Domain 1: Security and Risk Management; Legal and Regulatory Issues Flashcards
What is the US Privacy Act of 1974?
It was created to codify the protection of US Citizens data that is being used by the federal government. It defines guidelines on how personal data is used, collected, and distributed.
What is the Council of Europe Convention on Cybercrime?
International cooperation in computer crime policy. The primary focus of the Convention on Cybercrime is establishing standards in cybercrime policy to promote international cooperation during the investigation and prosecution of cybercrime.
What makes successful prosecution of computer crimes difficult when the crime involves multiple computers in different countries?
Computer crime laws differ between countries. Some countries might not be willing to share information with the country prosecuting the crime.
True or false: Cryptography has been a very successful way to stymie investigation by law enforcement.
True.
How is crytographic technlogy treated like a tradtitional weapon?
Some countries enact bans on the export of cryptographic technology to specific countries in an attempt to prevent unfriendly nations from having advanced encryption capabilities.
State the Privacy and Security portion of HIPAA.
Guard Protected Health Information (PHI) from unauthorized use or disclosure. The Security Rule provides guidance on administrative, physical, and technical safeguards for the protection of PHI.
What is the Gramm-Leach-Bliley Act (GLBA)?
Requires financial institutions to protect the confidentiality and integrity of consumer financial information. Forced them to notify consumers of their privacy practices.
What is the Sarbanes-Oxley Act (SOX) of 2002?
As a direct result of major accounting scandals in the United States, the Sarbanes-Oxley Act of 2002, more commonly referred to as SOX, was passed. SOX created regulatory compliance mandates for publicy traded companies. The primary goal of SOX was to ensure adequate financial disclosure and financial auditor independence. SOX requires financial disclosure, auditor independence, and internal security controls such as a risk assessment. Intentional violation of SOX can result in criminal penalties.
What is the Computer Fraud and Abuse Act?
It was originally drafted in 1984. One of the first US laws pertaining to computer crimes. Attacks on protected computers, which include government and financial computers as well as those engaged in foreign or interstate commerce, which resulted in $5000 of damages during one year, were criminalized. The foreign and interstate commerce portion of the protected computer definition allowed for many more computers than originally intended to be covered by this law.
