Domain 1: Legal and Regulatory Issues Flashcards

1
Q
  • Major legal system
  • The distinguishing feature here is that precedents and certain case rulings do not carry any weight when it comes to new cases.
A

Civil law (legal system)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  • Major legal system
  • A significant emphasis is placed on particular cases and judicial precedents of the past when determining the outcome of current cases.
  • Used in the U.S., Canada, U.K. and most former British colonies.
A

Common Law

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  • Laws in which the primary goal is to deter crime and punish offenders.
  • Branch of law
A

Criminal law

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  • Laws that provide financial damages by a preponderance (more likely than not) of evidence.
  • Branch of law
A

Civil law

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  • Injury (loosely defined) resulting from someone violating their responsibility to provide a duty of care.
  • Branch of law
A

Tort Law

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  • Type of financial damage

- Damages prescribed by law, which can be awarded to the victim even if the victim incurred no actual loss or injury.

A

Statutory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  • Type of financial damage
  • Provides the victim with financial award in effort to compensate for the loss or injury incurred as a direct result of wrongdoing.
A

Compensatory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  • Type of financial damage
  • Damages typically awarded to discourage a egregious violation where compensatory or statutory damages alone would not act a deterrent.
A

Punitive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  • Type of Law

- Government mandated regulations that ensure certain industries meet compliance.

A

Administrative law

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Determines whether an organization is legally on the hook for specific actions or inactions.

A

Liability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Doing what a reasonable person would do in a given situation (aka “prudent man” rule)

A

Due care

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Practicing the activities that maintain the due care effort

A

Due diligence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Not demonstrating due care resulting damages.

A

Gross negligence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Requires senior executives to take personal responsibility for ensuring the due care that ordinary, individuals would exercise in the same situation

A

Prudent man rule

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  • Type of evidence

- Consists of tangible or physical objects.

A

Real evidence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  • Type of evidence

- Testimony provided by witnesses regarding what they actually experienced through their five senses.

A

Direct evidence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q
  • Type of evidence

- Serves to establish the circumstances related to other evidence

A

Circumstantial evidence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q
  • Type of evidence

- Provides additional support for a fact that might have been called into question.

A

Corroborative evidence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q
  • Type of evidence

- Constitutes second-hand evidence. Typically indirect info relating to direct evidence.

A

Hearsay evidence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q
  • Type of evidence

- Consists of copies of original documents and oral descriptions.

A

Secondary evidence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Courts prefer the best evidence possible. i.e. Original docs are preferred over copies, and conclusive tangible objects preferred over oral testimony

A

Best evidence rule

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Documentation regarding who, what, when and where handled the evidence in question

A

Chain of custody

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

When someone is persuaded to commit a crime when the person otherwise had no intention to commit a crime.

A

Entrapment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Making the conditions for committing a crime favorable, but the person is already determined to break the law or intent on doing so.

A

Enticement

25
Q

Law put into place that to address computer fraud aka hacking

A

Computer Fraud and Abuse Act (CFAA)

26
Q

Law that requires government agencies and contractors to meet compliance with information security standards

A

Federal Security Management Act (FISMA)

27
Q

In 2014 FISMA modified the rules of the 2002 FISMA by centralizing federal cybersecurity responsibility with the the Dept. of Homeland Security

A

Federal Information Systems Modernization Act

28
Q

Charges the NIST with the responsibility for coordinating nationwide work on voluntary cybersecurity standards.

A

Cybersecurity Enhancement Act

29
Q
  • Charged the Dept. of Homeland Security with establishing a national cybersecurity and communications integration center.
  • The role of this center is to serve as the interface between federal agencies and civilian organizations for sharing cybersecurity risks, incidents, analysis, and warnings.
A

National Cybersecurity Protection Act

30
Q
  • A brand used to distinguish itself from other products and services in the marketplace.
  • i.e. name, logo, symbol, or image.
  • In the U.S two symbols are used by entities in order to protect their distinctive marks: ™ and circle R
A

Trademark

31
Q
  • Provides exclusive rights to inventors to make, use, or sell an invention for a period of time.
  • In Europe and the U.S. term is 20 years from the initial filing date.
A

Patent

32
Q

Protects creative work from unauthorized duplication, distribution or modification.

A

Copyright

33
Q
  • Business-proprietary info that is important to an organization’s ability to compete.
  • Noncompete and nondisclosure two common protection methods used.
A

Trade Secrets

34
Q

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated…

A

Fourth Amendment

35
Q

Mandates that government agencies only maintain records that are necessary for conducting their business. Once no longer needed these records need to be destroyed.

A

Privacy Act of 1974

36
Q

Prohibits the interception of electronic communication telephones and email.

A

Electronic Communications Privacy Act of 1986

37
Q
  • Requires communication carriers to make wiretaps possible for law enforcement with an appropriate court order.
  • Amendment to Electronic Communications Privacy Act of 1986
A

Communications Assistance for Law Enforcement Act (CALEA) of 1994

38
Q

Extended the definition of property to include proprietary info theft, this info can now be considered espionage

A

Economic Espionage Act of 1996

39
Q

Governs the privacy concerning patients as it related to hospitals, physicians, insurance companies, and other organizations that store medical info about individuals.

A

Health Insurance Portability and Accountability Act (HIPAA)

40
Q
  • Any HIPAA covered entity and business associate must be governed by a written contract known as a business associate agreement (BAA). This means business associates are subject to HIPAA enforcement.
  • Breach Notification rule HIPAA-covered entities that experience a data breach must notify affected individuals also both Secretary of Health and Human Services when 500 individuals are affected by the breach
A

Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH)

41
Q

Deals with how websites collect info from children

A

Children’s Online Privacy Protection Act of 1998 (COPPA)

42
Q

Protects the privacy of consumer info as it relates to financial institutions

A

Gramm-Leach Bliley Act of 1999 (GLBA)

43
Q

Provision that allows authorities to monitor all communications to and from the person under investigation under a single warrant.

A

USA PATRIOT Act of 2001

44
Q

Grants privacy rights to students attending university.

A

Family Educational Rights and Privacy Act (FERPA)

45
Q

Law that makes identity theft a crime

A

Identity Theft and Assumption Deterrence Act

46
Q
  • Privacy act created by the European Union which allows a free flow of info while still maintaining consistent protection of citizen data in each member nation.
  • Law has since been replaced
A

EU Data Protection Directive

47
Q
  • This law passed by the EU to protect the privacy of its citizens (replaced the EU Data Protection Directive)
  • Applies to all organizations (even if there not based in the EU) if they collect info from EU residents
  • Mandates in a data breach companies must inform the authorities in 72 hours
  • People have the right for companies to delete their info if no longer needed
A

General Data Protection Regulation (GDPR)

48
Q

Licensing is written on software packaging and takes effect when a user opens the package.

A

Shrink-wrap agreements

49
Q

Allows US based organizations the ability to data share info with countries inside the EU.

A

EU-US safe harbor

50
Q
  • Agreement between the EU and the US that allows the Dept. of Commerce and the Federal Trade Commission (FTC) to certify businesses that comply with regulations and offer them “safe harbor” from prosecution.
  • Replaced the Safe Harbor agreement
A

Privacy Shield agreement

51
Q

Treaty between the majority of EU members and the US. Establishing standards and international cooperation during investigation and prosecution of cybercrime

A

Council of Europe Convention on Cybercrime

52
Q

Controls the export of items that are specifically designated as military and defense items

A

The International Traffic in Arms Regulations (ITAR)

53
Q
  • List of items that are designed for commercial use but may have military applications
  • These are import and export restricted
A

The Export Administration Regulations (EAR)

54
Q

Licensing included in a package but requires the user to accept the terms during the software installation process.

A

Click-through agreements

55
Q

Guarantees the creators of “original works of authorship” protection against the unauthorized duplication of their work.

A

Digital Millennium Copyright Act of 1998

56
Q

The first state to immediately disclose to individuals the known or suspected breach of personally identifiable information

A

California SB 1386

57
Q
  • Licensing written agreements between a software vendor and user.
  • i.e. EULAs
A

Contractual license agreements

58
Q

What are some provisions for General Data Protection Regulation (GDPR)?

A
  1. Companies must inform authorities of major data breaches with 72 hours
  2. Each EU member nation must create a centralized data protection authority
  3. Individuals must have access to their own data
  4. Information regarding an individual must be transferable to another service provider at the individual’s request
  5. Individuals retain the “right to be forgotten” and have their information deleted if it is no longer required