Chapter 4 Flashcards

(68 cards)

1
Q

3 Categories of Laws

A

Criminal Law
Civil Law
Administrative Law

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which type of law does this describe?

preserve peace; involve police and other law enforcement agencies

A

Criminal Law

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which type of law does this describe?

provide for an orderly society; settled between individuals and organizations

A

Civil Law

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

what type of law does this describe?

rules and procedures that should be followed in every possible situations

executive orders, policies, procedures, and regulations

A

Administrative Law

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Where are administrative Laws published?

A

Code of Federal Regulations (CFR)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Computer Fraud and Abuse Act (CFAA)

A

first cyber-crime-specific legislation in US
expansion of Comprehensive Crime Control Act

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

National Information Infrastructure Protection Act of 1996

A

covers computer systems used in international commerce and interstate commerce
extends protections beyond computer systems like railroads, pipelines, electric grids, etc.
damage to critical portions of national infrastructure as a felony

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Federal Sentencing Guidelines (1991)

A

formalized prudent person rule
three burdens of proof for negligence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

prudent person rule

A

requires senior executives to take personal responsibility for ensuring due care

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

3 burdens of proof for negligence

A
  1. person must have legally recognized obligation
  2. must have failed to comply with recognized standards
  3. must be a causal relationship between negligence and damages
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

FISMA - Federal Information Security Management Act

A

requires federal agencies implement an infosec profram that covers the agency’s ops - to include contractors

replaced Computer Security Act of 1987 and the Government Information Security Reform Act of 2000

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which organization is responsible for developing the FISMA implementation guidelines?

A

NIST

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Federal Cybersecurity Laws of 2014

A

Federal Information Systems Modernization Act
Cybersecurity Enhancement Act
National Cybersecurity Protection Act

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Federal Information Systems Modernization Act

A

modified 2002 FISMA by centralizing federal cybersecurity responsibility with the DHS

except:
defense-related cybersecurity remain responsibility of SecDef
intelligence-related cybersec remains responsibility of director of national intel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Cybersecurity Enhancement Act

A

NIST is responsible for coordination nationwide work on voluntary cybersec standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

National Cybersecurity Protection Act

A

DHS establishes a national cybersec and commo integration center to be the interface between federal agencies and civilian orgs to share cyber risks, incidents, analysis, and warnings

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

4 types Intellectual Property

A

copyrights
trademarks
patents
trade secrets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Copyright law - primary purpose

A

guarantees the creators of “original works of authorship” protection against duplication of their work

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

8 categories of copyright protection

A

Literary
Musical
Dramatic
Pantomimes/Choreography
Pictorial, graphical, sculptural
Motion pictures
Sound recordings
Architectural

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What category of copyright does source code fall under?

A

literary works

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Digital Millennium Copyright Act (DMCA)

A

prohibits attempts to circumvent copyright protection mechanisms
limits liabilities of ISPs when circuits are used by criminals violating copyright law
streaming audio/video over the internet is “eligible nonsubscription transmissions” - not illegal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Trademarks

A

words, slogans, and logos used to identify a company and its products or services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

™ (TM)

A

shows you intend to protect works or slogans as trademarks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

® (R)

A

symbolizes a trademark registered with the USPTO - United States Patent and Trademark Office

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Patents
protect IP rights of inventors for 20 years - after which they become public domain
26
3 requirements for Patents
- must be new - must be useful - must not be obvious
27
trade secrets
IP that is critical to business, and would cause significant damage if disclosed to competitors
28
Protecting Trade Secrets
make employees with access sign NDAs implement adequate access controls
29
what is one of the best ways to protect source code?
treat it as a trade secret
30
Economic Espionage Act of 1996
stealing trade secrets to sell to foreign agent fined up to $500,000 and imprisoned for 15 yrs stealing trade secrets for other reasons fined up to $250000 and imprisoned for up to 10 yrs
31
4 types of license agreements
1. contractural license agreement 2. shrink-wrap license agreement 3. click-through license agreements 4. Cloud services license agreemtns
32
contractual license agreements
written contract b/w software vendor and customer
33
shrink-wrapped license agreements
written on the outside of the software packaging
34
click-through license agreements
during installation process, you are required to click a button indicating you have read the terms of the agreement and to abide by them
35
cloud services license agreements
usually a link to the legal terms and a check box to indicate user has read them
36
International Traffic in Arms regulations (ITAR)
controls the export of items that are specifically designed as military and defense items
37
Export Administration Regulations (EAR)
items appear on the commerce control list (CCL) includes entire category covering info sec products controls export of commercial items that may have a military application
38
Fourth Amendment
basis for privacy rights; protection against unreasonable search and seizure of persons, houses, papers, and effects expanded to include protection against wiretapping
39
Privacy Act of 1974
applies to government agencies regarding records maintenance and access to your records
40
Electronic Communications Privacy Act of 1986 (ECPA)
makes it a crime to invade the electronic privacy of an individual
41
Communications Assistance for Law Enforcement Act (CALEA) of 1994
requires all communications carriers to make wiretaps possible for law enforcement
42
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
privacy and security regulations for organizations that process or store private medical information about individuals
43
Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH)
updated HIPAA privacy and security requirements
44
Children's Online Privacy Protection Act (COPPA)
websites that cater to children: have a notice that indicates the type of information they collect and what its use for parents must have ability to review and delete information permanently from the site parents must give consent to the collection of information
45
Gramm-Leach_Bliley Act of 1999 (GLBA)
limits types of info that could be exchanged amongst financial institutions
46
USA PATRIOT Act
broadens powers of law enforcement and intelligence agencies wiretapping authorizations are easier to obtain
47
Family Educational Rights and Privacy Act (FERPA)
grants privacy rights to students older than 18 right to inspect educational records right to request corrections schools may not release person information from student records
48
Identity Theft and Assumption Deterrence Act
the person whose identify was stolen is the victim
49
"reasonable expectation to privacy"
if you are using corporate or government equipment, you should not expect privacy so be careful what you do
50
European Union Data Protection Directive (DPD)
outlines privacy measures that must be in place for protecting personal data
51
European Union General Data Protection Regulation (GDPR)
widened scope of personal data protections to all organizations that collect data from EU residents - even if they are not based in the EU
52
7 key provisions of GDPR
1. Lawfulness, fairness, transparency 2. Purpose limitation 3. Data minimizaiton 4. Accuracy 5. Storage Limitation 6. Security 7. Accountability
53
which key provision of GDPR does this describe? must have a legal basis for processing personal information
lawfullness, fairness, transparency
54
which key provision of GDPR does this describe? must clearly document and disclose the purposes for which you collect data
purpose limitation
55
which key provision of GDPR does this describe? must ensure that the data processed is adequate for your stated purpose and limited to what is necessary
Data minimization
56
which key provision of GDPR does this describe? data you collect or maintain is correct and not misleading; correct or erase inaccurate data
Accuracy
57
which key provision of GDPR does this describe? keep data only for as long as it is needed
storage limitation
58
which key provision of GDPR does this describe? must have appropriate integrity and confidentiality controls in place
security
59
which key provision of GDPR does this describe? must take responsibility for your actions with protected data
accountability
60
Personal Information Protection and Electronic Documents Act (PIPEDA)
Canadian law that restricts how commercial entities may collect, use, and disclose PI
61
Payment Card Industry Data Security Standard (PCI DSS)
compliance requirement dictated by contractual obligation - not by law
62
12 requirements of PCI DSS
1. firewalls 2. change default passwords 3. protect cardholder data 4. encrypt transmission across public networks 5. protect against malware 6. maintain secure systems and apps 7. restrict access to cardholder data 8. identity and authentication access control 9. restrict physical access to cardholder data 10. track and monitor access to network resources and data 11. test security systems and processes 12. maintain info sec policy for all personnel
63
Sarbanes-Oxley Act (SOX)
protects investors from fraudulent financial reporting by corporations
64
BIS - Bureau of Industry and Security
sets regs on the export of encryption products
65
GLBA - Gramm-Leach-Bliley Act
requires financial institutions protect customer records
66
If an organization wants to transfer data from EU residents with other agencies, what is the best way to ensure compliance with GDRP?
standard contractual clauses provided by the EU
67
If an organization wants to internally transfer data collected from EU residents, how can they remain compliant with GDRP?
binding corporate rules
68
How can organizations remain HIPAA compliant and enter a relationship with a service provider that gives them access to the PHI?
Enter a BAA - Business Associate Agreement. It makes the service provider liable under HIPAA.