Scheduled maintenance: Saturday, September 10 from 11PM to 12AM PDT
Home
Subjects
Expert solutions
Create
Log in
Sign up
Upgrade to remove ads
Only ₩37,125/year
-
Flashcards
-
Learn
-
Test
-
Match
-
Flashcards
-
Learn
-
Test
-
Match
Terms in this set (31)
Define laws
Rules that mandate or prohibit certain behavior and are enforced by the state
Define Policies
Managerial directives that specify acceptable and unacceptable employee behavior in the workplace
Civil Law
Comprises a wide variety of laws that govern a nation or state and deal with the relationships and conflicts between organizations and people.
Criminal Law
Addresses activities and conduct harmful to society, and is actively enforced by the state. Law can also be categorized as private or public.
Public law
Regulates the structure and the administration of government agencies and their relationships with citizens, employees, and other governments. Public law includes criminal, administrative, and constitutional law.
What is the Computer Fraud and Abuse Act of 1986?
The Computer Fraud and Abuse Act of 1986 (CFA Act or CFAA) is the cornerstone of many computer-related federal laws and enforcement efforts. It was originally written as an extension and clarification to the Comprehensive Crime Control Act of 1984.
Who was the CFAA amended by?
The National Information Infrastructure Protection Act of 1996, which modified several sections of the previous act and increased the penalties for selected crimes.
What did the penalties of the National Information Infrastructure Protection Act of 1996 depend on?
• For the purpose of commercial advantage
• For private financial gain
• In furtherance of a criminal act
The Privacy of Customer Information Section
The Privacy of Customer Information Section of the common carrier regulations states that any proprietary information shall be used explicitly for providing services, and not for marketing purposes.
The Electronic Communications Privacy Act (ECPA) of 1986
Informally referred to as the wiretapping acts, is a collection of statutes that regulates the interception of wire, electronic, and oral communications.
The Health Insurance Portability and Accountability Act of 1996 (HIPPA)
Also know as the Kennedy-Kassebaum Act, protects the confidentiality and security of healthcare data by establishing and enforcing standards and by standardizing electronic data interchange.
The Financial Services Modernization Act or Gramm-Leach Bliley Act of 1999
Contains many provisions that focus on facilitating affiliation among banks, securities firms, and insurance companies. This act requires all financial institutions to disclose their privacy policies on the sharing of nonpublic personal information.
Computer Fraud and Abuse Act (also known as Fraud and Related Activity in Connection with Computer; 18 USC 1030) Define and formalizes laws to counter threats from computer related acts and offenses (amended in 1996, 2001, 2006)
Threats to Computers
The Computer Security Act of 1987
Requires all federal computer systems that contain classified information to have security plans in place, and requires periodic security training for all people who operate, design or manage such systems
Terrorism PATRIOTS ACT
USA PATRIOTS Act of 2001 (update to 18 USC 1030) Defines stiffer penalties for prosecution of terrorist crimes
3 causes of unethical and illegal behavior
Ignorance, Accident, Intent
Describe Ignorance and how to prevent it?
Ignorance of the law is no excuse, however, ignorance of policy and procedures is. The first method of deterrence is education, which is accomplished by designing, publishing, and disseminating an organizations policies and relevant laws.
Describe Accident and how to prevent?
People who have authorization and privileges to manage information within the organization are most likely to cause harm or damage by accident. Planning and control can help prevent this.
Describe Intent and how to prevent?
Criminal or unethical intent goes to the state of mind of the person performing the act; it is often necessary to establish criminal intent to successfully prosecute offenders. Need technical controls, and vigorous litigation or prosecution if these controls fail.
3 conditions must be present to secure information?
Fear of Penalty, Probability of being apprehended, Probability of penalty being applied
Define Fear of Penalty
Potential offenders must fear the penalty. Threats of informal reprimand or verbal warning do not have the same impact as the threat of imprisonment or forfeiture of pay.
Probability of being apprehended?
Potential offenders must believe there is a strong possibility of being caught.
Probability of penalty being applied?
Potential offenders must believe that the penalty will be administered.
Ethical differences between cultures?
Cultural differences can make it difficult to determine what is ethical and what is not-especially when it comes to the use of computers. Studies on ethic and computer use reveal that people of different nationalities have different perspectives; difficulties arise when one nationality's ethical behavior violates the ethics of another national group
The Digital Mill Copyright Act (DMCA)
The American contribution to an international effort by the Word Intellectual Properties Organization (WIPO) to reduce the impact of copyright, trademark, and privacy infringement, especially when accomplished via the removal of technological copyright protection measures. This law was created in response to the 1995 adoption of Directive 95/46/EC by the European Union, which added protection for individual citizens with regard to the processing of personal data and its use and movement. The United Kingdom has implemented a version of this law called the Database Right to comply with Directive 95/46/EC.
The Council of Europe adopted the Convention on Cybercrime in 2001
It created an international task force to oversee a range of security functions associated with Internet activities and standardized technology law across international borders.
International Laws
IT professionals and information security practitioners must realize that when their organization do business on the Internet, they do business globally. As a result, these professionals must be sensitive to the laws and ethical values of many different cultures, societies, and countries.
The Sarbanes-Oxley Act of 2002
Also known as SOX or the Corporate and Auditing Accountability and Responsibility Act, is a critical piece of legislation that affects the executive management of publicly traded corporations and public accounting firms. The law seeks to improve reliability and accuracy of financial reporting as well as increase the accountability of corporate governance, in publicly traded companies.
The Economic Espionage Act in 1996
To protect American ingenuity, intellectual property, and competitive advantage, Congress passed the Economic Espionage Act in 1996. This law attempts to prevent trade secrets from being illegally shared.
The Security and Freedom through Encryption Act of 1999
Provides guidance for the use of encryption and provides protection from government intervention. The acts included include provisions that:
1. Reinforce a person right to use or sell encryption algorithms without concern for regulations requiring some form of key registration
2. Prohibit the federal government from requiring the use of encryption for contracts, grants, and other official documents and correspondence.
3. State that the use of
encryption is not probable cause to suspect criminal activity.
4. Provide additional penalties for the use of encryption in the commission of a criminal act.
Misuse of Corporate Resources
Communicate, Educate, and Execute seeks to inform all corporate stakeholders about ethically motived actions and then implement programs to achieve its stated value in practice.
Sets found in the same folderChapter 7 Quiz Question Bank - CIST1601-Informatio…
72 terms
bwheele6791
Chapter 5 - ITSY 1300
50 terms
abbyoatman
Chapter One Intro to Information Security
63 terms
James_Chacon9
ICTN-4040 Chapter 03
15 terms
alexanderch26
Secure Final, Quiz 12 Information Security Fundame…
61 terms
etrejoleal
Intro to Network Security Final Exam
60 terms
etrejoleal
Chapter 4
78 terms
etrejoleal
Final Review - CIST1601-Information Security Fund
448 terms
etrejoleal
Other Quizlet setsChapter 5/6
39 terms
katelinbrech
"Duffy's Jacket" Quiz- Short Story Quiz #3
20 terms
mrsandrews-vschsdTEACHER
western test
27 terms
isxbelgxrcia3000PLUS
Related questionsQUESTION
The ethical decision-making process is futile if no action is taken, because no action represents tacit approval of the situation.
11 answers
QUESTION
Paying bribes and kickbacks to grease business transactions
6 answers
QUESTION
What thought did Lawrence put in Deborah's head that lead to misunderstandings?
2 answers
QUESTION
What do FDA and USDA regulate
8 answers