Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 4 Law, Regulations, and Compliance

Published byMark Logan Modified over 5 years ago

Similar presentations

Presentation on theme: "Chapter 4 Law, Regulations, and Compliance"— Presentation transcript:

1 Chapter 4 Law, Regulations, and Compliance
CISSP Study Guide BIS 4113/6113

2 Cybercrime goes unreported
FBI estimates that electronic crimes have occurred for virtually all Fortune 500 corporations, run about $10B a year, and are only reported about 17 percent of the time 44 percent of computer crime committed by members of organization (Stambaugh)

3 What is “cybersecurity law?”
1) Victim response to intrusions 2) Liability for intrusions 3) Computer and network regulations 4) Special issues for government and defense

4 Intellectual Property (p.132)
Intangible assets Trademarks Patents Trade secrets Coca-Cola, KFC Original works of authorship

5 Workplace searches (Dhillon)
Exceptions for warrantless searches of computer equipment Prior consent Implied consent (IT usage policy) Exigent circumstances Evidence is in danger from destruction Plain view Relevant to a lawful arrest occurring *Mobile devices yet to be determined Inventory searches Purpose other than accumulating evidence Border searches

6 Computer Fraud and Abuse Act (1984)
Covers computer crimes crossing state boundaries See page 128 for scope and damages Government, financial, medical fields Information assets Recently proposed changes Hacking defined as “organized crime” “Fix the CFAA” advocacy group

7 Major Legislation (IP)
Copyrights protected 70 years after author(s) death Examples: Blurred Lines Stairway to Heaven Digital Millennium Copyright Act (1998) Restricts transmission of copyrighted material, incl. webcasts and P2P Economic Espionage Act (1996) Penalties for stealing trade secrets

8 Major Legislation (Privacy)
Fourth Amendment (US Con) Privacy Act (1974) Gov’t agencies may not disclose info about individuals Electronic Communications Privacy Act (1986) Extends wiretap laws to CMC and mobile

9 Major Legislation (Internet Privacy)
Health Insurance Portability and Accountability Act (1996) Children’s Online Privacy Protection Act (1998) Gramm-Leach-Bliley (1999) Limits exchange of cust info between banks Patriot Act (2001) June 2015 USA Freedom Act NSA must use warrant to receive mobile metadata Federal Educational Rights and Privacy Act (aka Buckley Amendment – 1974) SB1386 (California) Other States

10 Compliance with Regulations
Example: Payment Card Industry – Data Security Standard (PCI DSS) (p.146) Standards required to stay within trusted network 12 main requirements Verified by independent auditors

11 Sarbanes-Oxley (2002) Public corporations and financial disclosures
Misleading info = up to $5M in fines and 20 yrs in prison 2017 Protiviti survey

12 Sarbanes-Oxley (2002) Section 404
“Issuers are required to publish information in their annual reports concerning the scope and adequacy of the internal control structure and procedures for financial reporting. This statement shall also assess the effectiveness of such internal controls and procedures.” Authentication standards User account management (incl. segregation of duties) Logs and monitoring Network security Physical security Risk assessment

Download ppt "Chapter 4 Law, Regulations, and Compliance"

Similar presentations

IT Security Policy Framework

IT Security Policy Framework
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Confidentiality and HIPAA

Confidentiality and HIPAA
IS3350 Security Issues in Legal Context

IS3350 Security Issues in Legal Context
Principles of Information Security, 3rd Edition2 Introduction  You must understand scope of an organization’s legal and ethical responsibilities  To.

Principles of Information Security, 3rd Edition2 Introduction  You must understand scope of an organization’s legal and ethical responsibilities  To.
Ethical and Social Issues in Information Systems

Ethical and Social Issues in Information Systems
Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL.

Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL.
Cyber crime impact on Businesses Bogdan Manolea RITI dot-Gov.

Cyber crime impact on Businesses Bogdan Manolea RITI dot-Gov.
Mohd Taufik Abdullah Department of Computer Science

Mohd Taufik Abdullah Department of Computer Science
Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202) 353-7848.

Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202)
Legal, Ethical, and Professional Issues in Information Security

Legal, Ethical, and Professional Issues in Information Security
Brief Synopsis of Computer Security Standards. Tenets of Information Systems Security Confidentiality Integrity Availability Over the years, standards.

Brief Synopsis of Computer Security Standards. Tenets of Information Systems Security Confidentiality Integrity Availability Over the years, standards.
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Legal, Regulations, Compliance and Investigations.

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Legal, Regulations, Compliance and Investigations.
E-Commerce: Legal and Practical Issues Legal Issues: Security – December 2, 2005 Stephen M. Foxman Philadelphia.

E-Commerce: Legal and Practical Issues Legal Issues: Security – December 2, 2005 Stephen M. Foxman Philadelphia.
Security of Computerized Medical Information: Threats from Authorized Users James G. Anderson, Ph.D. Purdue University.

Security of Computerized Medical Information: Threats from Authorized Users James G. Anderson, Ph.D. Purdue University.
IT Legislation & Regulation CS5493. Information has become a valued asset for commerce and governments. … as a result of its value, information is a target.

IT Legislation & Regulation CS5493. Information has become a valued asset for commerce and governments. … as a result of its value, information is a target.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Similar presentations

Ads by Google