Cover image for Legal and Privacy Issues in Information Security, 3rd Edition

Legal and Privacy Issues in Information Security, 3rd Edition

Author Joanna Lyn Grama
Release Date: 2020/12/01
Topic:
0%
180
Chapters
0-1
Hours read
0k
Total Words
    Start Reading Now    
       Add to Wishlist       
View table of contents

Book Description


Thoroughly revised and updated to address the many changes in this evolving field, the third edition of Legal and Privacy Issues in Information Security addresses the complex relationship between the law and the practice of information security. Information systems security and legal compliance are required to protect critical governmental and corporate infrastructure, intellectual property created by individuals and organizations alike, and information that individuals believe should be protected from unreasonable intrusion. Organizations must build numerous information security and privacy responses into their daily operations to protect the business itself, fully meet legal requirements, and to meet the expectations of employees and customers.

Instructor Materials for Legal Issues in Information Security include:

PowerPoint Lecture Slides
Instructor's Guide
Sample Course Syllabus
Quiz & Exam Questions
Case Scenarios/Handouts

New to the third Edition:

• Includes discussions of amendments in several relevant federal and state laws and regulations since 2011
• Reviews relevant court decisions that have come to light since the publication of the first edition
• Includes numerous information security data breaches highlighting new vulnerabilities

Table of Contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Contents
  5. Dedication
  6. Preface
  7. Acknowledgments
  8. About the Author
  9. Chapter 1 Information Security Overview
    1. Why Is Information Security an Issue?
    2. What Is Information Security?
      1. What Is Confidentiality?
      2. What Is Integrity?
      3. What Is Availability?
    3. Basic Information Security Concepts
      1. Vulnerabilities
      2. Threats
      3. Risks
      4. Safeguards
      5. Choosing Safeguards
    4. What Are Common Information Security Concerns?
      1. Shoulder Surfing
      2. Social Engineering
      3. Phishing and Targeted Phishing Scams
      4. Malware
      5. Spyware and Keystroke Loggers
      6. Logic Bombs
      7. Backdoors
      8. Denial of Service Attacks
    5. What Are the Mechanisms That Ensure Information Security?
      1. Laws and Legal Duties
      2. Contracts
      3. Organizational Governance
        1. Data Protection Models
    6. U.S. National Security Information
      1. Voluntary Organizations
    7. Do Special Kinds of Data Require Special Kinds of Protection?
    8. Chapter Summary
    9. Key Concepts and Terms
    10. Chapter 1 Assessment
    11. Endnotes
  10. Chapter 2 Privacy Overview
    1. Why Is Privacy an Issue?
    2. What Is Privacy?
      1. Types of Personal Information
    3. How Is Privacy Different from Information Security?
    4. What Are the Sources of Privacy Law?
      1. Constitutional Law
      2. Federal Law
        1. Freedom of Information Act (1966)
        2. Privacy Act (1974)
        3. E-Government Act (2002)
        4. Electronic Communications Privacy Act (1986)
        5. The Wiretap Act (1968, amended)
        6. Census Confidentiality (1952)
        7. Mail Privacy Statute (1971)
        8. Cable Communications Policy Act (1984)
        9. Driver’s Privacy Protection Act (1994)
      3. State Laws
      4. Common Law
        1. Intrusion Into Seclusion
        2. Portrayal in a False Light
        3. Appropriation of Likeness or Identity
        4. Public Disclosure of Private Facts
      5. Voluntary Agreements
    5. What Are Threats to Personal Data Privacy in the Information Age?
      1. Technology-Based Privacy Concerns
        1. Spyware
        2. Cookies, Web Beacons, and Clickstreams
        3. Wireless Technologies
        4. GPS Technology
        5. Security Breaches
      2. People-Based Privacy Concerns
        1. Social Networking Sites
        2. Online Data Gathering
    6. What Is Workplace Privacy?
      1. Telephone, Voicemail, and Email Monitoring
        1. Telephone and Voicemail Monitoring
        2. Email Monitoring
      2. Computer Use Monitoring
        1. Off-Duty Computer Monitoring
      3. Video Surveillance Monitoring
        1. Special Rules for Public Employees
    7. What Are General Principles for Privacy Protection in Information Systems?
      1. Privacy Policies
      2. International Privacy Laws
    8. Chapter Summary
    9. Key Concepts and Terms
    10. Chapter 2 Assessment
    11. Endnotes
  11. Chapter 3 The American Legal System
    1. The American Legal System
      1. Federal Government
        1. Legislative Branch
        2. Executive Branch
        3. Judicial Branch
      2. State Government
    2. Sources of American Law
      1. Common Law
      2. Code Law
      3. Constitutional Law
      4. How Does It All Fit Together?
    3. Types of Law
      1. Civil
      2. Criminal
      3. Administrative
    4. The Role of Precedent
    5. Regulatory Authorities
    6. What Is the Difference Between Compliance and Audit?
    7. How Do Security, Privacy, and Compliance Fit Together?
    8. Chapter Summary
    9. Key Concepts and Terms
    10. Chapter 3 Assessment
    11. Endnotes
  12. Chapter 4 Security and Privacy of Consumer Financial Information
    1. Business Challenges Facing Financial Institutions
    2. The Different Types of Financial Institutions
    3. Consumer Financial Information
    4. Who Regulates Financial Institutions?
      1. The Federal Reserve System
      2. Federal Deposit Insurance Corporation
      3. National Credit Union Administration
      4. Office of the Comptroller of the Currency
      5. Special Role of the Federal Financial Institutions Examination Council
      6. Special Roles of the Consumer Financial Protection Bureau and the Federal Trade Commission
        1. Consumer Financial Protection Bureau
        2. Federal Trade Commission
    5. The Gramm-Leach-Bliley Act
      1. Purpose, Scope, and Main Requirements
      2. The Privacy Rule
      3. The Safeguards Rule
      4. The Pretexting Rule
      5. Oversight
    6. Federal Trade Commission Red Flags Rule
      1. Purpose
      2. Scope
      3. Main Requirements
      4. Oversight
    7. Payment Card Industry Standards
      1. Purpose
      2. Scope
      3. Main Requirements
      4. Oversight
    8. Case Studies and Examples
      1. FTC Privacy and Safeguards Rule Enforcement
      2. Credit Card Security Example
    9. Chapter Summary
    10. Key Concepts and Terms
    11. Chapter 4 Assessment
    12. Endnotes
  13. Chapter 5 Security and Privacy of Information Belonging to Children and in Educational Records
    1. Challenges in Protecting Children on the Internet
      1. Identification of Children
      2. First Amendment and Censorship
      3. Defining Obscenity
    2. Children’s Online Privacy Protection Act
      1. Purpose of COPPA
      2. Scope of the Regulation
      3. Main Requirements
        1. Privacy Policy
        2. Privacy Policy Content
        3. Gaining Parental Consent
      4. Oversight
    3. Children’s Internet Protection Act
      1. Purpose
      2. Scope of the Regulation
      3. Main Requirements
        1. Content Filtering
        2. Internet Safety Policy
        3. Exceptions
      4. Oversight
    4. Family Educational Rights and Privacy Act (FERPA)
      1. Scope
      2. Main Requirements
        1. Annual Notification
        2. Access to Education Records
        3. Amendment of Education Records
        4. Disclosure of Education Records
      3. Disclosure Exceptions Under FERPA
      4. Security of Student Records Under FERPA
      5. Oversight
      6. State Laws Protecting Student Data
    5. Case Studies and Examples
      1. Children’s Privacy
      2. Release of Disciplinary Records
    6. Chapter Summary
    7. Key Concepts and Terms
    8. Chapter 5 Assessment
    9. Endnotes
  14. Chapter 6 Security and Privacy of Health Information
    1. Business Challenges Facing the Healthcare Industry
    2. Why Is Healthcare Information So Sensitive?
    3. The Health Insurance Portability and Accountability Act
      1. Purpose
      2. Scope
      3. Main Requirements of the Privacy Rule
        1. Required Disclosures
        2. Permitted Uses and Disclosures
        3. Uses and Disclosures That Require Authorization
        4. Minimum Necessary Rule
        5. Other Individual Rights Under the Privacy Rule
        6. Privacy Notices
        7. Administrative Requirements
        8. Breach Notification Provisions
      4. Main Requirements of the Security Rule
        1. Safeguards and Implementation Specifications
      5. Oversight
    4. The Role of State Laws Protecting Medical Records
    5. Case Studies and Examples
      1. OCR Enforcement Information
      2. HIPAA and Federal Trade Communications Act
    6. Chapter Summary
    7. Key Concepts and Terms
    8. Chapter 6 Assessment
    9. Endnotes
  15. Chapter 7 Corporate Information Security and Privacy Regulation
    1. The Enron Scandal and Securities-Law Reform
      1. Corporate Fraud at Enron
    2. Why Is Accurate Financial Reporting Important?
    3. The Sarbanes-Oxley Act of 2002
      1. Purpose and Scope
      2. Main Requirements
        1. Public Company Accounting Oversight Board
        2. Document Retention
        3. Certification
      3. Oversight
    4. Compliance and Security Controls
      1. COBIT
      2. GAIT
      3. ISO/IEC Standards
      4. NIST Computer Security Guidance
    5. SOX Influence in Other Types of Companies
    6. Corporate Privacy Issues
    7. Case Studies and Examples
    8. Chapter Summary
    9. Key Concepts and Terms
    10. Chapter 7 Assessment
    11. Endnotes
  16. Chapter 8 Federal Government Information Security and Privacy Regulations
    1. Information Security Challenges Facing the Federal Government
    2. The Federal Information Security Modernization Act
      1. Purpose and Scope
      2. Main Requirements
        1. Agency Information Security Programs
        2. The Role of NIST
        3. Central Incident Response Center
        4. National Security Systems
      3. Oversight
    3. Protecting Privacy in Federal Information Systems
      1. The Privacy Act of 1974
      2. The E-Government Act of 2002
      3. OMB Breach Notification Policy
      4. Import and Export Control Laws
    4. Case Studies and Examples
    5. Chapter Summary
    6. Key Concepts and Terms
    7. Chapter 8 Assessment
    8. Endnotes
  17. Chapter 9 State Laws Protecting Citizen Information and Breach Notification Laws
    1. History of State Actions to Protect Personal Information
      1. ChoicePoint Data Breach
    2. Breach Notification Regulations
      1. California Breach Notification Act
      2. Other Breach Notification Laws
        1. Activities That Constitute a Breach
        2. Time for Notification
        3. Contents of Notification
        4. Encryption Requirements
        5. Penalties for Failure to Notify
        6. Private Cause of Action
    3. Data-Specific Security and Privacy Regulations
      1. Minnesota and Nevada: Requiring Businesses to Comply With Payment Card Industry Standards
      2. Indiana: Limiting SSN Use and Disclosure
      3. California: Protecting Consumer Privacy
    4. Encryption Regulations
      1. Massachusetts: Protecting Personal Information
      2. Nevada Law: Standards-Based Encryption
    5. Data Disposal Regulations
      1. Washington: Everyone Has an Obligation
      2. New York: Any Physical Record
    6. Case Studies and Examples
    7. Chapter Summary
    8. Key Concepts and Terms
    9. Chapter 9 Assessment
    10. Endnotes
  18. Chapter 10 Intellectual Property Law
    1. The Digital Wild West and the Importance of Intellectual Property Law
    2. Legal Ownership and the Importance of Protecting Intellectual Property
    3. Patents
      1. Patent Basics
        1. Patent Requirements
      2. The Patent Application Process
      3. Infringement and Remedies
      4. What Is the Difference Between Patents and Trade Secrets?
    4. Trademarks
      1. Trademark Basics
        1. Use in Commerce
        2. Distinctive
      2. Trademark Registration
      3. Infringement and Remedies
      4. Relationship of Trademarks on Domain Names
    5. Copyright
      1. Copyright Basics
      2. Copyright Registration
      3. Infringement and Remedies
        1. Fair Use
    6. Protecting Copyrights Online—The Digital Millennium Copyright Act (DMCA)
      1. DMCA Basics
        1. Technology Protection Measures
        2. Online Copyright Infringement
        3. Computer Maintenance
      2. DMCA Unintended Consequences
        1. Title 1 Concerns
        2. Title II Concerns
    7. Case Studies and Examples
      1. Trade Secrets
      2. Service Provider Liability for Copyright Infringement
      3. Digital Collections
    8. Chapter Summary
    9. Key Concepts and Terms
    10. Chapter 10 Assessment
    11. Endnotes
  19. Chapter 11 The Role of Contracts
    1. General Contracting Principles
      1. Contract Form
      2. Capacity to Contract
      3. Contract Legality
      4. Form of Offer
      5. Form of Acceptance
      6. Meeting of the Minds
      7. Consideration
      8. Performance and Breach of Contract
      9. Contract Repudiation
    2. Contracting Online
      1. Legal Capacity Online
      2. Form of Offer and Acceptance
        1. Email Communications
        2. Text and Instant Messages
        3. Twitter and Other Social Networking Sites
      3. Existence and Enforcement
      4. Authenticity and Nonrepudiation
    3. Special Types of Contracts in Cyberspace
      1. Shrinkwrap Contracts
      2. Clickwrap Contracts
      3. Browsewrap Contracts
    4. How Do These Contracts Regulate Behavior?
    5. Emerging Contract Law Issues
      1. Cloud Computing
      2. Information Security Terms in Contracts
        1. Data Definition and Use
        2. General Data Protection Terms
        3. Compliance With Legal and Regulatory Requirements
    6. Case Studies and Examples
      1. Contract Formation via Email
    7. Chapter Summary
    8. Key Concepts and Terms
    9. Chapter 11 Assessment
    10. Endnotes
  20. Chapter 12 Criminal Law and Tort Law Issues in Cyberspace
    1. General Criminal Law Concepts
      1. Main Principles of Criminal Law
        1. Type of Wrongful Conduct
        2. Elements of a Crime
        3. Jurisdiction
      2. Criminal Procedure
    2. Common Criminal Laws Used in Cyberspace
      1. The Computer Fraud and Abuse Act (1984)
      2. Computer Trespass or Intrusion
      3. Theft of Information
      4. Interception of Communications Laws
      5. Spam and Phishing Laws
      6. Cybersquatting
      7. Malicious Acts
      8. Well-Known Cybercrimes
    3. General Tort Law Concepts
      1. Strict Liability Torts
      2. Negligence Torts
      3. Intentional Torts
      4. Civil Procedure
    4. Common Tort Law Actions in Cyberspace
      1. Defamation
      2. Intentional Infliction of Emotional Distress
      3. Trespass Torts
      4. Privacy Violations
    5. Case Studies and Examples
      1. CAN-SPAM Act
      2. Defamation on College Campuses
    6. Chapter Summary
    7. Key Concepts and Terms
    8. Chapter 12 Assessment
    9. Endnotes
  21. Chapter 13 Information Security Governance
    1. What Is Information Security Governance?
      1. Information Security Governance Planning
      2. Common Information Security Governance Roles
      3. Information Security Governance and Management
      4. Information Security Governance in the Federal Government
    2. Information Security Governance Documents
      1. Policies
      2. Standards
      3. Procedures
      4. Guidelines
      5. Creating Information Security Policies
        1. Policy Development Process
    3. Recommended Information Security Policies
      1. Acceptable Use Policies
        1. AUP Terms
        2. Enforcement
      2. Anti-Harassment Policies
      3. Workplace Privacy and Monitoring Policies
      4. Data Retention and Destruction Policies
        1. Data Retention Policies
        2. Data Destruction Policies
      5. Intellectual Property Policies
      6. Authentication and Password Policies
      7. Security Awareness and Training
    4. Case Studies and Examples
      1. Acceptable Use Case Study
    5. Chapter Summary
    6. Key Concepts and Terms
    7. Chapter 13 Assessment
    8. Endnotes
  22. Chapter 14 Risk Analysis, Incident Response, and Contingency Planning
    1. Contingency Planning
    2. Risk Management
      1. Risk Assessment Process
        1. Risk Assessment Team
        2. Identifying Assets, Vulnerabilities, and Threats
        3. Likelihood and Potential Loss
        4. Document Needed Controls
      2. Risk Response
      3. Training Employees
      4. Continuous Monitoring
    3. Three Types of Contingency Planning
      1. Incident Response Planning
        1. Incident Response Team
        2. IR Plan Process
      2. Disaster Recovery and Business Continuity Planning
        1. DR/BC Team
        2. DR/BC Plan Development
      3. Testing the Plan
    4. Special Considerations
      1. Addressing Compliance Requirements
      2. When to Call the Police
      3. Public Relations
    5. Chapter Summary
    6. Key Concepts and Terms
    7. Chapter 14 Assessment
    8. Endnotes
  23. Chapter 15 Computer Forensics and Investigations
    1. What Is Computer Forensics?
    2. What Is the Role of a Computer Forensic Examiner?
    3. Collecting, Handling, and Using Digital Evidence
      1. The Investigative Process
        1. Identification
        2. Preservation
        3. Collection
        4. Examination
        5. Presentation
      2. Ethical Principles for Forensic Examination
    4. Legal Issues Involving Digital Evidence
      1. Authority to Collect Evidence
        1. The Fourth Amendment and Search Warrants
        2. Federal Laws Regarding Electronic Data Collection
      2. Admissibility of Evidence
        1. The Hearsay Rule
        2. The Best Evidence Rule
    5. Chapter Summary
    6. Key Concepts and Terms
    7. Chapter 15 Assessment
    8. Endnotes
  24. Appendix A Answer Key
  25. Appendix B Standard Acronyms
  26. Appendix C Law and Case Citations
  27. Appendix D The Constitution of the United States of America
  28. Glossary of Key Terms
  29. References
  30. Index
18.222.148.124