ndividual: Cybersecurity Laws
kothaisiva
Cybersecurity.docxThe U.S. has in place many laws related to information security, computer security, and internet use. Many of these laws relate to information governance, accountability, and commercial liability. In addition, the issue of personal privacy is addressed in many of the laws that relate to specific industries, sectors, and types of information.
Write a 1-to 2-page paper using Microsoft® Word that answers the following questions:
· For two laws from Table 3.1 in Principles of Information Security, state the overall intent of each law. For example what do the U.S. Police and Justice Act and the Computer Fraud and Abuse Act of the U.K. do?
· Using a browser and search engine, determine the general number of cases/complaints that have been filed based on each of the laws listed below:
· Computer Fraud and Abuse Act
· National Information Infrastructure Protection Act
· Sarbanes-Oxley Act
· Having reviewed these laws and cases/complaints associated with them, completely answer each of the following:
· Which of these laws seemed more frequently enforced? Which of these laws have resulted in a large financial impact to a business? Which of these have imposed a strict punitive damage (e.g., someone being convicted of fraud)?
· According to your answer above, what infrastructural or cyber domain sector or assets are being protected by such enforcement?
· Accurately explain if the ethical confidentiality of all private information is assured by the three laws
· Based on your Learning Team discussion, list at least two conflicts faced by U.S. cloud service providers when providing services globally.
Table 3-1 Key U.S. Laws of Interest to Information Security Professionals
|
Area |
Act |
Date |
Description |
|
Telecommunications |
Telecommunications Deregulation and Competition Act of 1996—an update to Communications Act of 1934 (47 USC 151 et seq.) |
1934 |
Regulates interstate and foreign telecommunications (amended in 1996 and 2001) |
|
Civil legal evidence |
Federal Rules for Civil Procedure (FRCP) |
1938 |
As updated in 2006, specifies requirements for the storage, protection, and surrender of discoverable electronic data as used in federal civil proceedings |
|
Freedom of information |
Freedom of Information Act (FOIA) |
1966 |
Allows for disclosure of previously unreleased information and documents controlled by the U.S. government |
|
Privacy |
Federal Privacy Act of 1974 |
1974 |
Governs federal agency use of personal information |
|
Copyright |
Copyright Act of 1976—an update to U.S. Copyright Law (17 USC) |
1976 |
Protects intellectual property, including publications and software |
|
Cryptography |
Electronic Communications Privacy Act of 1986 (Update to 18 USC) |
1986 |
Regulates interception and disclosure of electronic information; also referred to as the Federal Wiretapping Act |
|
Access to stored communications |
Unlawful Access to Stored Communications (18 USC 2701) |
1986 |
Provides penalties for illegally accessing communications (such as e-mail and voicemail) stored by a service provider |
|
Threats to computers |
Computer Fraud and Abuse Act (also known as Fraud and Related Activity in Connection with Computers; 18 USC 1030) |
1986 |
Defines and formalizes laws to counter threats from computer-related acts and offenses (amended in 1996, 2001, and 2006) |
|
Federal agency information security |
Computer Security Act of 1987 |
1987 |
Requires all federal computer systems that contain classified information to have security plans in place, and requires periodic security training for all people who operate, design, or manage such systems |
|
Trap and trace restrictions |
General prohibition on pen register and trap and trace device use; exception (18 USC 3121 et seq.) |
1993 |
Prohibits the use of electronic pen registers and trap and trace devices without a court order |
|
Criminal intent |
National Information Infrastructure Protection Act of 1996 (update to 18 USC 1030) |
1996 |
Categorizes crimes based on criminal intent and a defendant's authority to access a protected computer system |
|
Trade secrets |
Economic Espionage Act of 1996 |
1996 |
Prevents abuse of information gained while employed elsewhere |
|
Personal health information protection |
Health Insurance Portability and Accountability Act of 1996 (HIPAA) |
1996 |
Requires medical practices to ensure the privacy of personal medical information |
|
Intellectual property |
No Electronic Theft Act amends 17 USC 506(a)—copyright infringement, and 18 USC 2319—criminal (Public Law 105-147) infringement of copyright |
1997 |
Amends copyright and criminal statutes to provide greater copyright protection and penalties for electronic copyright infringement |
|
Copy protection |
Digital Millennium Copyright Act (update to 17 USC 101) |
1998 |
Provides specific penalties for removing copyright protection from media |
|
Identity theft |
Identity Theft and Assumption Deterrence Act of 1998 (18 USC 1028) |
1998 |
Attempts to instigate penalties for identity theft by recognizing people who lose their identity as the true victims, not just the commercial and financial credit entities that suffered losses |
|
Children's privacy |
Children's Online Privacy Protection Act of 1998 (COPPA) |
1998 |
Protects children online by requiring Web sites with users under the age of 13 to post privacy policies that specify clear guidance and restrictions on information collection |
|
Encryption and digital signatures |
Security and Freedom Through Encryption Act of 1999 |
1999 |
Affirms the rights of people in the United States to use and sell products that include encryption and to relax export controls on such products |
|
Banking |
Gramm-Leach-Bliley Act of 1999 (GLB) or the Financial Services Modernization Act |
1999 |
Repeals the restrictions on banks affiliating with insurance and securities firms; has significant impact on the privacy of personal information used by these industries |
|
Children's online protection |
Children's Internet Protection Act |
2000 |
Requires K-12 schools and libraries to use Internet filters to protect children online |
|
Terrorism |
USA PATRIOT Act of 2001 (update to 18 USC 1030) |
2001 |
Defines stiffer penalties for prosecution of terrorist crimes |
|
Accountability |
Sarbanes-Oxley Act of 2002 (SOX) or Public Company Accounting Reform and Investor Protection Act |
2002 |
Enforces accountability for executives at publicly traded companies; this law has created ripple effects throughout the accounting, IT, and related units of many organizations |
|
Federal information security |
Federal Information Security Management Act (FISMA) |
2002 |
Specifies the requirement for federal agencies to establish information security programs to protect their information assets |
|
Spam |
Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 CAN-SPAM Act (15 USC 7701 et seq.) |
2003 |
Sets the first national standards for regulating the distribution of commercial e-mail, including mobile phone spam |
|
Fraud with access devices |
Fraud and Related Activity in Connection with Access Devices (18 USC 1029) |
2004 |
Defines and formalizes law to counter threats from counterfeit access devices such as ID cards, credit cards, telecom equipment, mobile or electronic serial numbers, and the equipment that creates them |
|
Terrorism |
Customs-Trade Partnership Against Terrorism (C-TPAT) |
2004 |
Organizations that conduct international business may voluntarily comply with this initiative by U.S. Customs and Border Protection to facilitate security and shipments processing |
|
Terrorism and extreme drug trafficking |
USA PATRIOT Improvement and Reauthorization Act of 2005 (update to 18 USC 1030) |
2006 |
Renews critical sections of the USA PATRIOT Act |
|
Identity theft |
Identity Theft Enforcement and Restitution Act |
2008 |
Imposes criminal liability on people who commit identity theft, but does not regulate the technology |
|
Terrorism |
PATRIOT Sunsets Extension Act of 2011 (update to 18 USC 1030) |
2011 |
Renews critical sections of the USA PATRIOT Act |
