book

Legal Issues in Information Security, 2nd Edition

Name: Legal Issues in Information Security, 2nd Edition
Author: Joanna Lyn Grama
ISBN: 9781284054750

by Joanna Lyn Grama

June 2014

Intermediate to advanced

550 pages

18h 58m

English

Jones & Bartlett Learning

Read now

Unlock full access

Cover
Title Page
Copyright
Contents
Dedication
Preface
Acknowledgments
About the Author
Part One: Fundamental Concepts
Chapter 1 Information Security Overview
Why Is Information Security an Issue?What Is Information Security?What Is Confidentiality?What Is Integrity?What Is Availability?Basic Information Security ConceptsVulnerabilitiesThreatsRisksSafeguardsChoosing SafeguardsWhat Are Common Information Security Concerns?Shoulder SurfingSocial EngineeringPhishing and Targeted Phishing ScamsMalwareSpyware and Keystroke LoggersLogic BombsBackdoorsDenial of Service AttacksDo Different Types of Information Require Different Types of Protection?What Are the Mechanisms that Ensure Information Security?Laws and Legal DutiesContractsOrganizational GovernanceVoluntary OrganizationsDo Special Kinds of Data Require Special Kinds of Protection?Chapter SummaryKey Concepts and TermsChapter 1 Assessment

Chapter 2 Privacy Overview
Why Is Privacy an Issue?What Is Privacy?How Is Privacy Different from Information Security?What Are the Sources of Privacy Law?Constitutional LawFederal LawsState LawsCommon LawsVoluntary AgreementsWhat Are Threats to Personal Data Privacy in the Information Age?Technology-Based Privacy ConcernsPeople-Based Privacy ConcernsWhat Is Workplace Privacy?Telephone and Voice Mail MonitoringVideo Surveillance MonitoringComputer Use MonitoringE-mail MonitoringWhat Are General Principles for Privacy Protection in Information Systems?Privacy Policies and Data Privacy LawsChapter SummaryKey Concepts and TermsChapter 2 AssessmentEndnotes
Chapter 3 The American Legal System
The American Legal SystemFederal GovernmentState GovernmentSources of American LawCommon LawCode LawConstitutional LawHow Does It All Fit Together?Types of LawCivilCriminalAdministrativeThe Role of PrecedentRegulatory AuthoritiesWhat Is the Difference Between Compliance and Audit?How Do Security, Privacy, and Compliance Fit Together?Chapter SummaryKey Concepts and TermsChapter 3 AssessmentEndnotes
Part Two: Laws Influencing Information Security
Chapter 4 Security and Privacy of Consumer Financial Information
Business Challenges Facing Financial InstitutionsThe Different Types of Financial InstitutionsConsumer Financial InformationWho Regulates Financial Institutions?The Federal Reserve SystemFederal Deposit Insurance CorporationNational Credit Union AdministrationOffice of the Comptroller of the CurrencySpecial Roles of the Consumer Financial Protection Bureau and the Federal Trade CommissionThe Federal Financial Institutions Examination Council (FFIEC)The Gramm-Leach-Bliley ActPurpose, Scope, and Main RequirementsThe Privacy RuleThe Safeguards RuleThe Pretexting RuleOversightFederal Trade Commission Red Flags RulePurposeScopeMain RequirementsOversightPayment Card Industry StandardsPurposeScopeMain RequirementsOversightCase Studies and ExamplesFTC Privacy and Safeguards Rule EnforcementCredit Card Security Example 1Credit Card Security Example 2Chapter SummaryKey Concepts and TermsChapter 4 ASSESSMENTEndnotes
Chapter 5 Security and Privacy of Information Belonging to Children and in Educational Records
Challenges in Protecting Children on the InternetIdentification of ChildrenFirst Amendment and CensorshipDefining ObscenityChildren’s Online Privacy Protection ActPurpose of COPPAScope of the RegulationMain RequirementsOversightChildren’s Internet Protection Act (CIPA)PurposeScope of the RegulationMain RequirementsOversightFamily Educational Rights and Privacy (FERPA)ScopeMain RequirementsDisclosure ExceptionsSecurity of Student Records Under FERPAOversightCase Studies and ExamplesLiberty Financial and Children’s PrivacyIconix Brand Group, Inc.Gonzaga University StudentRelease of Disciplinary RecordsChapter SummaryKey Concepts and TermsChapter 5 ASSESSMENTEndnotes
Chapter 6 Security and Privacy of Health Information
Business Challenges Facing the Health Care IndustryWhy Is Health Care Information So Sensitive?The Health Insurance Portability and Accountability ActPurposeScopeMain Requirements of the Privacy RuleMain Requirements of the Security RuleOversightThe Role of State Laws Protecting Medical RecordsCase Studies and ExamplesOCR Enforcement InformationHIPAA and Federal Trade Communications ActChapter SummaryKey Concepts and TermsChapter 6 ASSESSMENTEndnotes
Chapter 7 Corporate Information Security and Privacy Regulation
The Enron Scandal and Securities-Law ReformCorporate Fraud at EnronWhy Is Accurate Financial Reporting Important?The Sarbanes-Oxley Act of 2002Purpose and ScopeMain RequirementsOversightCompliance and Security ControlsCOBITGAITISO/IEC StandardsNIST Computer Security GuidanceSOX Influence in Other Types of CompaniesCorporate Privacy IssuesCase Studies and ExamplesChapter SummaryKey Concepts and TermsChapter 7 ASSESSMENTEndnotes
Chapter 8 Federal Government Information Security and Privacy Regulations
Information Security Challenges Facing the Federal GovernmentThe Federal Information Security Management ActPurpose and ScopeMain RequirementsOversightProtecting Privacy in Federal Information SystemsThe Privacy Act of 1974The E-Government Act of 2002OMB Breach Notification PolicyImport and Export Control LawsCase Studies and ExamplesMissing Hard DrivesSocial Networking SitesChapter SummaryKey Concepts and TermsChapter 8 ASSESSMENTEndnotes
Chapter 9 State Laws Protecting Citizen Information and Breach Notification Laws
History of State Actions to Protect Personal InformationChoicePoint Data BreachBreach Notification RegulationsCalifornia Breach Notification ActOther Breach Notification LawsData-Specific Security and Privacy RegulationsMinnesota and Nevada: Requiring Businesses to Comply with Payment Card Industry StandardsIndiana: Limiting SSN Use and DisclosureEncryption RegulationsMassachusetts: Protecting Personal InformationNevada Law: Standards-Based EncryptionData Disposal RegulationsWashington: Everyone Has an ObligationNew York: Any Physical RecordCase Studies and ExamplesChapter SummaryKey Concepts and TermsChapter 9 ASSESSMENTEndnotes
Chapter 10 Intellectual Property Law
The Digital Wild West and the Importance of Intellectual Property LawLegal Ownership and the Importance of Protecting Intellectual PropertyPatentsPatent BasicsInfringement and RemediesWhat Is the Difference Between Patents and Trade Secrets?TrademarksTrademark BasicsInfringement and RemediesRelationship of Trademarks on Domain NamesCopyrightCopyright BasicsInfringement and RemediesProtecting Copyrights Online—The Digital Millennium Copyright Act (DMCA)DMCA BasicsDMCA Implementation ConcernsCase Studies and ExamplesTrade SecretsService Provider Liability for Copyright InfringementDigital CollectionsChapter SummaryKey Concepts and TermsChapter 10 ASSESSMENTEndnotes
Chapter 11 The Role of Contracts
General Contracting PrinciplesContract FormCapacity to ContractContract LegalityForm of OfferForm of AcceptanceMeeting of the MindsConsiderationPerformance and Breach of ContractContract RepudiationContracting OnlineLegal Capacity OnlineExistence and EnforcementAuthenticity and NonrepudiationSpecial Types of Contracts in CyberspaceShrinkwrap ContractsClickwrap ContractsBrowsewrap ContractsHow Do These Contracts Regulate Behavior?Emerging Contract Law IssuesCloud ComputingInformation Security Terms in ContractsCase Studies and ExamplesContract Formation via E-mailContract Dispute StatisticsChapter SummaryKey Concepts and TermsChapter 11 ASSESSMENTEndnotes
Chapter 12 Criminal Law and Tort Law Issues in Cyberspace
General Criminal Law ConceptsMain Principles of Criminal LawCriminal ProcedureCommon Criminal Laws Used in CyberspaceThe Computer Fraud and Abuse Act (1984)Computer Trespass or IntrusionTheft of InformationInterception of Communications LawsSpam and Phishing LawsCybersquattingMalicious ActsWell-Known CybercrimesGeneral Tort Law ConceptsStrict Liability TortsNegligence TortsIntentional TortsCivil ProcedureCommon Tort Law Actions in CyberspaceDefamationIntentional Infliction of Emotional DistressTrespass TortsPrivacy ViolationsCase Studies and ExamplesCAN-SPAM ActDefamationChapter SummaryKey Concepts and TermsChapter 12 ASSESSMENTEndnotes
Part Three: Security and Privacy in Organizations
Chapter 13 Information Security Governance
What Is Information Security Governance?Information Security Governance PlanningCommon Information Security Governance RolesInformation Security Governance and ManagementInformation Security Governance in the Federal GovernmentInformation Security Governance DocumentsPoliciesStandardsProceduresGuidelinesCreating Information Security PoliciesRecommended Information Security PoliciesAcceptable Use PoliciesAnti-Harassment PoliciesData Retention and Destruction PoliciesIntellectual Property PoliciesAuthentication and Password PoliciesSecurity Awareness and TrainingCase Studies and ExamplesAcceptable Use Case StudyIntellectual Property ExampleChapter SummaryKey Concepts and TermsChapter 13 ASSESSMENTEndnotes
Chapter 14 Risk Analysis, Incident Response, and Contingency Planning
Contingency PlanningRisk ManagementRisk Assessment ProcessRisk ResponseTraining EmployeesContinuous MonitoringThree Types of Contingency PlanningIncident Response PlanningDisaster Recovery and Business Continuity PlanningTesting the PlanSpecial ConsiderationsAddressing Compliance RequirementsWhen to Call the PolicePublic RelationsChapter SummaryKey Concepts and TermsChapter 14 ASSESSMENTEndnotes
Chapter 15 Computer Forensics and Investigations
What Is Computer Forensics?What Is the Role of a Computer Forensic Examiner?Collecting, Handling, and Using Digital EvidenceThe Investigative ProcessGuiding Principles for Forensic ExaminationLegal Issues Involving Digital EvidenceAuthority to Collect EvidenceAdmissibility of EvidenceChapter SummaryKey Concepts and TermsChapter 15 ASSESSMENTEndnotes
Appendix A: Answer Key
Appendix B: Standard Acronyms
Appendix C: Law and Case Citations
U.S. Federal LawsCourt RulesCourt Cases
Appendix D: The Constitution of the United States of America
Glossary of Key Terms
References
Index

Overview

Part of the Jones & Bartlett Learning Information Systems Security and Assurance Series
http://www.issaseries.com

Revised and updated to address the many changes in this evolving field, the Second Edition of Legal Issues in Information Security (Textbook with Lab Manual) addresses the area where law and information security concerns intersect. Information systems security and legal compliance are now required to protect critical governmental and corporate infrastructure, intellectual property created by individuals and organizations alike, and information that individuals believe should be protected from unreasonable intrusion. Organizations must build numerous information security and privacy responses into their daily operations to protect the business itself, fully meet legal requirements, and to meet the expectations of employees and customers.

Instructor Materials for Legal Issues in Information Security include:

PowerPoint Lecture Slides
Instructor's Guide
Sample Course Syllabus
Quiz & Exam Questions
Case Scenarios/Handouts

New to the Second Edition:

• Includes discussions of amendments in several relevant federal and state laws and regulations since 2011
• Reviews relevant court decisions that have come to light since the publication of the first edition
• Includes numerous information security data breaches highlighting new vulnerabilities

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781284054743

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills