CISSP - Legal, Regulations, Investigations, Compliance. Exam Questions and answers, 100% Accurate, graded A+
HIPAA - -The law provides national standards and procedures for the storage, use, and transmission of personal medical information and health care data.The privacy and security portion ...
HIPAA - ✔✔-The law provides national standards and procedures for the storage, use, and transmission
of personal medical information and health care data.The privacy and security portion of this law seeks
to guard Protected Health Information (PHI) from unauthorized use or disclosure.
GLBA - ✔✔-1999, this law requires financial institutions to: develop privacy notices to give to customers
regarding the collection, use, and sharing of PII. Furthermore, it requires a written security policy to be
in place and tested and employees are fully trained on information security issues.
Computer Fraud and Abuse Act - ✔✔-1986 amended in 1996, Title 18 section 1030. The primary federal
anti-hacking statute. Criminalized attacks on protected computers, which include government and
financial computers as well as those engaged in foreign or interstate commerce. This act is amended by
the Patriot Act
Electronic Communications Privacy Act - ✔✔-created a similar level of search and seizure protection to
non-telephony electronic communication equipment. An example is protection from unwarranted
wiretapping
Patriot Act - ✔✔-2001, expanded law enforcement's electronic monitoring capabilities, allowed for
search and seizure without requiring immediate disclosure, lessened the judicial oversight required of
law enforcement as related to electronic monitoring
Federal Privacy Act - ✔✔-applies to records and documents developed and maintained by specific
branches of the federal government that relate to individual's education, medical history, financial
history, criminal history, employment, etc. Government agencies can maintain this type of information
only if it is necessary and relevant to accomplishing the agency's purpose
, Freedom of Information Act - ✔✔-government files are open to the public unless specific legislation
deems otherwise
Basel II - ✔✔-prevents banks from overextending themselves, sets minimum capital requirements,
addresses information security in that, member institutions must continually address their exposure to
risk and implement security controls to protect their data
PCI DSS - ✔✔-applies to any entity that processes, transmits, stores, or accepts credit card data. it is not
law but a private sector initiative (self regulation). Major credit card companies should seek to ensure
better protection of cardholder data through mandating a security policy, security devices, control
techniques, and monitoring of systems and networks comprising cardholder data environments
California Senate Bill 1386 - ✔✔-one of the first state level breach notification laws. Requires
organizations experiencing a personal data breach involving California residents to notify them of the
potential disclosure. Served as impetus in the US for other breach notification laws
Computer Security Act of 1987 - ✔✔-requires US federal agencies to identify computer systems that
contain sensitive information. The agency must develop a security policy and plan for each of these
systems and conduct periodic training
Economic Espionage Act of 1996 - ✔✔-also called US Economic and Protection of Proprietary
Information Act. Provides the necessary structure when dealing with cares regarding trade secrets and
defined trade secrets to be technical, business, engineering, scientific, or financial.
Due care - ✔✔-defines a minimum standard of protection that business stakeholders must attempt to
achieve. company practices common sense and acts prudently and responsibly
Due diligence - ✔✔-management of due care; follows a formal process. the process of systematically
evaluating information to identify vulnerabilities, threats, and issues relating to an organization's overall
risk
downstream liability - ✔✔-the actions of one company negatively affect another company
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller QuickPass. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $9.49. You're not tied to anything after your purchase.
