Home Page Icon
Home Page
Table of Contents for
Key Concepts and Terms
Close
Key Concepts and Terms
by Joanna Lyn Grama
Legal and Privacy Issues in Information Security, 3rd Edition
Cover
Title Page
Copyright Page
Contents
Dedication
Preface
Acknowledgments
About the Author
Chapter 1 Information Security Overview
Why Is Information Security an Issue?
What Is Information Security?
What Is Confidentiality?
What Is Integrity?
What Is Availability?
Basic Information Security Concepts
Vulnerabilities
Threats
Risks
Safeguards
Choosing Safeguards
What Are Common Information Security Concerns?
Shoulder Surfing
Social Engineering
Phishing and Targeted Phishing Scams
Malware
Spyware and Keystroke Loggers
Logic Bombs
Backdoors
Denial of Service Attacks
What Are the Mechanisms That Ensure Information Security?
Laws and Legal Duties
Contracts
Organizational Governance
Data Protection Models
U.S. National Security Information
Voluntary Organizations
Do Special Kinds of Data Require Special Kinds of Protection?
Chapter Summary
Key Concepts and Terms
Chapter 1 Assessment
Endnotes
Chapter 2 Privacy Overview
Why Is Privacy an Issue?
What Is Privacy?
Types of Personal Information
How Is Privacy Different from Information Security?
What Are the Sources of Privacy Law?
Constitutional Law
Federal Law
Freedom of Information Act (1966)
Privacy Act (1974)
E-Government Act (2002)
Electronic Communications Privacy Act (1986)
The Wiretap Act (1968, amended)
Census Confidentiality (1952)
Mail Privacy Statute (1971)
Cable Communications Policy Act (1984)
Driver’s Privacy Protection Act (1994)
State Laws
Common Law
Intrusion Into Seclusion
Portrayal in a False Light
Appropriation of Likeness or Identity
Public Disclosure of Private Facts
Voluntary Agreements
What Are Threats to Personal Data Privacy in the Information Age?
Technology-Based Privacy Concerns
Spyware
Cookies, Web Beacons, and Clickstreams
Wireless Technologies
GPS Technology
Security Breaches
People-Based Privacy Concerns
Social Networking Sites
Online Data Gathering
What Is Workplace Privacy?
Telephone, Voicemail, and Email Monitoring
Telephone and Voicemail Monitoring
Email Monitoring
Computer Use Monitoring
Off-Duty Computer Monitoring
Video Surveillance Monitoring
Special Rules for Public Employees
What Are General Principles for Privacy Protection in Information Systems?
Privacy Policies
International Privacy Laws
Chapter Summary
Key Concepts and Terms
Chapter 2 Assessment
Endnotes
Chapter 3 The American Legal System
The American Legal System
Federal Government
Legislative Branch
Executive Branch
Judicial Branch
State Government
Sources of American Law
Common Law
Code Law
Constitutional Law
How Does It All Fit Together?
Types of Law
Civil
Criminal
Administrative
The Role of Precedent
Regulatory Authorities
What Is the Difference Between Compliance and Audit?
How Do Security, Privacy, and Compliance Fit Together?
Chapter Summary
Key Concepts and Terms
Chapter 3 Assessment
Endnotes
Chapter 4 Security and Privacy of Consumer Financial Information
Business Challenges Facing Financial Institutions
The Different Types of Financial Institutions
Consumer Financial Information
Who Regulates Financial Institutions?
The Federal Reserve System
Federal Deposit Insurance Corporation
National Credit Union Administration
Office of the Comptroller of the Currency
Special Role of the Federal Financial Institutions Examination Council
Special Roles of the Consumer Financial Protection Bureau and the Federal Trade Commission
Consumer Financial Protection Bureau
Federal Trade Commission
The Gramm-Leach-Bliley Act
Purpose, Scope, and Main Requirements
The Privacy Rule
The Safeguards Rule
The Pretexting Rule
Oversight
Federal Trade Commission Red Flags Rule
Purpose
Scope
Main Requirements
Oversight
Payment Card Industry Standards
Purpose
Scope
Main Requirements
Oversight
Case Studies and Examples
FTC Privacy and Safeguards Rule Enforcement
Credit Card Security Example
Chapter Summary
Key Concepts and Terms
Chapter 4 Assessment
Endnotes
Chapter 5 Security and Privacy of Information Belonging to Children and in Educational Records
Challenges in Protecting Children on the Internet
Identification of Children
First Amendment and Censorship
Defining Obscenity
Children’s Online Privacy Protection Act
Purpose of COPPA
Scope of the Regulation
Main Requirements
Privacy Policy
Privacy Policy Content
Gaining Parental Consent
Oversight
Children’s Internet Protection Act
Purpose
Scope of the Regulation
Main Requirements
Content Filtering
Internet Safety Policy
Exceptions
Oversight
Family Educational Rights and Privacy Act (FERPA)
Scope
Main Requirements
Annual Notification
Access to Education Records
Amendment of Education Records
Disclosure of Education Records
Disclosure Exceptions Under FERPA
Security of Student Records Under FERPA
Oversight
State Laws Protecting Student Data
Case Studies and Examples
Children’s Privacy
Release of Disciplinary Records
Chapter Summary
Key Concepts and Terms
Chapter 5 Assessment
Endnotes
Chapter 6 Security and Privacy of Health Information
Business Challenges Facing the Healthcare Industry
Why Is Healthcare Information So Sensitive?
The Health Insurance Portability and Accountability Act
Purpose
Scope
Main Requirements of the Privacy Rule
Required Disclosures
Permitted Uses and Disclosures
Uses and Disclosures That Require Authorization
Minimum Necessary Rule
Other Individual Rights Under the Privacy Rule
Privacy Notices
Administrative Requirements
Breach Notification Provisions
Main Requirements of the Security Rule
Safeguards and Implementation Specifications
Oversight
The Role of State Laws Protecting Medical Records
Case Studies and Examples
OCR Enforcement Information
HIPAA and Federal Trade Communications Act
Chapter Summary
Key Concepts and Terms
Chapter 6 Assessment
Endnotes
Chapter 7 Corporate Information Security and Privacy Regulation
The Enron Scandal and Securities-Law Reform
Corporate Fraud at Enron
Why Is Accurate Financial Reporting Important?
The Sarbanes-Oxley Act of 2002
Purpose and Scope
Main Requirements
Public Company Accounting Oversight Board
Document Retention
Certification
Oversight
Compliance and Security Controls
COBIT
GAIT
ISO/IEC Standards
NIST Computer Security Guidance
SOX Influence in Other Types of Companies
Corporate Privacy Issues
Case Studies and Examples
Chapter Summary
Key Concepts and Terms
Chapter 7 Assessment
Endnotes
Chapter 8 Federal Government Information Security and Privacy Regulations
Information Security Challenges Facing the Federal Government
The Federal Information Security Modernization Act
Purpose and Scope
Main Requirements
Agency Information Security Programs
The Role of NIST
Central Incident Response Center
National Security Systems
Oversight
Protecting Privacy in Federal Information Systems
The Privacy Act of 1974
The E-Government Act of 2002
OMB Breach Notification Policy
Import and Export Control Laws
Case Studies and Examples
Chapter Summary
Key Concepts and Terms
Chapter 8 Assessment
Endnotes
Chapter 9 State Laws Protecting Citizen Information and Breach Notification Laws
History of State Actions to Protect Personal Information
ChoicePoint Data Breach
Breach Notification Regulations
California Breach Notification Act
Other Breach Notification Laws
Activities That Constitute a Breach
Time for Notification
Contents of Notification
Encryption Requirements
Penalties for Failure to Notify
Private Cause of Action
Data-Specific Security and Privacy Regulations
Minnesota and Nevada: Requiring Businesses to Comply With Payment Card Industry Standards
Indiana: Limiting SSN Use and Disclosure
California: Protecting Consumer Privacy
Encryption Regulations
Massachusetts: Protecting Personal Information
Nevada Law: Standards-Based Encryption
Data Disposal Regulations
Washington: Everyone Has an Obligation
New York: Any Physical Record
Case Studies and Examples
Chapter Summary
Key Concepts and Terms
Chapter 9 Assessment
Endnotes
Chapter 10 Intellectual Property Law
The Digital Wild West and the Importance of Intellectual Property Law
Legal Ownership and the Importance of Protecting Intellectual Property
Patents
Patent Basics
Patent Requirements
The Patent Application Process
Infringement and Remedies
What Is the Difference Between Patents and Trade Secrets?
Trademarks
Trademark Basics
Use in Commerce
Distinctive
Trademark Registration
Infringement and Remedies
Relationship of Trademarks on Domain Names
Copyright
Copyright Basics
Copyright Registration
Infringement and Remedies
Fair Use
Protecting Copyrights Online—The Digital Millennium Copyright Act (DMCA)
DMCA Basics
Technology Protection Measures
Online Copyright Infringement
Computer Maintenance
DMCA Unintended Consequences
Title 1 Concerns
Title II Concerns
Case Studies and Examples
Trade Secrets
Service Provider Liability for Copyright Infringement
Digital Collections
Chapter Summary
Key Concepts and Terms
Chapter 10 Assessment
Endnotes
Chapter 11 The Role of Contracts
General Contracting Principles
Contract Form
Capacity to Contract
Contract Legality
Form of Offer
Form of Acceptance
Meeting of the Minds
Consideration
Performance and Breach of Contract
Contract Repudiation
Contracting Online
Legal Capacity Online
Form of Offer and Acceptance
Email Communications
Text and Instant Messages
Twitter and Other Social Networking Sites
Existence and Enforcement
Authenticity and Nonrepudiation
Special Types of Contracts in Cyberspace
Shrinkwrap Contracts
Clickwrap Contracts
Browsewrap Contracts
How Do These Contracts Regulate Behavior?
Emerging Contract Law Issues
Cloud Computing
Information Security Terms in Contracts
Data Definition and Use
General Data Protection Terms
Compliance With Legal and Regulatory Requirements
Case Studies and Examples
Contract Formation via Email
Chapter Summary
Key Concepts and Terms
Chapter 11 Assessment
Endnotes
Chapter 12 Criminal Law and Tort Law Issues in Cyberspace
General Criminal Law Concepts
Main Principles of Criminal Law
Type of Wrongful Conduct
Elements of a Crime
Jurisdiction
Criminal Procedure
Common Criminal Laws Used in Cyberspace
The Computer Fraud and Abuse Act (1984)
Computer Trespass or Intrusion
Theft of Information
Interception of Communications Laws
Spam and Phishing Laws
Cybersquatting
Malicious Acts
Well-Known Cybercrimes
General Tort Law Concepts
Strict Liability Torts
Negligence Torts
Intentional Torts
Civil Procedure
Common Tort Law Actions in Cyberspace
Defamation
Intentional Infliction of Emotional Distress
Trespass Torts
Privacy Violations
Case Studies and Examples
CAN-SPAM Act
Defamation on College Campuses
Chapter Summary
Key Concepts and Terms
Chapter 12 Assessment
Endnotes
Chapter 13 Information Security Governance
What Is Information Security Governance?
Information Security Governance Planning
Common Information Security Governance Roles
Information Security Governance and Management
Information Security Governance in the Federal Government
Information Security Governance Documents
Policies
Standards
Procedures
Guidelines
Creating Information Security Policies
Policy Development Process
Recommended Information Security Policies
Acceptable Use Policies
AUP Terms
Enforcement
Anti-Harassment Policies
Workplace Privacy and Monitoring Policies
Data Retention and Destruction Policies
Data Retention Policies
Data Destruction Policies
Intellectual Property Policies
Authentication and Password Policies
Security Awareness and Training
Case Studies and Examples
Acceptable Use Case Study
Chapter Summary
Key Concepts and Terms
Chapter 13 Assessment
Endnotes
Chapter 14 Risk Analysis, Incident Response, and Contingency Planning
Contingency Planning
Risk Management
Risk Assessment Process
Risk Assessment Team
Identifying Assets, Vulnerabilities, and Threats
Likelihood and Potential Loss
Document Needed Controls
Risk Response
Training Employees
Continuous Monitoring
Three Types of Contingency Planning
Incident Response Planning
Incident Response Team
IR Plan Process
Disaster Recovery and Business Continuity Planning
DR/BC Team
DR/BC Plan Development
Testing the Plan
Special Considerations
Addressing Compliance Requirements
When to Call the Police
Public Relations
Chapter Summary
Key Concepts and Terms
Chapter 14 Assessment
Endnotes
Chapter 15 Computer Forensics and Investigations
What Is Computer Forensics?
What Is the Role of a Computer Forensic Examiner?
Collecting, Handling, and Using Digital Evidence
The Investigative Process
Identification
Preservation
Collection
Examination
Presentation
Ethical Principles for Forensic Examination
Legal Issues Involving Digital Evidence
Authority to Collect Evidence
The Fourth Amendment and Search Warrants
Federal Laws Regarding Electronic Data Collection
Admissibility of Evidence
The Hearsay Rule
The Best Evidence Rule
Chapter Summary
Key Concepts and Terms
Chapter 15 Assessment
Endnotes
Appendix A Answer Key
Appendix B Standard Acronyms
Appendix C Law and Case Citations
Appendix D The Constitution of the United States of America
Glossary of Key Terms
References
Index
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Chapter Summary
Next
Next Chapter
Chapter 9 Assessment
KEY CONCEPTS AND TERMS
Breach notification law
Legislative history
Safe harbor
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset