Ch4

Question 1

Criminal Law

Answer 1

protects society against acts that violate basic principles we believe in

Question 2

violations of criminal law

Answer 2

prosecuted by Federal and State governements

Question 3

Civil Law

Answer 3

provides a framework for the transaction of business between people and organizations

Question 4

violations of civil law

Answer 4

brought to the court and argued by the two affected parties

Question 5

Administrative Law

Answer 5

• used by government agencies to effectively to carry out their day-to-day business
• Consist of policies, procedures, regulations
• Do NOT require an act of the legislative branch to implement at Feral level
• Do NOT require an act of Congress
• subject to judicial review
• must comply with criminal and civil laws

Question 6

• protects computers used by goverment or in interstate commerce from a variety of abuses
• provides criminal and civil penalties for those convicted of using virus, worms, Trojan horses and other malicious code to cause damage to computer systems

Answer 6

Computer Fraud & Abuse Act

Question 7

• outlines steps government must take to protect its own systems from attack
• requires mandatory training for all people involved in managing, using, or operating Federal computers that contain sensitive information

Answer 7

Computer Security Act

Question 8

Who is responsible for managing Federal government computer systems that process classified and sensitive information

Answer 8

NSA (National Security Agency)

Question 9

Who manages all Federal government computer systems that are NOT used to process sensitive national security information

Answer 9

NIST (National Institute of Standards & Technology)

Question 10

guarantees the creators of “original works of authorship” protection against
the unauthorized duplication of their work.

Answer 10

Copyright Law

Question 11

words, slogans, and logos used to identify a company and its products or
services.

Answer 11

Trademark protection

Question 12

Patents

Answer 12

• must be new or original
• must be useful and accomplish a task
• must NOT be obvious

Question 13

intellectual property that is absolutely critical to their business and
signifcant damage would result if it were disclosed to competitors and/or the public

Answer 13

trade secrets

Question 14

• severe penalties for companies that collect information from young children without parental consent
• consent must be obtained from the parents of children younger than age 13

Answer 14

• Childrens Online Privacy Protection Act (COPPA)

Question 15

develops Federal government information security program

Answer 15

Government Information Security Reform Act (GISRA)

Question 16

prohibits the circumvention of copy protection placed in digital media & limits liability of ISPs

Answer 16

Digital Millenium Copyright Act of 1998

Question 17

provides penalties for individuals found guilty of the theft of trade secrets. Harsher penalties when individuals know information will benefit foreign government

Answer 17

Economic Espionage Act 1996

Question 18

framework for enforcement of various software licensing agreements such as click-wrap & shrink-wrap agreements

Answer 18

Uniform Computer Information Transaction Act (UCITA)

Question 19

first statewide requirement for notification to individuals of PII data breaches; currently only HIPAA breaches requires notification by Federal Law

Answer 19

California SB 1386

Question 20

prudent man rule

Answer 20

Federal Sentencing Guidelines - , requires senior executives to take personal responsibility for ensuring the due care that ordinary, prudent individuals would exercise

Question 21

what are the three burdens of proof for negligence as defined in the Federal Sentencing Guidelines

Answer 21

1. legally recognized obligation
2. failed to comply with recognized standards
3. the act of negligence must have caused the subsequent damages.

Question 22

Extends CFAA to infrastructure (railroads, gas pipelines, electrical grids & telecommunication circuits) and makes it a felony

Answer 22

National Information Infrastructure Protection Act

NIIPA

Question 23

places the burden of maintaining the security and integrity of government information and information systems squarely on the shoulders of individual agency leaders

Answer 23

.Government Information Security Reform Act (GISRA)

Question 24

federal agencies implement an information security program that covers the agency’s operations to include the activities of contractors

Answer 24

Federal Information Security Management Act (FISMA)

Question 25

prohibits government agents from searching private property without a warrant and probable cause. The courts have expanded their interpretation to include protections against wiretapping and other invasions of privacy.

Answer 25

4th amendment

Question 26

the most significant piece of privacy legislation restricting the way the federal government may deal with private information about individual citizens. It severely limits the ability of federal government agencies to disclose private information to other persons or agencies without the prior written consent of the affected individual(s). It does provide for exceptions involving the census, law enforcement, the National Archives, health and safety, and court orders.

Answer 26

Privacy Act of 1974

Question 27

- makes it a crime to invade the electronic privacy of an individual - broadened the Federal Wiretap Act, to apply to any illegal interception of electronic communications or intentional, unauthorized access of electronically stored data - prohibits the disclosure of electronic communication - protects against the monitoring of email and voicemail communications - prevents providers of those services from making unauthorized disclosures of their content.

Answer 27

Electronic Communication Privacy Act

Question 28

requires all communications carriers to make wiretaps possible for law enforcement with an appropriate court order, regardless of the technology in use.

Answer 28

CALEA - Communications Assistance for Law Enforcement

Question 29

extends the definition of property to include proprietary economic information so that the theft of this information can be considered industrial or corporate espionage. This changed the legal definition of theft so that it was no longer restricted by physical constraints.

Answer 29

Economic and Protection of Proprietary Information Act

Question 30

privacy and security regulations requiring strict security measures for hospitals, physicians, insurance companies, and other organizations that process or store private medical information about individuals

Answer 30

HIPPA - Health Insurance Portability and Accountability Act

Question 31

- directly subject to HIPAA and HIPAA enforcement actions in the same manner as a covered entity - entities who experience a data breach must notify affected individuals of the breach and must also notify both the Secretary of Health and Human Services and the media when the breach affects more than 500 individuals

Answer 31

Health Information Technology for Economic and Clinical Health Act (HITECH)

Question 32

strict governmental barriers between fnancial institutions. Banks, insurance companies, and credit providers that were relaxed due to this law

Answer 32

Gramm‐Leach‐Bliley Act

Question 33

- broadens Electronic Communications monitoring towards Terrorists due to the 911 attack - after proving that the circuit was used by someone subject to monitoring. It also allowed authorities to obtain a blanket authorization for a person and then monitor all communications to or from that person under the single warrant. - ISPs may voluntarily provide the government with a large range of information.

Answer 33

USA Patriot Act of 2001

Question 34

- grants certain privacy rights to students older than 18 and the parents of minor students. ■ Parents/students have the right to inspect any educational records ■ Parents/students have the right to request correction of records they think are erroneous ■ Schools may not release personal information from student records without written consent

Answer 34

Family Educational Rights and Privacy Act

Question 35

act makes identity theft a crime against the person whose identity was stolen and provides severe criminal penalties (up to a 15‐year prison term and/or a $250,000 fne) for anyone found guilty of violating this law

Answer 35

Identity Theft and Assumption Deterrence Act

Question 36

European Union Privacy Law

Answer 36

Notice They must inform individuals of what information they collect about them and how the information will be used. Choice They must allow individuals to opt out if the information will be used for any other purpose or shared with a third party. For information considered sensitive, an opt‐in policy must be used. Onward Transfer Organizations can share data only with other organizations that comply with the safe harbor principles. Access Individuals must be granted access to any records kept containing their personal information. Security Proper mechanisms must be in place to protect data against loss, misuse, and unauthorized disclosure. Data Integrity Organizations must take steps to ensure the reliability of the information they maintain. Enforcement Organizations must make a dispute resolution process available to individuals and provide certifications to regulatory agencies that they comply with the safe harbor provisions.

Question 37

Sarbanes-Oxley Act of 2002

Answer 37

- applies to all public companies that have registered equity or debt securities with the Securities and Exchange Commission (SEC) - personnel responsible for auditing, monitoring, and reviewing security do not have other operational duties related to what they are auditing, monitoring, and reviewing