IT-403-MIDTERM-4A-and-4B.pdf

Full Transcript

Chapter 4
Laws, Regulations, and Compliance

Security and Risk Management (e.g., Security, Risk, Compliance, Law,
Regulations, Business Continuity)
C. Compliance
C.1 Legislative and regulatory compliance
C.2 Privacy requirements compliance
D. Understand legal and regulatory issues that pertain to
information security in a global context
D.1 Computer crimes
D.2 Licensing and intellectual property (e.g. copyright,trademark, digital
rights management)
D.3 Import/export controls
D.4 Trans-border data flow
D.5 Privacy
D.6 Data breaches
In the early days of computer security, information security professionals were
pretty much left on their own to defend their systems against attacks. They didn’t have
much help from the criminal and civil justice systems.

Categories of Laws
Three main categories of laws play a role in our legal system. Each is used to cover a
variety of circumstances, and the penalties for violating laws in the different
categories vary widely. In the following sections, you’ll learn how criminal law, civil law,
and administrative law interact to form the complex web of our justice system.

Criminal Law
Criminal law forms the bedrock of the body of laws that preserve the peace and keep
our society safe. Many high-profile court cases involve matters of criminal law; these
are the laws that the police and other law enforcement agencies concern themselves
with.
Criminal law contains prohibitions against acts such as murder, assault, robbery, and
arson. Penalties for violating criminal statutes fall in a range that includes mandatory
hours of community service, monetary penalties in the form of fines (small and large),
and deprivation of civil liberties in the form of prison sentences.

Civil Law
Civil laws form the bulk of our body of laws. They are designed to provide for an
orderly society and govern matters that are not crimes but that require an impartial
arbiter to settle between individuals and organizations. Examples of the types of
matters that may be judged under civil law include contract disputes, real estate
transactions, employment matters, and estate/probate procedures. Civil laws also are
used to create the framework of government that the executive branch uses to carry
out its responsibilities. These laws provide budgets for governmental activities and lay
out the authority granted to the executive branch to create administrative laws (see
the next section).
Civil laws are enacted in the same manner as criminal laws. They must pass through
the legislative process before enactment and are subject to the same constitutional
parameters and judicial review procedures. At the federal level, both criminal and civil
laws are embodied in the United States Code (USC).
The major difference between civil laws and criminal laws is the way in which they are
enforced. Usually, law enforcement authorities do not become involved in matters of
civil law beyond taking action necessary to restore order. In a criminal prosecution, the
government, through law enforcement investigators and prosecutors, brings action
against a person accused of a crime.

Administrative law is published in the Code of Federal Regulations, often referred to
as the CFR.
Although administrative law does not require an act of the legislative branch to gain
the force of law, it must comply with all existing civil and criminal laws. Government
agencies may not implement regulations that directly contradict existing laws passed
by the legislature. Furthermore, administrative laws (and the actions of government
agencies) must also comply with the U.S. Constitution and are subject to judicial
review.

Computer Crime
The first computer security issues addressed by legislators were those involving
computer crime. Early computer crime prosecutions were attempted under traditional
criminal law, and many were dismissed because judges thought that applying
traditional law to this modern type of crime was too far of a stretch.

Computer Security Act of 1987
After amending the CFAA in 1986 to cover a wider variety of computer systems,
Congress turned its view inward and examined the current state of computer security
in federal government systems. Members of Congress were not satisfied with what
they saw and they enacted the Computer Security Act (CSA) of 1987 to mandate
baseline security requirements for all federal agencies.

FOUR MAJOR TYPES OF INTELLECTUAL PROPERTY:
copyrights, trademarks, patents, and trade secrets.

Copyrights and the Digital Millennium Copyright Act
Copyright law guarantees the creators of “original works of authorship”
protection
against the unauthorized duplication of their work.

Intellectual Property:

Copyright:

 protects tangible or fixed expression of an idea but not the idea itself.
 automatically assigned when created.

 copyright owner has these exclusive rights, protected against
infringement:
 reproduction right
  modification right
 distribution right
 public-performance right
 public-display right

Patents
 grant a property right to the inventor to exclude others
from making, using, offering for sale, or selling the
invention.

Types of Patents:
Utility - any new and useful process, machine, article of
manufacture, or composition of matter
Design - new, original, and ornamental design for an article of
manufacture
Plant - discovers and asexually reproduces any distinct and
new variety of plant

Trademarks
 a word, name, symbol, or device
 used in trade with goods
 indicate source of goods
 to distinguish them from goods of others

NOTE:
 Oral Midterm Examination
 October 8, 2024
 (4A @ 8AM-11PM)
 (4B @ 01:00PM-04:00PM)
 Alphabetical Order
 If your is called then WALA automatically ZERO!.