Chapter 4: Laws, Regulations, and Compliance

Question 1

Criminal Law

Answer 1

Protect society against acts that violate the basic principles we believe in. Violations prosecuted by federal and state governments.

Question 2

Civil Law

Answer 2

Provides the framework for the transaction of business between people and organizations. Violations brought to the court and argued by the two affected parties.

Question 3

Administrative Law

Answer 3

Used by government agencies to effectively carry out their day-to-day business.

Question 4

CFAA

Answer 4

Computer Fraud and Abuse Act
Protects computers used by the government or in interstate commerce from a variety of abuses.

Question 5

FISMA

Answer 5

Federal Information Security Management Act
Requires that federal agencies implement an information security program that covers the agency’s operations. Also includes the activities of their contractors.

Question 6

NIST SP 800-171

Answer 6

Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations
Compliance with this standard’s security controls is often included as a contractual requirement by government agencies. Federal contractors must often comply.

Question 7

NIST SP 800-53

Answer 7

Security and Privacy Controls for Information Systems and Organizations
Required for use in federal computing systems and also commonly used as an industry benchmark

Question 8

NIST CSF

Answer 8

Cybersecurity Framework
Set of standards to serve as a voluntary risk-based framework for securing information and systems

Question 9

National Cybersecurity Protection Act

Answer 9

Charged DHS with establishing a national cybersecurity and communications integration center. Share cybersecurity info with civilian organizations (CISA)

Question 10

Copyrights

Answer 10

Protect original works of authorship, such as books, articles, poems, and songs

Question 11

Trademarks

Answer 11

Names, slogans, and logos that identify a company, product, or service

Question 12

Patents

Answer 12

Provide protection to the creators of new inventions

Question 13

Trade Secrets

Answer 13

Protect the operating secrets of a firm (KFC secret herbs and spices)

Question 14

DMCA

Answer 14

Digital Millennium Copyright Act
Prohibits the circumvention of copy protection mechanisms placed in digital media and limits the liability of internet service providers for the activities of their users.

Question 15

Fourth Amendment

Answer 15

Secure against unreasonable search and seizure. Now expanded to include wiretapping and other invasions of privacy

Question 16

ECPA

Answer 16

Electronic Communication Privacy Act
Makes it a crime to invade the electronic privacy of an individual, including monitoring email and VOIP

Question 17

CALEA

Answer 17

Communications Assistance for Law Enforcement Act
Amends the ECPA. Requires all communications carriers to make wiretaps possible for law enforcement with appropriate court order.

Question 18

Economic Espionage Act of 1996

Answer 18

Provides penalties for individuals found guilty of the theft of trade secrets. Harsher penalties apply when the individual knows that the information will benefit a foreign government.

Question 19

Contractual License Agreements

Answer 19

Written agreements between a software vendor and a user

Question 20

Shrink-Wrap Agreements

Answer 20

Written on software packaging and take effect when a user opens the package

Question 21

Click-Through Agreements

Answer 21

Included in a package but require the user to accept the terms during the software installation process

Question 22

HIPAA

Answer 22

Health Insurance Portability and Accountability Act
Includes privacy and security regulations requiring strict security measures for any party that processes or stores private medical information

Question 23

HITECH

Answer 23

Health Information Technology for Economic and Clinical Health Act
Amended HIPAA’s privacy and security requirements. Requires any relationship between a covered entity and a business associate to be governed by a BAA
Also added the Data Breach Rule. Must notify affected individuals. Must notify secretary of health and media if breach affects more than 500 individuals.

Question 24

COPPA

Answer 24

Children’s Online Privacy Protection Act

Question 25

GLBA

Answer 25

Gramm-Leach-Bliley Act of 1999. Covers banking information

Question 26

USA PATRIOT Act

Answer 26

After 9/11, broadened powers of law enforcement and intelligence agencies across a number of areas, including when monitoring electronic communications. Easier to do so, harsher punishments

Question 27

FERPA

Answer 27

Family Education Rights and Privacy Act
Like HIPAA but for any school that accepts federal funding

Question 28

GDPR

Answer 28

General Data Protection Regulation.
European privacy law that applies to all organizations that collect or process data from EU residents. Even applies to orgs not based in EU if they collect information about EU residents.
Requires businesses to limit what they collect and why, to be transparent about it, to secure it, to take responsibility for it, and to remove it at request of the user

Question 29

PIPEDA

Answer 29

Personal Information Protection and Electronic Documents Act
Canadian privacy law that restricts how commercial businesses can collect, use, and disclose personal info

Question 30

CCPA

Answer 30

California Consumer Privacy Act
Modeled after GDPR. Gives consumers the right to know what info is collected and shared by companies as well as the right to be forgotten.

Question 31

PCI DSS

Answer 31

Payment Card Industry Data Security Standard
Governs security of credit card information. Not dictated by law but by contractual obligation