Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

CISSPSG7E_Slides_Ch04

advertisement 
Chapter 4: Laws, Regulations,
and Compliance
Categories of Laws
• Criminal law
• Civil law
• Administrative law
Criminal Law
• Preserves peace
• Keeps society safe
• Penalties include
– Community service
– Fines
– Prison
• Enacted through legislation
Civil Law
• Provides for orderly society
• Governs matters that are not
crimes
• Enacted through legislation
• Punishment includes financial
penalties
Administrative Law
• Policies, procedures, and
regulations
• Governs the daily operations of an
entity
• Enacted by government agencies,
not the legislature
Laws
•
•
•
•
•
Computer crime
Intellectual property
Licensing
Import/export
Privacy
Computer Crime
•
•
•
•
Computer Fraud and Abuse Act
Computer Security Act
Federal Sentencing Guidelines
National Information Infrastructure
Protection Act
• Paperwork Reduction Act
• Government Information Security
Reform Act
• Federal Information Security
Management Act
Intellectual Property
•
•
•
•
•
•
Copyrights
Digital Millennium Copyright Act
Trademarks
Patents
Trade secrets
Economic Espionage Act
Licensing
•
•
•
•
•
Contractual license agreements
Shrink‐wrap license agreements
Click‐through license agreements
Cloud services license agreements
Uniform Computer Information
Transactions Act
Import/Export
• Transborder data flow of new
technologies, intellectual property,
and personally identifying
information
• Computer export controls
• Encryption export controls
Privacy
• U.S. Privacy Law (1/2)
– Fourth Amendment
– Privacy Act
– Electronic Communications Privacy Act
– Communications Assistance for Law
Enforcement Act (CALEA)
– Economic and Protection of
Proprietary Information Act
– Health Insurance Portability and
Accountability Act (HIPAA)
Privacy
• U.S. Privacy Law (2/2)
– Health Information Technology for
Economic and Clinical Health Act
(HITECH)
– Data Breach Notification Laws
– Children’s Online Privacy Protection Act
(COPPA)
– Gramm‐Leach‐Bliley Act
– USA PATRIOT Act
– Family Educational Rights and Privacy Act
(FERPA)
– Identity Theft and Assumption
Deterrence Act
Privacy
• European Union Privacy Law
– Consent
– Contract
– Legal obligation
– Vital interest of the data subject
– Balance between the interests of the
data holder and the interests of the
data subject
– Key rights of individuals
– Safe harbor provisions
Compliance
• Security regulation can become
complex
• Issues with regulatory agencies and
contractual obligations
• Overlapping and often contradictory
requirements
• May require full-time compliance staff
• Compliance audits and reporting
• Payment Card Industry Data Security
Standard (PCI DSS)
Contracting and
Procurement
• Using cloud and service vendors
requires contract scrutiny.
• You must perform security review
and vendor governance.
• You must tailor the contract to your
specific concerns and review it.
Related documents
“Contrasting the early 19th versus early 21st Centuries”
“Contrasting the early 19th versus early 21st Centuries”
Central Missouri Cardiovascular Associates P
Central Missouri Cardiovascular Associates P
Privacy Confidentiality Minor
Privacy Confidentiality Minor
IAPP presentation - International Association of Privacy Professionals
IAPP presentation - International Association of Privacy Professionals
Maintaining Privacy and Dignity in Care (Fiona Throp)
Maintaining Privacy and Dignity in Care (Fiona Throp)
Merenje koncentracije i trzisne moci privrednih
Merenje koncentracije i trzisne moci privrednih
Download
advertisement