Law And Regulations Flashcards
Name the three main categories of law?
Criminal - keeps our society safe (murder, addict etc.)
Civil - maintain orderly society and govern matter that aren’t crime (disputes, employment matters, estate procedures)
Admin - ensures government functions effectively (policies and procedures to govern daily operations of the agency) used by government to carry out day to day business
What criminal laws protect society from computer crime?
Computer fraud and abuse act
The electronics communications privacy act
Identify theft and assumption deterrence act
- all provide criminal penalties
Describe civil law?
Law enforcement agencies don’t get involved
It is down to the person who has been ‘wronged’ to seek legal counsel and file a civil lawsuit
Does not impose imprisonment
What should you do when operating in a gray area of Law?
Retain legal counsel
Why do computer crimes fall within federal durisdiction?
Because computer cimes cross states. They still have state laws for computer crimes and they can have harsher penalties. All of the laws in CISSP are federal
CFAA
Computer Fraud and Abuse Act - accessing or damaging federal interest computer systems without authorised access. - computers used by gov and finance. Also includes modifying medical records.
Replaced CCCA - comprehensive crime control act 1984
Also covers interstate commerce computer systems (key point)
What are the CFAA amendments 1994?
Computer abuse amendments of 1994
security changed since last CFFA amendment in 1986.
Covers a wider set of computers (interstate commerce), imprisonment of offenders even if they didn’t mean to and let victims pursue civil law for compensation.
Updated up to 2008
Criticism of CFAA?
Overboard law
Criminalises violation of websites terms of services
Federal sentencing guidelines 1991
Helps to provide punishment guidelines for computer crimes
- prudent man rule
- execs can minimise punishment by demonstrating due car
- three burdens of proof of negligence - person must have legal obligation, person much have failed to comply, must be causing relationship between negligence and damages
What law did the national information infrastructure protection act (1996) replace?
Computer fraud and abuse act (CFAA)
What does the National Information Infrastructure Protection Act (1996) include?
- computer systems used in international commerce
- protect CNI such as rail road, telco etc.
What is FISMA?
Federal information security management act (2002)
Explain FISMA?
Requires government agencies to have an information security programme covering their operations. Must include activities of controls and security management programmes.
Negative of FISMA?
Huge burden to maintain documentation for compliance
Which organisation develops the FISMA implementation guidelines?
NIST
Computer Fraud and Abuse Act (CFAA) - USA
- number of amendments
- currently protects federal computers used by gov or in interstate commerce from abuse
- 1st computer crime legislation
- number of amendments to include computers used by financial institutions and increased damage threshold
Federal Cybersecurity Laws 2014
- laws brought in my Obama to modernise federal cyber security laws
1) FISMA 2 (modernisation) - cyber security responsibility sits with department of homeland security
2) cyber security enhancement act - NIST is responsible for coordinating nationwide work on cyber security standards (800-53 security and privacy controls for federal information systems) (NIST cyber security framework)
3) DHLS had to create a NCSC for information sharing
Name some of the computer crime laws
- CFAA (computer fraud and abuse act)
- Federal sentencing guidelines
- NIIP (nations information infrastructure protection act)
- FISMA (Federal information security management act)
- Federal cyber security laws 2014
What is intellectual property?
Intangible assets such as brand names, secret recipes, moves
Laws exist to protect IP
Four main rules - copyrights, trademarks, patents and trade secrets
Copyright and the digital millennium copyright act (aka copyright)
Protects against unathorised duplication of creators work (music, sounds recording, motion pictures, sculptures, architectural works)
Also literary works (includes software)
Copyright protects creative work and is a Criminal law
What part of the software does copyright protect? (Literary works)
Only the source code not the idea
Is formal copyright required?
You can register your work for copyright
But copyright is enforced automatically