Internet-related crime occurs every minute. Cybercriminals steal millions of dollars with near impunity. For everyone that is captured nearly 10,000 or not captured. For every one successful prosecuted in a court of law, 100 get off without punishment or with a warning. Why is it so difficult to prosecute cybercriminals?
Please make your initial post and two response posts substantive. A substantive post will do at least TWO of the following:
At least one scholarly source should be used in the initial discussion thread. Be sure to use information from your readings and other sources from the UC Library. Use proper citations and references in your post.
Chapter 4 Laws, Regulations, and Compliance
Categories of Laws
Criminal Law
Civil Law
Administrative Law
overview
Criminal Law
Preserve peace
Keep society safe
Penalties include:
Community service
Fines
Prison
Enacted through legislation
Civil Law
Provide for orderly society
Govern matters that are not crimes
Enacted through legislation
Punishment can include financial penalties
Administrative Law
Policies, procedures, and regulations
Govern the daily operations of an entity
Enacted by government agencies, not the legislature
Laws
Computer Crime
Intellectual Property
Licensing
Import/Export
Privacy
overview
Computer Crime 1/2
Computer Fraud and Abuse Act (CFAA)
Federal interest computer
Accessing classified information, accessing system, fraud, malicious damage, modify medical records, traffic passwords
Any computer in use by the government, financial institutions, and interstate offenses
Amendments
Creating malware code, interstate commerce, imprisonment, and civil action from victims
Federal Sentencing Guidelines
Prudent man rule
Burden of proof: negligence, compliance, causal
Computer Crime 2/2
National Information Infrastructure Protection Act
CFAA – international, national infrastructure
Federal Information Security Management Act (FISMA)
Risk assessment, planning, training, testing, incident management
Federal Information Systems Modernization Act (FISMA)
Centralizing under DHS
Cybersecurity Enhancement Act
NIST establishing voluntary cybersecurity standards
Intellectual Property 1/2
Copyrights
Original works of authorship
Digital Millennium Copyright Act
Trademarks
Words, slogans, logos, etc., which identify a company, its products, and its services
Patents
Intellectual property rights of inventors
Intellectual Property 2/2
Trade Secrets
Intellectual property of an organization
Non-disclosure agreement (NDA)
Economic Espionage Act
Stealing trade secrets to benefit a foreign government
Stealing trade secrets
Licensing
Contractual license agreements
Shrink‐wrap license agreements
Click‐through license agreements
Cloud services license agreements
Import/Export
Trans‐border data flow of new technologies, intellectual property, and personally identifying information
International Traffic in Arms Regulations (ITAR)
United States Munitions List (USML)
Export Administration Regulations (EAR)
Commerce Control List (CCL)
Computer Export Controls
Encryption Export Controls
Privacy 1/5
U.S. Privacy Law (1/2)
Fourth Amendment
Privacy Act
Electronic Communications Privacy Act
Communications Assistance for Law Enforcement Act (CALEA)
Economic Espionage Act
Health Insurance Portability and Accountability Act (HIPAA)
Privacy 2/5
U.S. Privacy Law (2/2)
Health Information Technology for Economic and Clinical Health Act (HITECH)
Data Breach Notification Laws
Children’s Online Privacy Protection Act (COPPA)
Gramm‐Leach‐Bliley Act
USA PATRIOT Act
Family Educational Rights and Privacy Act (FERPA)
Identity Theft and Assumption Deterrence Act
Privacy 3/5
European Union Privacy Law (1/3)
Consent
Contract
Legal obligation
Vital interest of the data subject
Balance between the interests of the data holder and the interests of the data subject
Key rights of individuals
Privacy Shield agreement
Privacy 4/5
European Union Privacy Law (2/3)
Privacy Shield agreement
Informing Individuals About Data Processing
Providing Free and Accessible Dispute Resolution
Cooperating with the Department of Commerce
Maintaining Data Integrity and Purpose Limitation
Ensuring Accountability for Data Transferred to Third Parties
Transparency Related to Enforcement Actions
Ensuring Commitments Are Kept As Long As Data Is Held
Privacy 5/5
European Union Privacy Law (3/3)
European Union General Data Protection Regulation (GDPR)
Applies to organizations that are not based in the EU
24-hour data breach notification requirement
Centralized data protection authorities in each EU member state
Individuals will have access to their own data
Data portability provisions
The “right to be forgotten”
Compliance
Security regulation as become complex
Issues with regulatory agencies and contractual obligations
Overlapping and often contradictory requirements
May require full-time compliance staff
Compliance audits and reporting
Payment Card Industry Data Security Standard (PCI DSS)
Contracting and Procurement
Use of cloud and service vendors require contract scrutiny
Perform security review and vendor governance
Tailor the contract and review to your specific concerns
Conclusion
Read the Exam Essentials
Review the Chapter
Perform the Written Labs
Answer the Review Questions