U.S. Law: U.S. Information Security Law and Regulations Flashcards
What’s Computer Fraud and Abuse Act (CFAA)?
the first major piece of US cybercrime-specific legislation
What’s Federal Sentencing Guidelines?
punishment guidelines to help federal judges interpret computer crime laws
What’s Federal Information Security Management Act (FISMA)?
formal infosec operations for federal government
What’s Children’s Online Privacy Protection Act (COPPA)? Specify the age.
- protect the online privacy of children under the age of 13
- places certain requirements on operators of websites or online services directed towards children or those with knowledge that they collect personal information from children
What’s Electronic Communication Privacy Act (ECPA)?
- governs the privacy of electronic communications
- defines the legal standards for government surveillance, access, and disclosure of electronic communications, including emails, text messages, and other forms of electronic communication
What’s Gramm-Leach-Bliley Act (GLBA)?
- U.S. federal law that governs the privacy and security of customer information held by financial institutions
- aims to ensure the confidentiality and integrity of consumers’ personal financial information
What is the key requirment when doing crimminal investigation?
- document the time, place, who was there, each step
- later, there will be a need to demonstrate what was done, whether procedures were followed
What’s Chain of Custody?
- process of maintaining the integrity, confidentiality, and availability of digital evidence in a forensically sound manner
- it is an unbroken documented record of everything done with, and by whom, during the evidence lifecycle
What does Computer and Abuse Act (CFAA) address?
unauthorized and malicious activities on federal systems
What are enforceable governmental requests?
- warrant (soudní autorizace pro policii; e.g. prohledani bytu)
- subpoena (předvolání)
- court order (soudní příkaz)
To be admissible, evidence must be what? (3)
- relevant
- material
- competent
What individuals are responsible for preserving the chain of custody of evidence?
- police investigators
- evidence technicians
- attorneys
- anyone involved in the collection, processing, analysis and production of evidence
Can crime be also violation of a regulation?
yes
What law prevents government agencies from disclosing personal information that an individual supplies to the government under protected circumstances?
Privacy Act
What federal government agency has the authority to regulate the export of encryption software?
Bureau of Industry and Security (BIS)
What U.S. law prevents the removal of protection mechanisms placed on a copyrighted work by the copyright holder?
Digital Millennium Copyright Act (DMCA) prohibits attempts to circumvent copyright protection mechanisms placed on a protected work by the copyright holder
What does DMCA stand for?
Digital Millennium Copyright Act (DMCA)
How does DMCA protect ISPs?
ISPs are not liable for the “transitory activities” of their customers; the fact that their customers transmit copyrighted material through their network does not make them liable
Can HIPPA, GLBA and SOX involve criminal penalties if violated?
yes
What is Government Information Security Reform Act (GISRA)?
precursor to FISMA which expired in 2002
What does FedRAMP stand for?
Federal Risk and Authorization Management Program (FedRAMP)
What’s FedRAMP?
U.S. federal program that mandates a standardized approach to security assessment, authorization and continuous monitoring of cloud products and services
What does a cloud service need in order to be able to provide cloud services to U.S. government?
FedRAMP certification
Which law effectively extends the fourth amendment of the U.S. constitution to the electronic realm?
The Stored Communication Act (SCA) of 1986
