Chapter 4 Law, Regulations, and Compliance

Slides:



Advertisements
Similar presentations
IT Security Policy Framework
Advertisements

Computer Fraud Chapter 5.
Computer Fraud Chapter 5.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Confidentiality and HIPAA
IS3350 Security Issues in Legal Context
Principles of Information Security, 3rd Edition2 Introduction  You must understand scope of an organization’s legal and ethical responsibilities  To.
Ethical and Social Issues in Information Systems
Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL.
Cyber crime impact on Businesses Bogdan Manolea RITI dot-Gov.
Mohd Taufik Abdullah Department of Computer Science
Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202)
Legal, Ethical, and Professional Issues in Information Security
Brief Synopsis of Computer Security Standards. Tenets of Information Systems Security Confidentiality Integrity Availability Over the years, standards.
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Legal, Regulations, Compliance and Investigations.
E-Commerce: Legal and Practical Issues Legal Issues: Security – December 2, 2005 Stephen M. Foxman Philadelphia.
Security of Computerized Medical Information: Threats from Authorized Users James G. Anderson, Ph.D. Purdue University.
IT Legislation & Regulation CS5493. Information has become a valued asset for commerce and governments. … as a result of its value, information is a target.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Privacy & Personal Information -- Why do we care or do we?
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.
Chapter Two Ethical & Legal Issues.
In the Belly of the Breach: What Every In-House Counsel Needs to Know about Data Breach Response ACC International Legal Affairs Committee Legal Quick.
The USA PATRIOT Act Part 2 YSU – Weapons of Mass Destruction Session 11a.
Eric J. Pritchard One Liberty Place, 46 th Floor 1650 Market Street Philadelphia, Pennsylvania (215)
ISMS for Mobile Devices Page 1 ISO/IEC Information Security Management System (ISMS) for Mobile Devices Why apply ISMS to Mobile Devices? Overview.
Legal aspects Based on Law in the Internet Age Sharon K. Black.
CISSP For Dummies Chapter 12 Legal, Regulations, Investigations, and Compliance Last updated
Risk Assessment. InfoSec and Legal Aspects Risk assessment Laws governing InfoSec Privacy.
Privacy, Confidentiality, Security, and Integrity of Electronic Data
Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.
Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.
Lecture 11: Law and Ethics
Lesson 5-Legal Issues in Information Security. Overview U.S. criminal law. State laws. Laws of other countries. Issues with prosecution. Civil issues.
Computer Forensics Law & Privacy © Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering, WVU.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
“ Copyright © Allyn & Bacon 2008 Criminal Evidence Chapter Six: Warrantless Arrests and Searches This multimedia product and its contents are protected.
Cybercrime What is it, what does it cost, & how is it regulated?
Legal Issues Now that we have looked at ethics, some of these issues are also dealt by the law. We will consider laws in the following catagories: Intellectual.
Chapter 4: Laws, Regulations, and Compliance
Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.
CHAPTER SIXTEEN The Right to Privacy and Other Protections from Employer Intrusions.
Legal Aspects in IT Security Is Your Organisation Up-to-Date?? (Ref : IT Act, 2008 & IT Rules 2011) Adv Prashant Mali [BSc(Phy),MSc(Comp. Sci.),CNA,
Law and Ethics INFORMATION SECURITY MANAGEMENT
Securing Information Systems
The Demand for Audit and Other Assurance Services
Networking 2002 USA-Patriot Act Tracy Mitrano Cornell University
Chapter 10 Cyberlaw, Social Media, and Privacy
Michael Spiegel, Esq Timothy Shimeall, Ph.D.
Business Counter-Intelligence
Data Security Policies
Legal, Regulations, Compliance and Investigations
ETHICAL & SOCIAL IMPACT OF INFORMATION SYSTEMS
Session 11 Other Assurance Services
E&O Risk Management: Meeting the Challenge of Change
Securing Information Systems
My First Template.
Societal Issues in Computing (COMP466)
Cyber Issues Facing Medical Practice Managers
Cyber Trends and Market Update
Employee Privacy and Privacy of Employee Information
CompTIA Security+ Study Guide (SY0-401)
Forensic and Investigative Accounting
Essentials of the legal environment today, 5e
Chapter 46 SECURITIES REGULATION
CIT 485: Advanced Cybersecurity
Chapter 1: Information Security Fundamentals
Forensic and Investigative Accounting
Presentation transcript:

Chapter 4 Law, Regulations, and Compliance CISSP Study Guide BIS 4113/6113

Cybercrime goes unreported FBI estimates that electronic crimes have occurred for virtually all Fortune 500 corporations, run about $10B a year, and are only reported about 17 percent of the time 44 percent of computer crime committed by members of organization (Stambaugh)

What is “cybersecurity law?” 1) Victim response to intrusions 2) Liability for intrusions 3) Computer and network regulations 4) Special issues for government and defense

Intellectual Property (p.132) Intangible assets Trademarks Patents Trade secrets Coca-Cola, KFC Original works of authorship

Workplace searches (Dhillon) Exceptions for warrantless searches of computer equipment Prior consent Implied consent (IT usage policy) Exigent circumstances Evidence is in danger from destruction Plain view Relevant to a lawful arrest occurring *Mobile devices yet to be determined Inventory searches Purpose other than accumulating evidence Border searches

Computer Fraud and Abuse Act (1984) Covers computer crimes crossing state boundaries See page 128 for scope and damages Government, financial, medical fields Information assets Recently proposed changes Hacking defined as “organized crime” “Fix the CFAA” advocacy group

Major Legislation (IP) Copyrights protected 70 years after author(s) death Examples: Blurred Lines Stairway to Heaven Digital Millennium Copyright Act (1998) Restricts transmission of copyrighted material, incl. webcasts and P2P Economic Espionage Act (1996) Penalties for stealing trade secrets

Major Legislation (Privacy) Fourth Amendment (US Con) Privacy Act (1974) Gov’t agencies may not disclose info about individuals Electronic Communications Privacy Act (1986) Extends wiretap laws to CMC and mobile

Major Legislation (Internet Privacy) Health Insurance Portability and Accountability Act (1996) Children’s Online Privacy Protection Act (1998) Gramm-Leach-Bliley (1999) Limits exchange of cust info between banks Patriot Act (2001) June 2015 USA Freedom Act NSA must use warrant to receive mobile metadata Federal Educational Rights and Privacy Act (aka Buckley Amendment – 1974) SB1386 (California) Other States

Compliance with Regulations Example: Payment Card Industry – Data Security Standard (PCI DSS) (p.146) Standards required to stay within trusted network 12 main requirements Verified by independent auditors

Sarbanes-Oxley (2002) Public corporations and financial disclosures Misleading info = up to $5M in fines and 20 yrs in prison 2017 Protiviti survey

Sarbanes-Oxley (2002) Section 404 “Issuers are required to publish information in their annual reports concerning the scope and adequacy of the internal control structure and procedures for financial reporting. This statement shall also assess the effectiveness of such internal controls and procedures.” Authentication standards User account management (incl. segregation of duties) Logs and monitoring Network security Physical security Risk assessment

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.