Legal And Privacy Issues In Information Security

An organizations most important asset

The study and practice of protecting information

Practice of hiding information so unauthorized persons can't read it

Only people with the right permission can access and use information

Information systems and their data are correct

The security goal of making information systems operate reliably.

Disrupts information systems so they're no longer available to users

Any users of an organizations IT system. AKA End users

Computing devices used by end users

Organizations LAN technologies

Organizations with remote locations connect to this

Process and procedures that end users use to access the organizations IT infrastructure and data.

Equipment and data an organization uses to support its' IT infrastructure.

When 2 or more employees split critical task functions

Software or code that updates a program to address security problems

Successful attacks against a vulnerability

Exploited before a patch is provided

Anything that can harm an information system

The likelihood that a threat will exploit a vulnerability and cause harm

Systems run with the lowest amount of permissions needed to complete tasks.

Allows access to only needed data

Lies dormant for a certain period and when conditions are met it carries out its malicious function.

Group of organizations that share a similar industry type.

Governs access to public records of the U.S. federal government

Wrongful act or harm that hurts a person

Maliciously saying false things about another person

Small, invisible electronic file that is placed on a web page or in an e-mail message that monitors behavior

The legal concept that means a higher-ranking law will exclude a lower-ranking law on the same subject

Describes the relationship between the states and the U.S. federal government.

Claims between individuals

Wrongs against society

The action of following applicable laws and rules and regulations

An evaluation and verification that certain objectives are met

Congress created this law to fight drug trafficking, money laundering, and other crimes.

Defines any financial institution as any institution that conducts financial activities.

Central bank of the U.S., reports directly to Congress.

Provides deposit insurance to banks

Allows consumers to opt out of some types of information sharing

Attempt to gain access to customer information without proper authority to do so

Governs how information from children is to be collected and used

Protects minors from obscene or objectionable material on school or library computers

Protects the privacy rights of students and their educational records

Fights health insurance fraud, simplifies how health insurance is administered.

Enforces HIPAA Privacy and Security Rules

Protects shareholders and investors from financial fraud.

Lists 14 sections of information security safeguards.

Creates information security guidance for federal agencies.

Protects federal IT systems and the data in those systems

Exercise/Network testing. Internal network testing

Unauthorized access. Must be reported to their IT systems even if data is not compromised

Denial of Service. Must report successful attacks that harm IT systems

Malicious Code. Must report successful installation of software.

Improper use. Must report violations of their acceptable use policies.

Scans, probes, and Attempted Access. Must report any activities that seek to access or identify IT systems.

Investigation. Unusual events that require more review due to being odd or potentially harmful.

An e-commerce Web server

Enacted by Congress in response to growth in identity theft crime

CIA

Are nominated by the president

The vice president and the heads of the 15 executive departments

The U.S. Constitution