Legal Issues in Information Security, 2nd Edition

Legal Issues in Information Security, 2nd Edition

by Joanna Lyn Grama
Released June 2014
Publisher(s): Jones & Bartlett Learning
ISBN: 9781284054750

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Part of the Jones & Bartlett Learning Information Systems Security and Assurance Series
http://www.issaseries.com

Revised and updated to address the many changes in this evolving field, the Second Edition of Legal Issues in Information Security (Textbook with Lab Manual) addresses the area where law and information security concerns intersect. Information systems security and legal compliance are now required to protect critical governmental and corporate infrastructure, intellectual property created by individuals and organizations alike, and information that individuals believe should be protected from unreasonable intrusion. Organizations must build numerous information security and privacy responses into their daily operations to protect the business itself, fully meet legal requirements, and to meet the expectations of employees and customers.

Instructor Materials for Legal Issues in Information Security include:

PowerPoint Lecture Slides
Instructor's Guide
Sample Course Syllabus
Quiz & Exam Questions
Case Scenarios/Handouts

New to the Second Edition:

• Includes discussions of amendments in several relevant federal and state laws and regulations since 2011
• Reviews relevant court decisions that have come to light since the publication of the first edition
• Includes numerous information security data breaches highlighting new vulnerabilities

Table of contents

  1. Cover
  2. Title Page
  3. Copyright
  4. Contents
  5. Dedication
  6. Preface
  7. Acknowledgments
  8. About the Author
  9. Part One: Fundamental Concepts
    1. Chapter 1 Information Security Overview
      1. Why Is Information Security an Issue?
      2. What Is Information Security?
        1. What Is Confidentiality?
        2. What Is Integrity?
        3. What Is Availability?
      3. Basic Information Security Concepts
        1. Vulnerabilities
        2. Threats
        3. Risks
        4. Safeguards
        5. Choosing Safeguards
      4. What Are Common Information Security Concerns?
        1. Shoulder Surfing
        2. Social Engineering
        3. Phishing and Targeted Phishing Scams
        4. Malware
        5. Spyware and Keystroke Loggers
        6. Logic Bombs
        7. Backdoors
        8. Denial of Service Attacks
      5. Do Different Types of Information Require Different Types of Protection?
      6. What Are the Mechanisms that Ensure Information Security?
        1. Laws and Legal Duties
        2. Contracts
        3. Organizational Governance
        4. Voluntary Organizations
      7. Do Special Kinds of Data Require Special Kinds of Protection?
      8. Chapter Summary
      9. Key Concepts and Terms
      10. Chapter 1 Assessment
    2. Chapter 2 Privacy Overview
      1. Why Is Privacy an Issue?
      2. What Is Privacy?
      3. How Is Privacy Different from Information Security?
      4. What Are the Sources of Privacy Law?
        1. Constitutional Law
        2. Federal Laws
        3. State Laws
        4. Common Laws
        5. Voluntary Agreements
      5. What Are Threats to Personal Data Privacy in the Information Age?
        1. Technology-Based Privacy Concerns
        2. People-Based Privacy Concerns
      6. What Is Workplace Privacy?
        1. Telephone and Voice Mail Monitoring
        2. Video Surveillance Monitoring
        3. Computer Use Monitoring
        4. E-mail Monitoring
      7. What Are General Principles for Privacy Protection in Information Systems?
        1. Privacy Policies and Data Privacy Laws
      8. Chapter Summary
      9. Key Concepts and Terms
      10. Chapter 2 Assessment
      11. Endnotes
    3. Chapter 3 The American Legal System
      1. The American Legal System
        1. Federal Government
        2. State Government
      2. Sources of American Law
        1. Common Law
        2. Code Law
        3. Constitutional Law
        4. How Does It All Fit Together?
      3. Types of Law
        1. Civil
        2. Criminal
        3. Administrative
      4. The Role of Precedent
      5. Regulatory Authorities
      6. What Is the Difference Between Compliance and Audit?
      7. How Do Security, Privacy, and Compliance Fit Together?
      8. Chapter Summary
      9. Key Concepts and Terms
      10. Chapter 3 Assessment
      11. Endnotes
  10. Part Two: Laws Influencing Information Security
    1. Chapter 4 Security and Privacy of Consumer Financial Information
      1. Business Challenges Facing Financial Institutions
      2. The Different Types of Financial Institutions
      3. Consumer Financial Information
      4. Who Regulates Financial Institutions?
        1. The Federal Reserve System
        2. Federal Deposit Insurance Corporation
        3. National Credit Union Administration
        4. Office of the Comptroller of the Currency
        5. Special Roles of the Consumer Financial Protection Bureau and the Federal Trade Commission
      5. The Federal Financial Institutions Examination Council (FFIEC)
      6. The Gramm-Leach-Bliley Act
        1. Purpose, Scope, and Main Requirements
        2. The Privacy Rule
        3. The Safeguards Rule
        4. The Pretexting Rule
        5. Oversight
      7. Federal Trade Commission Red Flags Rule
        1. Purpose
        2. Scope
        3. Main Requirements
        4. Oversight
      8. Payment Card Industry Standards
        1. Purpose
        2. Scope
        3. Main Requirements
        4. Oversight
      9. Case Studies and Examples
        1. FTC Privacy and Safeguards Rule Enforcement
        2. Credit Card Security Example 1
        3. Credit Card Security Example 2
      10. Chapter Summary
      11. Key Concepts and Terms
      12. Chapter 4 ASSESSMENT
      13. Endnotes
    2. Chapter 5 Security and Privacy of Information Belonging to Children and in Educational Records
      1. Challenges in Protecting Children on the Internet
        1. Identification of Children
        2. First Amendment and Censorship
        3. Defining Obscenity
      2. Children’s Online Privacy Protection Act
        1. Purpose of COPPA
        2. Scope of the Regulation
        3. Main Requirements
        4. Oversight
      3. Children’s Internet Protection Act (CIPA)
        1. Purpose
        2. Scope of the Regulation
        3. Main Requirements
        4. Oversight
      4. Family Educational Rights and Privacy (FERPA)
        1. Scope
        2. Main Requirements
        3. Disclosure Exceptions
        4. Security of Student Records Under FERPA
        5. Oversight
      5. Case Studies and Examples
        1. Liberty Financial and Children’s Privacy
        2. Iconix Brand Group, Inc.
        3. Gonzaga University Student
        4. Release of Disciplinary Records
      6. Chapter Summary
      7. Key Concepts and Terms
      8. Chapter 5 ASSESSMENT
      9. Endnotes
    3. Chapter 6 Security and Privacy of Health Information
      1. Business Challenges Facing the Health Care Industry
      2. Why Is Health Care Information So Sensitive?
      3. The Health Insurance Portability and Accountability Act
        1. Purpose
        2. Scope
        3. Main Requirements of the Privacy Rule
        4. Main Requirements of the Security Rule
        5. Oversight
      4. The Role of State Laws Protecting Medical Records
      5. Case Studies and Examples
        1. OCR Enforcement Information
        2. HIPAA and Federal Trade Communications Act
      6. Chapter Summary
      7. Key Concepts and Terms
      8. Chapter 6 ASSESSMENT
      9. Endnotes
    4. Chapter 7 Corporate Information Security and Privacy Regulation
      1. The Enron Scandal and Securities-Law Reform
        1. Corporate Fraud at Enron
      2. Why Is Accurate Financial Reporting Important?
      3. The Sarbanes-Oxley Act of 2002
        1. Purpose and Scope
        2. Main Requirements
        3. Oversight
      4. Compliance and Security Controls
        1. COBIT
        2. GAIT
        3. ISO/IEC Standards
        4. NIST Computer Security Guidance
      5. SOX Influence in Other Types of Companies
      6. Corporate Privacy Issues
      7. Case Studies and Examples
      8. Chapter Summary
      9. Key Concepts and Terms
      10. Chapter 7 ASSESSMENT
      11. Endnotes
    5. Chapter 8 Federal Government Information Security and Privacy Regulations
      1. Information Security Challenges Facing the Federal Government
      2. The Federal Information Security Management Act
        1. Purpose and Scope
        2. Main Requirements
        3. Oversight
      3. Protecting Privacy in Federal Information Systems
        1. The Privacy Act of 1974
        2. The E-Government Act of 2002
        3. OMB Breach Notification Policy
      4. Import and Export Control Laws
      5. Case Studies and Examples
        1. Missing Hard Drives
        2. Social Networking Sites
      6. Chapter Summary
      7. Key Concepts and Terms
      8. Chapter 8 ASSESSMENT
      9. Endnotes
    6. Chapter 9 State Laws Protecting Citizen Information and Breach Notification Laws
      1. History of State Actions to Protect Personal Information
        1. ChoicePoint Data Breach
      2. Breach Notification Regulations
        1. California Breach Notification Act
        2. Other Breach Notification Laws
      3. Data-Specific Security and Privacy Regulations
        1. Minnesota and Nevada: Requiring Businesses to Comply with Payment Card Industry Standards
        2. Indiana: Limiting SSN Use and Disclosure
      4. Encryption Regulations
        1. Massachusetts: Protecting Personal Information
        2. Nevada Law: Standards-Based Encryption
      5. Data Disposal Regulations
        1. Washington: Everyone Has an Obligation
        2. New York: Any Physical Record
      6. Case Studies and Examples
      7. Chapter Summary
      8. Key Concepts and Terms
      9. Chapter 9 ASSESSMENT
      10. Endnotes
    7. Chapter 10 Intellectual Property Law
      1. The Digital Wild West and the Importance of Intellectual Property Law
      2. Legal Ownership and the Importance of Protecting Intellectual Property
      3. Patents
        1. Patent Basics
        2. Infringement and Remedies
        3. What Is the Difference Between Patents and Trade Secrets?
      4. Trademarks
        1. Trademark Basics
        2. Infringement and Remedies
        3. Relationship of Trademarks on Domain Names
      5. Copyright
        1. Copyright Basics
        2. Infringement and Remedies
      6. Protecting Copyrights Online—The Digital Millennium Copyright Act (DMCA)
        1. DMCA Basics
        2. DMCA Implementation Concerns
      7. Case Studies and Examples
        1. Trade Secrets
        2. Service Provider Liability for Copyright Infringement
        3. Digital Collections
      8. Chapter Summary
      9. Key Concepts and Terms
      10. Chapter 10 ASSESSMENT
      11. Endnotes
    8. Chapter 11 The Role of Contracts
      1. General Contracting Principles
        1. Contract Form
        2. Capacity to Contract
        3. Contract Legality
        4. Form of Offer
        5. Form of Acceptance
        6. Meeting of the Minds
        7. Consideration
        8. Performance and Breach of Contract
        9. Contract Repudiation
      2. Contracting Online
        1. Legal Capacity Online
        2. Existence and Enforcement
        3. Authenticity and Nonrepudiation
      3. Special Types of Contracts in Cyberspace
        1. Shrinkwrap Contracts
        2. Clickwrap Contracts
        3. Browsewrap Contracts
      4. How Do These Contracts Regulate Behavior?
      5. Emerging Contract Law Issues
        1. Cloud Computing
        2. Information Security Terms in Contracts
      6. Case Studies and Examples
        1. Contract Formation via E-mail
        2. Contract Dispute Statistics
      7. Chapter Summary
      8. Key Concepts and Terms
      9. Chapter 11 ASSESSMENT
      10. Endnotes
    9. Chapter 12 Criminal Law and Tort Law Issues in Cyberspace
      1. General Criminal Law Concepts
        1. Main Principles of Criminal Law
        2. Criminal Procedure
      2. Common Criminal Laws Used in Cyberspace
        1. The Computer Fraud and Abuse Act (1984)
        2. Computer Trespass or Intrusion
        3. Theft of Information
        4. Interception of Communications Laws
        5. Spam and Phishing Laws
        6. Cybersquatting
        7. Malicious Acts
        8. Well-Known Cybercrimes
      3. General Tort Law Concepts
        1. Strict Liability Torts
        2. Negligence Torts
        3. Intentional Torts
        4. Civil Procedure
      4. Common Tort Law Actions in Cyberspace
        1. Defamation
        2. Intentional Infliction of Emotional Distress
        3. Trespass Torts
        4. Privacy Violations
      5. Case Studies and Examples
        1. CAN-SPAM Act
        2. Defamation
      6. Chapter Summary
      7. Key Concepts and Terms
      8. Chapter 12 ASSESSMENT
      9. Endnotes
  11. Part Three: Security and Privacy in Organizations
    1. Chapter 13 Information Security Governance
      1. What Is Information Security Governance?
        1. Information Security Governance Planning
        2. Common Information Security Governance Roles
        3. Information Security Governance and Management
        4. Information Security Governance in the Federal Government
      2. Information Security Governance Documents
        1. Policies
        2. Standards
        3. Procedures
        4. Guidelines
        5. Creating Information Security Policies
      3. Recommended Information Security Policies
        1. Acceptable Use Policies
        2. Anti-Harassment Policies
        3. Data Retention and Destruction Policies
        4. Intellectual Property Policies
        5. Authentication and Password Policies
        6. Security Awareness and Training
      4. Case Studies and Examples
        1. Acceptable Use Case Study
        2. Intellectual Property Example
      5. Chapter Summary
      6. Key Concepts and Terms
      7. Chapter 13 ASSESSMENT
      8. Endnotes
    2. Chapter 14 Risk Analysis, Incident Response, and Contingency Planning
      1. Contingency Planning
      2. Risk Management
        1. Risk Assessment Process
        2. Risk Response
        3. Training Employees
        4. Continuous Monitoring
      3. Three Types of Contingency Planning
        1. Incident Response Planning
        2. Disaster Recovery and Business Continuity Planning
        3. Testing the Plan
      4. Special Considerations
        1. Addressing Compliance Requirements
        2. When to Call the Police
        3. Public Relations
      5. Chapter Summary
      6. Key Concepts and Terms
      7. Chapter 14 ASSESSMENT
      8. Endnotes
    3. Chapter 15 Computer Forensics and Investigations
      1. What Is Computer Forensics?
      2. What Is the Role of a Computer Forensic Examiner?
      3. Collecting, Handling, and Using Digital Evidence
        1. The Investigative Process
        2. Guiding Principles for Forensic Examination
      4. Legal Issues Involving Digital Evidence
        1. Authority to Collect Evidence
        2. Admissibility of Evidence
      5. Chapter Summary
      6. Key Concepts and Terms
      7. Chapter 15 ASSESSMENT
      8. Endnotes
  12. Appendix A: Answer Key
  13. Appendix B: Standard Acronyms
  14. Appendix C: Law and Case Citations
    1. U.S. Federal Laws
    2. Court Rules
    3. Court Cases
  15. Appendix D: The Constitution of the United States of America
  16. Glossary of Key Terms
  17. References
  18. Index

Product information

  • Title: Legal Issues in Information Security, 2nd Edition
  • Author(s): Joanna Lyn Grama
  • Release date: June 2014
  • Publisher(s): Jones & Bartlett Learning
  • ISBN: 9781284054750