security test ch 3
embodies a wide variety of laws pertaining to relationships between and among individuals and organizations
Civil law
Originates from a judicial branch or oversight board and involves the interpretation of law based on the actions of a previous and/or higher court or board.
Common Law, Case Law, and Precedent:
employee agreed to comply with the policy through act or affirmation. Common techniques include logon banners, which require a specific action (mouse click or keystroke) to acknowledge agreement, or a signed document clearly indicating the employee has read, understood, and agreed to comply with the policy.
Compliance (agreement
Originates with the U.S. Constitution, a state constitution, or local constitution, bylaws, or charter.
Constitutional Law
addresses violations harmful to society and is actively enforced and prosecuted by the state. Criminal law addresses statutes associated with traffic law, public order, property damage, and personal damage, where the state takes on the responsibility of seeking retribution on behalf of the plaintiff, or injured party.
Criminal law
What are the primary examples of public law?
Criminal, administrative and constitutional law.
the relevant policy has been made readily available for review by the employee: hardcopy/E-Distr.
Dissemination (distribution)
informally referred to as the wiretapping act, is a collection of statutes that regulates the interception of wire, electronic, and oral communications
Electronic Communications Privacy Act (ECPA)
The branch of philosophy that considers nature, criteria, sources, logic, and the validity of moral judgment.
Ethics
which mandates that all federal agencies establish information security programs to protect their information assets.
Federal Information Security Management Act (FISMA
Pieces of nonprivate data that, when combined, may create information that violates privacy. Not to be confused with aggregate information.
Information aggregatio
Rules that mandate or prohibit certain behavior and are enforced by the state
Laws
In the context of information security, the right of individuals or groups to protect themselves and their information from unauthorized access, providing confidentiality.
Privacy
What is privacy in an information security context?
Privacy is not absolute freedom from observation, but rather it is a more precise "State of being free from unsanctioned intrusion".
is considered a subset of civil law, and regulates the relationships among individuals as well as relationships between individuals and organizations; it encompasses family law, commercial law, and labor law.
Private law
regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments. Public law includes criminal law, administrative law, and constitutional law. important to understand which laws and regulations are relevant to your organization and what the organization needs to do to comply
Public lawPublic law
Originates from an executive branch or authorized regulatory agency, and includes executive orders and regulations.
Regulatory or Administrative Law:
disseminated the document in an intelligible form, including versions for employees who are illiterate, reading-impaired, and unable to read English. Engl and other lang.
Review (reading)
Originates from a legislative branch specifically tasked with the creation and publication of laws and statutes.
Statutory Law
protects the confidentiality and security of health-care data by establishing and enforcing standards and by standardizing electronic data interchange
The Health Insurance Portability and Accountability Act of 1996(HIPAA
This law attempts to prevent trade secrets from being illegally shared. provides guidance for the use of encryption and provides protection from government intervention.
The Security and Freedom through Encryption Act of 1999
is the subset of civil law that allows individuals to seek redress in the event of personal, physical, or financial injury. Perceived damages within civil law are pursued in civil court and are not prosecuted by the state.
Tort law
Collective data that relates to a group or category of people and that has been altered to remove characteristics or components that make it possible to identify individuals within the group. Not to be confused with information aggregation.
aggregate information
Measures that an organization takes to ensure every employee knows what is acceptable and what is not.
due care
Reasonable steps taken by people or organizations to meet the obligations imposed by laws or regulation
due diligence
The unauthorized taking of personally identifiable information with the intent of committing fraud and abuse of a person's financial and personal reputation, purchasing goods and services without authorization, and generally impersonating the victim for illegal or unethical purposes.
identity theft
The power to make legal decisions and judgments; typically an area within which an entity such as a court or law enforcement agency is empowered to make legal decisions.
jurisdiction
An entity's legal obligation or responsibility.
liability
The ability of a legal entity to exercise its influence beyond its normal boundaries by asserting a connection between an out-of-jurisdiction entity and a local legal case.
long-arm jurisdiction
Information about a person's history, background, and attributes that can be used to commit identity theft
personally identifiable information (PII
Guidelines that dictate certain behavior within the organization.
policy
A legal requirement to make compensation or payment resulting from a loss or injury.
restitution