (CFAA)

Question 26

Law that requires government agencies and contractors to meet compliance with information security standards

Answer 26

Federal Security Management Act (FISMA)

Question 27

In 2014 FISMA modified the rules of the 2002 FISMA by centralizing federal cybersecurity responsibility with the the Dept. of Homeland Security

Answer 27

Federal Information Systems Modernization Act

Question 28

Charges the NIST with the responsibility for coordinating nationwide work on voluntary cybersecurity standards.

Answer 28

Cybersecurity Enhancement Act

Question 29

• Charged the Dept. of Homeland Security with establishing a national cybersecurity and communications integration center.
• The role of this center is to serve as the interface between federal agencies and civilian organizations for sharing cybersecurity risks, incidents, analysis, and warnings.

Answer 29

National Cybersecurity Protection Act

Question 30

• A brand used to distinguish itself from other products and services in the marketplace.
• i.e. name, logo, symbol, or image.
• In the U.S two symbols are used by entities in order to protect their distinctive marks: ™ and circle R

Answer 30

Trademark

Question 31

• Provides exclusive rights to inventors to make, use, or sell an invention for a period of time.
• In Europe and the U.S. term is 20 years from the initial filing date.

Answer 31

Patent

Question 32

Protects creative work from unauthorized duplication, distribution or modification.

Answer 32

Copyright

Question 33

• Business-proprietary info that is important to an organization’s ability to compete.
• Noncompete and nondisclosure two common protection methods used.

Answer 33

Trade Secrets

Question 34

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated…

Answer 34

Fourth Amendment

Question 35

Mandates that government agencies only maintain records that are necessary for conducting their business. Once no longer needed these records need to be destroyed.

Answer 35

Privacy Act of 1974

Question 36

Prohibits the interception of electronic communication telephones and email.

Answer 36

Electronic Communications Privacy Act of 1986

Question 37

• Requires communication carriers to make wiretaps possible for law enforcement with an appropriate court order.
• Amendment to Electronic Communications Privacy Act of 1986

Answer 37

Communications Assistance for Law Enforcement Act (CALEA) of 1994

Question 38

Extended the definition of property to include proprietary info theft, this info can now be considered espionage

Answer 38

Economic Espionage Act of 1996

Question 39

Governs the privacy concerning patients as it related to hospitals, physicians, insurance companies, and other organizations that store medical info about individuals.

Answer 39

Health Insurance Portability and Accountability Act (HIPAA)

Question 40

• Any HIPAA covered entity and business associate must be governed by a written contract known as a business associate agreement (BAA). This means business associates are subject to HIPAA enforcement.
• Breach Notification rule HIPAA-covered entities that experience a data breach must notify affected individuals also both Secretary of Health and Human Services when 500 individuals are affected by the breach

Answer 40

Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH)

Question 41

Deals with how websites collect info from children

Answer 41

Children’s Online Privacy Protection Act of 1998 (COPPA)

Question 42

Protects the privacy of consumer info as it relates to financial institutions

Answer 42

Gramm-Leach Bliley Act of 1999 (GLBA)

Question 43

Provision that allows authorities to monitor all communications to and from the person under investigation under a single warrant.

Answer 43

USA PATRIOT Act of 2001

Question 44

Grants privacy rights to students attending university.

Answer 44

Family Educational Rights and Privacy Act (FERPA)

Question 45

Law that makes identity theft a crime

Answer 45

Identity Theft and Assumption Deterrence Act

Question 46

• Privacy act created by the European Union which allows a free flow of info while still maintaining consistent protection of citizen data in each member nation.
• Law has since been replaced

Answer 46

EU Data Protection Directive

Question 47

• This law passed by the EU to protect the privacy of its citizens (replaced the EU Data Protection Directive)
• Applies to all organizations (even if there not based in the EU) if they collect info from EU residents
• Mandates in a data breach companies must inform the authorities in 72 hours
• People have the right for companies to delete their info if no longer needed

Answer 47

General Data Protection Regulation (GDPR)

Question 48

Licensing is written on software packaging and takes effect when a user opens the package.

Answer 48

Shrink-wrap agreements

Question 49

Allows US based organizations the ability to data share info with countries inside the EU.

Answer 49

EU-US safe harbor

Question 50

• Agreement between the EU and the US that allows the Dept. of Commerce and the Federal Trade Commission (FTC) to certify businesses that comply with regulations and offer them “safe harbor” from prosecution.
• Replaced the Safe Harbor agreement

Answer 50

Privacy Shield agreement

Question 51

Treaty between the majority of EU members and the US. Establishing standards and international cooperation during investigation and prosecution of cybercrime

Answer 51

Council of Europe Convention on Cybercrime

Question 52

Controls the export of items that are specifically designated as military and defense items

Answer 52

The International Traffic in Arms Regulations (ITAR)

Question 53

• List of items that are designed for commercial use but may have military applications
• These are import and export restricted

Answer 53

The Export Administration Regulations (EAR)

Question 54

Licensing included in a package but requires the user to accept the terms during the software installation process.

Answer 54

Click-through agreements

Question 55

Guarantees the creators of “original works of authorship” protection against the unauthorized duplication of their work.

Answer 55

Digital Millennium Copyright Act of 1998

Question 56

The first state to immediately disclose to individuals the known or suspected breach of personally identifiable information

Answer 56

California SB 1386

Question 57

• Licensing written agreements between a software vendor and user.
• i.e. EULAs

Answer 57

Contractual license agreements

Question 58

What are some provisions for General Data Protection Regulation (GDPR)?

Answer 58

1. Companies must inform authorities of major data breaches with 72 hours
2. Each EU member nation must create a centralized data protection authority
3. Individuals must have access to their own data
4. Information regarding an individual must be transferable to another service provider at the individual’s request
5. Individuals retain the “right to be forgotten” and have their information deleted if it is no longer required