Chapter 4: Laws, Regulations, and Compliance Flashcards
Criminal Law
Protect society against acts that violate the basic principles we believe in. Violations prosecuted by federal and state governments.
Civil Law
Provides the framework for the transaction of business between people and organizations. Violations brought to the court and argued by the two affected parties.
Administrative Law
Used by government agencies to effectively carry out their day-to-day business.
CFAA
Computer Fraud and Abuse Act
Protects computers used by the government or in interstate commerce from a variety of abuses.
FISMA
Federal Information Security Management Act
Requires that federal agencies implement an information security program that covers the agency’s operations. Also includes the activities of their contractors.
NIST SP 800-171
Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations
Compliance with this standard’s security controls is often included as a contractual requirement by government agencies. Federal contractors must often comply.
NIST SP 800-53
Security and Privacy Controls for Information Systems and Organizations
Required for use in federal computing systems and also commonly used as an industry benchmark
NIST CSF
Cybersecurity Framework
Set of standards to serve as a voluntary risk-based framework for securing information and systems
National Cybersecurity Protection Act
Charged DHS with establishing a national cybersecurity and communications integration center. Share cybersecurity info with civilian organizations (CISA)
Copyrights
Protect original works of authorship, such as books, articles, poems, and songs
Trademarks
Names, slogans, and logos that identify a company, product, or service
Patents
Provide protection to the creators of new inventions
Trade Secrets
Protect the operating secrets of a firm (KFC secret herbs and spices)
DMCA
Digital Millennium Copyright Act
Prohibits the circumvention of copy protection mechanisms placed in digital media and limits the liability of internet service providers for the activities of their users.
Fourth Amendment
Secure against unreasonable search and seizure. Now expanded to include wiretapping and other invasions of privacy