Scribd Logo
Upload

Welcome to Scribd!

  • CH 04

    Uploaded by

    Moses Wathika
    12 views20 pages
    This chapter discusses categories of laws including criminal, civil, and administrative law. It covers specific computer crime laws, intellectual property laws, licensing laws, import/export laws, and privacy laws. Compliance is complex due to overlapping requirements from regulatory agencies and contracts. Organizations must perform audits, have compliance staff, and carefully review contracts with vendors.

    Original Description:

    Original Title

    ch04

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This chapter discusses categories of laws including criminal, civil, and administrative law. It covers specific computer crime laws, intellectual property laws, licensing laws, import/export laws, and privacy laws. Compliance is complex due to overlapping requirements from regulatory agencies and contracts. Organizations must perform audits, have compliance staff, and carefully review contracts with vendors.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    12 views20 pages

    CH 04

    Uploaded by

    Moses Wathika
    This chapter discusses categories of laws including criminal, civil, and administrative law. It covers specific computer crime laws, intellectual property laws, licensing laws, import/export laws, and privacy laws. Compliance is complex due to overlapping requirements from regulatory agencies and contracts. Organizations must perform audits, have compliance staff, and carefully review contracts with vendors.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 20

    Chapter 4

    Laws, Regulations, and Compliance


    Categories of Laws
    • Criminal Law
    • Civil Law
    • Administrative Law

    overview
    Criminal Law
    • Preserve peace
    • Keep society safe
    • Penalties include:
    – Community service
    – Fines
    – Prison
    • Enacted through legislation
    Civil Law
    • Provide for orderly society
    • Govern matters that are not crimes
    • Enacted through legislation
    • Punishment can include financial
    penalties
    Administrative Law
    • Policies, procedures, and
    regulations
    • Govern the daily operations of an
    entity
    • Enacted by government agencies,
    not the legislature
    Laws
    • Computer Crime
    • Intellectual Property
    • Licensing
    • Import/Export
    • Privacy

    overview
    Computer Crime 1/2
    • Computer Fraud and Abuse Act (CFAA)
    • Federal interest computer
    • Accessing classified information, accessing system,
    fraud, malicious damage, modify medical records,
    traffic passwords
    • Any computer in use by the government, financial
    institutions, and interstate offenses
    • Amendments
    • Creating malware code, interstate commerce,
    imprisonment, and civil action from victims
    • Federal Sentencing Guidelines
    • Prudent man rule
    • Burden of proof: negligence, compliance, causal
    Computer Crime 2/2
    • National Information Infrastructure Protection Act
    • CFAA – international, national infrastructure
    • Federal Information Security Management Act
    (FISMA)
    • Risk assessment, planning, training, testing, incident
    management
    • Federal Information Systems Modernization Act
    (FISMA)
    • Centralizing under DHS
    • Cybersecurity Enhancement Act
    • NIST establishing voluntary cybersecurity standards
    Intellectual Property 1/2
    • Copyrights
    • Original works of authorship
    • Digital Millennium Copyright Act
    • Trademarks
    • Words, slogans, logos, etc., which
    identify a company, its products, and
    its services
    • Patents
    • Intellectual property rights of inventors
    Intellectual Property 2/2
    • Trade Secrets
    • Intellectual property of an
    organization
    • Non-disclosure agreement (NDA)
    • Economic Espionage Act
    • Stealing trade secrets to benefit a
    foreign government
    • Stealing trade secrets
    Licensing
    • Contractual license agreements
    • Shrink‐wrap license agreements
    • Click‐through license agreements
    • Cloud services license agreements
    Import/Export
    • Trans‐border data flow of new
    technologies, intellectual property, and
    personally identifying information
    • International Traffic in Arms Regulations
    (ITAR)
    • United States Munitions List (USML)
    • Export Administration Regulations (EAR)
    • Commerce Control List (CCL)
    • Computer Export Controls
    • Encryption Export Controls
    Privacy 1/5
    • U.S. Privacy Law (1/2)
    – Fourth Amendment
    – Privacy Act
    – Electronic Communications Privacy
    Act
    – Communications Assistance for Law
    Enforcement Act (CALEA)
    – Economic Espionage Act
    – Health Insurance Portability and
    Accountability Act (HIPAA)
    Privacy 2/5
    • U.S. Privacy Law (2/2)
    – Health Information Technology for Economic
    and Clinical Health Act (HITECH)
    – Data Breach Notification Laws
    – Children’s Online Privacy Protection Act
    (COPPA)
    – Gramm‐Leach‐Bliley Act
    – USA PATRIOT Act
    – Family Educational Rights and Privacy Act
    (FERPA)
    – Identity Theft and Assumption Deterrence Act
    Privacy 3/5
    • European Union Privacy Law (1/3)
    – Consent
    – Contract
    – Legal obligation
    – Vital interest of the data subject
    – Balance between the interests of the
    data holder and the interests of the
    data subject
    – Key rights of individuals
    – Privacy Shield agreement
    Privacy 4/5
    • European Union Privacy Law (2/3)
    – Privacy Shield agreement
    – Informing Individuals About Data Processing
    – Providing Free and Accessible Dispute Resolution
    – Cooperating with the Department of Commerce
    – Maintaining Data Integrity and Purpose
    Limitation
    – Ensuring Accountability for Data Transferred to
    Third Parties
    – Transparency Related to Enforcement Actions
    – Ensuring Commitments Are Kept As Long As Data
    Is Held
    Privacy 5/5
    • European Union Privacy Law (3/3)
    – European Union General Data Protection
    Regulation (GDPR)
    – Applies to organizations that are not based
    in the EU
    – 24-hour data breach notification
    requirement
    – Centralized data protection authorities in
    each EU member state
    – Individuals will have access to their own data
    – Data portability provisions
    – The “right to be forgotten”
    Compliance
    • Security regulation as become
    complex
    • Issues with regulatory agencies and
    contractual obligations
    • Overlapping and often contradictory
    requirements
    • May require full-time compliance staff
    • Compliance audits and reporting
    • Payment Card Industry Data Security
    Standard (PCI DSS)
    Contracting and Procurement

    • Use of cloud and service vendors


    require contract scrutiny
    • Perform security review and
    vendor governance
    • Tailor the contract and review to
    your specific concerns
    Conclusion
    • Read the Exam Essentials
    • Review the Chapter
    • Perform the Written Labs
    • Answer the Review Questions

    You might also like