Study sets, textbooks, questions
Upgrade to remove ads
Terms in this set (63)
The fixed moral attitudes or customs of a particular group
Codes or principles of an individual or group that regulate and define acceptable behavior
Rules that mandate or prohibit certain behavior and are enforced by the state.
The legal standard that requires a prudent organization and its employees to act legally and ethically and know the consequences of their actions.
Considered a subset of the standard of due care, the legal standard that requires a prudent organization and its employees to maintain the standard of due care and ensure their actions are effective.
A court's right to hear a case if a wrong is committed in its territory or involve its citizenry.
The legal obligation of an entity that extends beyond criminal or contract law.
The application of laws to people currently residing outside a court's normal jurisdiction, usually granted when a person performs an illegal action within the court's jurisdiction and then leaves
The legal obligation to compensate an injured party for wrongs committed.
Managerial directives that specify acceptable and unacceptable employee behavior in the workplace.
Comprises a wide variety of laws that govern a nation or state and deal with the relationships and conflicts between organizations and people.
Addresses activities and conduct harmful to society, and is actively enforced by the state.
Encompasses family law, commercial law, and regulates the relationship between individuals and organizations.
Regulates the structure and administration of government and their relationships with citizens, employees, and other governments.
Collective data that relates to a group or category of people and that has been altered to remove characteristics or components that make it possible to identify individuals within the group.
Pieces of nonprivate data that, when combined, may create information that violates privacy
In the context of information security, the right of individuals or groups to protect themselves and their information from unauthorized access, providing confidentiality.
The unauthorized taking of personally identifiable information with the intent of committing fraud and abuse of a person's financial and personal reputation, purchasing goods and services without authorization, and generally impersonating the victim for illegal or unethical purpose.
Personally identifiable information (PII)
Information about a person's history, background, and attributes that can be used to commit identity theft.
Association Of Computing Machinery (ACM)
The ACM is a respected professional society that was established in 1947 as "the world's first educational and scientific computing society."
International Information System Security Certification Consortium, Inc. (ISC)^2
(ISC)^2 is a nonprofit organization that focuses on the development and implementation of information security and credentials.
Formerly known as the system Administration, Networking and Security SANS was founded in 1989 as professional research and education cooperative organization and has awarded certifications to more than 55,000 information security professionals.
Originally know as the Information Systems Audit and Control Association, ISACA is a professional association that focuses on auditing, control, security.
Information Systems Security Association (ISSA)
ISSA is a nonprofit societies 10,000 information security professionals in over 100 countries.
The affirmation or guarantee of the confidentiality, integrity, and availability of information in storage, processing, and transmission.
The collection, analysis, and distribution of information from foreign communications networks for intelligence and counterintelligence purposes and in support of military operations.
ignorance, accident, intent
Three general causes of unethical and illegal behavior:
best method for preventing an illegal or unethical activity; e.g., laws, policies, technical controls
Fear of penalty, Probability of being caught, Probability of penalty being administered
Laws and policies only deter if three conditions are present:
SANS offers set of certifications called
Global Information Assurance Certification (GIAC)
Digital Millennium Copyright Act (DMCA)
is the U.S. version of an international effort to reduce the impact of copyright, trademark, and privacy infringement especially through the removal of technological copyright protection measures.
The European Union also put forward Directive 95/46/EC that increases protection of individuals with regard to the processing of personal data and the free movement of such data.
The United Kingdom has already implemented a version of this directive called the Database Right.
Association of Computing Machinery (ACM)
established in 1947 as "the world's first educational and scientific computing society".Code of ethics contains references to protecting information confidentiality, causing no harm, protecting others' privacy, and respecting others' intellectual property
The Health Insurance Portability & Accountability Act Of 1996 (HIPAA)
also known as the Kennedy-Kassebaum Act, impacts all health-care organizations including small doctor practices, health clinics, life insurers and universities, as well as some organizations which have self-insured employee health programs.
The act requires organizations that retain health-care information to use information security mechanisms to protect this information, as well as policies and procedures to maintain this security.
It also requires a comprehensive assessment of the organization's information security systems, policies, and procedures.
The Electronic Communications Privacy Act of 1986
regulates the interception of wire, electronic, and oral communications. The ECPA works in conjunction with the Fourth Amendment of the US Constitution, which provides protections from unlawful search and seizure.
The FinanciServices Modernization Act or Gramm-Leach-Bliley Act of 1999
requires all financial institutions to disclose their privacy policies on the sharing of nonpublic personal information.
It also requires due notice to customers so that they can request that their information not be shared with third parties. The act ensures that the privacy policies in effect in an organization are fully disclosed when a customer initiates a business relationship, as well as distributed at least annually for the duration of the professional association.
The Federal Privacy Act of 1974
1974 regulates the government in the protection of individual privacy and was created to insure that government agencies protect the privacy of individuals' and businesses' information and to hold those agencies responsible if any portion of this information is released without permission.
Security And Freedom Through Encryption Act of 1997 (SAFE)
was an attempt by Congress to provide guidance on the use of encryption and provided measures of public protection from government intervention.
Economic Espionage Act (EEA) of 1996
In an attempt to protect American ingenuity, intellectual property, and competitive advantage, Congress passed the ____ in 1996
U.S. Copyright Law
Intellectual property is recognized as a protected asset in the U.S. U.S. copyright law extends this right to the published word, including electronic formats.
Fair use of copyrighted materials includes the use to support news reporting, teaching, scholarship, and a number of other related permissions, so long as the purpose of the use is for educational or library purposes, not for profit, and is not excessive.
Freedom of Information Act of 1966 (FOIA)
provides any person with the right to request access to federal agency records or information not determined to be a matter of national security.
U.S. government agencies are required to disclose any requested information on receipt of a written request.
There are exceptions for information that is protected from disclosure, and the act does not apply to state or local government agencies or to private businesses or individuals, although many states have their own version of the FOIA.
United Nations Charter
Charter provides provisions for information security during information warfare.
Information warfare (IW) involves the use of information technology to conduct offensive operations as part of an organized and lawful military operation by a sovereign state. IW is a relatively new application of warfare, although the military has been conducting electronic warfare and counter-warfare operations for decades, jamming, intercepting, and spoofing enemy communications.
International Information Systems Security Certification Consortium
The (ISC)2 (www.isc2.org) is a nonprofit organization that focuses on the development and implementation of information security certifications and credentials.
The code of ethics put forth by (ISC)2 is primarily designed for information security professionals who have earned a certification from (ISC)2.
This code focuses on four mandatory canons:
Protect society, the commonwealth, and the infrastructure;
Act honorably, honestly, justly, responsibly, and legally;
Provide diligent and competent service to principals; and
Advance and protect the profession.
System Administration, Networking, and Security Institute
is a professional organization with a large membership dedicated to the protection of information and systems.
Information Systems Audit and Control Association
is a professional association with a focus on auditing, control, and security.
The Federal Bureau of Investigation's National Infrastructure Protection Center (NIPC)
was established in 1998 and serves as the U.S. government's focal point for threat assessment, warning, investigation, and response for threats or attacks against critical U.S. infrastructures.
A key part of the NIPC's efforts to educate, train, inform, and involve the business and public sector in information security is the National InfraGard Program.
International Laws and Legal Bodies
Recently the Council of Europe drafted the European Council Cyber-Crime Convention, designed to create an international task force to oversee a range of security functions associated with Internet activities and to standardize technology laws across international borders.
State & Local Regulations
In addition to the national and international restrictions placed on an organization in the use of computer technology, each state or locality may have a number of laws and regulations that impact operations.
The Computer Fraud and Abuse Act of 1986
is the cornerstone of many computer-related federal laws and enforcement efforts.
the National Information Infrastructure Protection Act of 1996
It was amended in October 1996 with the ________, which modified several sections of the CFA and increased the penalties for selected crimes
The USA Patriot Act of 2001
modified a wide range of existing laws to provide law enforcement agencies with a broader latitude of actions to combat terrorism-related activities.
The Communication Act of 1934
was revised by the Telecommunications Deregulation and Competition Act of 1996, which attempts to modernize the archaic terminology of the older act.
was immediately ensnared in a thorny legal debate over the attempt to define indecency, and ultimately rejected by the Supreme Court.
Computer Security Act of 1987
Another key law that is of critical importance for the information security profession is the ________ It was one of the first attempts to protect federal computer systems by establishing minimum acceptable security practices.
The National Bureau of Standards, in cooperation with the National Security Agency, became responsible for developing these security standards and guidelines.
Law and Ethics in Information Security
As individuals we elect to trade some aspects of personal freedom for social order.
civil, criminal, private, public
Types of law:
The health Information Technology for Economic and Clinical Health Act (HITECH) requires that notification of patient Health care information beaches be reported to the individual affected within only ____ days.
Federal Information security Management Act (FISMA)
In 2002 congress passed the ____ which mandates that all federal agencies establish information security programs to protect their information assets.
the Fourth Amendment of the US Constitution, which provides protections from unlawful search and seizure.
the Fourth Amendment of the US Constitution, which provides protections from unlawful liability for security breaches
regulates the interception of wire, electronic, and oral communications
The Health Insurance portability and Accountability Act of 1996 (HIPPA)
The Financial Services Modernization Act or Gramm-Leach-Bliley Act of 1999 requires all financial institutions to disclose their privacy policies on the sharing of nonpublic personal information
The financial Service Modernization Act, specifically addressed the malicious use of spyware or keyloggers to steal personal identity information
The Financial Services Modernization Act
Gramm-Leach-Bliley Act of 1999 requires all financial institutions to disclose their privacy policies on the sharing of nonpublic personal information.
It also requires due notice to customers so that they can request that their information not be shared with third parties.
The act ensures that the privacy policies in effect in an organization are fully disclosed when a customer initiates a business relationship, as well as distributed at least annually for the duration of the professional association.
Sets found in the same folder
Principles of Information Security Chapter 12 - Se…
CYBR 5300 Chapter 4
ch 9 info security review
CYBR 5300 Chapter 6
Sets with similar terms
CIS 377 MIDTERM CHAPTER 3- LAWS
Chapter 3 key terms
Principles of Information Security, 5th Edition, C…
Principles of Information Security, 5th Edition Ch…
Other sets by this creator
2.1 Elementary Sorting Q&A
1.3 Bags, Queues, and Stack Q&A
1.2 Data Abstraction Q&A
1.1 BASIC PROGRAMMING MODEL Q&A
Other Quizlet sets
Endocrine and Reproduction Physiology Final
Psych MQ 1-9
arec 332 final exam
CHAPTER 35: DISORDERS OF THE BLADDER & LOWER URINA…