|created by combining pieces of non-private data—often collected during software updates, and via cookies—that when combined may violate privacy.
|Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS)
|created by the World Trade Organization (WTO) and negotiated over the years 1986–1994, introduced intellectual property rules into the multilateral trade system.
|Association of Computing Machinery (ACM)
|a respected professional society that was established in 1947 as “the world’s first educational and scientific computing society.”
|comprises a wide variety of laws that govern a nation or state and deal with the relationships and conflicts between organizational entities and people.
|Computer Fraud and Abuse Act of 1986 (CFA Act)
|the cornerstone of many computer-related federal laws and enforcement efforts.
|Computer Security Act of 1987
|was one of the first attempts to protect federal computer systems by establishing minimum acceptable security practices.
|addresses activities and conduct harmful to society, and is actively enforced by the state.
|the fixed moral attitudes or customs of a particular group.
|Department of Homeland Security (DHS)
|made up of five directorates, or divisions, through which it carries out its mission of protecting the people as well as the physical and informational assets of the United States.
|Digital Millennium Copyright Act (DMCA)
|the American contribution to an international effort by the World Intellectual Properties Organization (WIPO) to reduce the impact of copyright, trademark, and privacy infringement, especially when accomplished via the removal of technological copyright protection measures.
|when an organization makes sure that every employee knows what is acceptable or unacceptable behaviour, and knows the consequences of illegal or unethical actions.
|requires that an organization make a valid effort to protect others and continually maintains this level of effort.
|Economic Espionage Act in 1996
|attempts to prevent trade secrets from being illegally shared.
|Electronic Communications Privacy Act of 1986
|a collection of statutes that regulates the interception of wire, electronic, and oral communications.
|define socially acceptable behaviors.
|Federal Privacy Act of 1974
|regulates government agencies and holds them accountable if they release private information about individuals or businesses without permission.
|Financial Services Modernization Act or Gramm-Leach-Bliley Act of 1999
|contains a number of provisions focusing on facilitating affiliation among banks, securities firms, and insurance companies.
|Fraud and Related Activity in Connection with Identification Documents, Authentication Features, and Information (Title 18, U.S.C. § 1028)
|criminalizes creation, reproduction, transfer, possession, or use of unauthorized or false identification documents or document-making equipment.
|Freedom of Information Act
|allows any person to request access to federal agency records or information not determined to be a matter of national security
|Georgia Computer Systems Protection Act
|seeks to protect information, and which establishes penalties for the use of information technology to attack or exploit information systems.
|Health Insurance Portability and Accountability Act Of 1996 (HIPAA)
|also known as the Kennedy-Kassebaum Act, protects the confidentiality and security of health care data by establishing and enforcing standards and by standardizing electronic data interchange.
|Information Systems Audit and Control Association (ISACA)
|a professional association that focuses on auditing, control, and security.
|Information Systems Security Association (ISSA)
|a nonprofit society of information security professionals.
|International Information Systems Security Certification Consortium, Inc. (ISC)2
|a nonprofit organization that focuses on the development and implementation of information security certifications and credentials.
|that is, the court’s right to hear a case if a wrong is committed in its territory or involves its citizenry.
|are rules that mandate or prohibit certain behaviour.
|is the legal obligation of an entity that extends beyond criminal or contract law.
|Long arm jurisdiction
|the long arm of the law extending across the country or around the world to draw an accused individual into its court systems.
|National Information Infrastructure Protection Act of 1996
|modified several sections of the previous act and increased the penalties for selected crimes.
|National InfraGard Program
|began as a cooperative effort between the FBI’s Cleveland Field Office and local technology professionals.
|National Security Agency (NSA)
|responsible for signal intelligence and information system security.
|guidelines that describe acceptable and unacceptable employee behaviors in the workplace.
|Privacy of Customer Information Section
|of the common carrier regulation states that any proprietary information shall be used explicitly for providing services, and not for any marketing purposes, and that carriers cannot disclose this information except when necessary to provide their services.
|encompasses family law, commercial law, and labour law, and regulates the relationship between individuals and organizations.
|regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments.
|to compensate for wrongs committed.
|Security and Freedom through Encryption Act of 1999
|provides guidance on the use of encryption and provides protection from government intervention.
|System Administration, Networking, and Security Institute (SANS)
|founded in 1989, is a professional research and education cooperative organization with a current membership of more than 156,000 security professionals, auditors, system administrators, and network administrators
|U.S. Secret Service
|an agency within the Department of the Treasury; provides protective services for key members of the U.S. government; charged with the detection and arrest of any person committing a United States federal offense relating to computer fraud and false identification crimes.
|USA PATRIOT Act of 2001
|provides law enforcement agencies with broader latitude in order to combat terrorism-related activities.
|USA PATRIOT Improvement and Reauthorization Act
|made permanent fourteen of the sixteen expanded powers of the Department of Homeland Security and the FBI in investigating terrorist activity.
|To minimize liabilities/reduce risks, the information security practitioner must
|*Understand current legal environment *Stay current with laws and regulations *Watch for new issues that emerge
|rules that mandate or prohibit certain societal behaviour
|define socially acceptable behaviour
|fixed moral attitudes or customs of a particular group; ethics based on these
|Criteria for policy enforcement
|*Dissemination (distribution) *Review (reading) *Comprehension (understanding) *Compliance (agreement) *Uniform enforcement
|Implementation of information security legislation
|contributes to a more reliable business environment and a stable economy
|Severity of penalties judged on the purpose
|*For purposes of commercial advantage *For private financial gain *In furtherance of a criminal act
|Is a “state of being free from unsanctioned intrusion”