Contents
CHAPTER 1 Information Security Overview
Why Is Information Security an Issue?
Basic Information Security Concepts
What Are Common Information Security Concerns?
Phishing and Targeted Phishing Scams
What Are the Mechanisms That Ensure Information Security?
U.S. National Security Information
Do Special Kinds of Data Require Special Kinds of Protection?
How Is Privacy Different from Information Security?
What Are the Sources of Privacy Law?
Freedom of Information Act (1966)
Electronic Communications Privacy Act (1986)
The Wiretap Act (1968, amended)
Cable Communications Policy Act (1984)
Driver’s Privacy Protection Act (1994)
Appropriation of Likeness or Identity
Public Disclosure of Private Facts
What Are Threats to Personal Data Privacy in the Information Age?
Technology-Based Privacy Concerns
Cookies, Web Beacons, and Clickstreams
Telephone, Voicemail, and Email Monitoring
Telephone and Voicemail Monitoring
Special Rules for Public Employees
What Are General Principles for Privacy Protection in Information Systems?
CHAPTER 3 The American Legal System
What Is the Difference Between Compliance and Audit?
How Do Security, Privacy, and Compliance Fit Together?
PART II Laws Influencing Information Security
CHAPTER 4 Security and Privacy of Consumer Financial Information
Business Challenges Facing Financial Institutions
The Different Types of Financial Institutions
Consumer Financial Information
Who Regulates Financial Institutions?
Federal Deposit Insurance Corporation
National Credit Union Administration
Office of the Comptroller of the Currency
Special Role of the Federal Financial Institutions Examination Council
Special Roles of the Consumer Financial Protection Bureau and the Federal Trade Commission
Consumer Financial Protection Bureau
Purpose, Scope, and Main Requirements
Federal Trade Commission Red Flags Rule
Payment Card Industry Standards
FTC Privacy and Safeguards Rule Enforcement
CHAPTER 5 Security and Privacy of Information Belonging to Children and in Educational Records
Challenges in Protecting Children on the Internet
First Amendment and Censorship
Children’s Online Privacy Protection Act
Children’s Internet Protection Act
Family Educational Rights and Privacy Act (FERPA)
Amendment of Education Records
Disclosure of Education Records
Disclosure Exceptions Under FERPA
Security of Student Records Under FERPA
State Laws Protecting Student Data
Release of Disciplinary Records
CHAPTER 6 Security and Privacy of Health Information
Business Challenges Facing the Healthcare Industry
Why Is Healthcare Information So Sensitive?
The Health Insurance Portability and Accountability Act
Main Requirements of the Privacy Rule
Permitted Uses and Disclosures
Uses and Disclosures That Require Authorization
Other Individual Rights Under the Privacy Rule
Breach Notification Provisions
Main Requirements of the Security Rule
Safeguards and Implementation Specifications
The Role of State Laws Protecting Medical Records
HIPAA and Federal Trade Communications Act
CHAPTER 7 Corporate Information Security and Privacy Regulation
The Enron Scandal and Securities-Law Reform
Why Is Accurate Financial Reporting Important?
The Sarbanes-Oxley Act of 2002
Public Company Accounting Oversight Board
Compliance and Security Controls
NIST Computer Security Guidance
SOX Influence in Other Types of Companies
CHAPTER 8 Federal Government Information Security and Privacy Regulations
Information Security Challenges Facing the Federal Government
The Federal Information Security Modernization Act
Agency Information Security Programs
Central Incident Response Center
Protecting Privacy in Federal Information Systems
OMB Breach Notification Policy
Import and Export Control Laws
CHAPTER 9 State Laws Protecting Citizen Information and Breach Notification Laws
History of State Actions to Protect Personal Information
Breach Notification Regulations
California Breach Notification Act
Other Breach Notification Laws
Activities That Constitute a Breach
Penalties for Failure to Notify
Data-Specific Security and Privacy Regulations
Minnesota and Nevada: Requiring Businesses to Comply With Payment Card Industry Standards
Indiana: Limiting SSN Use and Disclosure
California: Protecting Consumer Privacy
Massachusetts: Protecting Personal Information
Nevada Law: Standards-Based Encryption
Washington: Everyone Has an Obligation
CHAPTER 10 Intellectual Property Law
The Digital Wild West and the Importance of Intellectual Property Law
Legal Ownership and the Importance of Protecting Intellectual Property
The Patent Application Process
What Is the Difference Between Patents and Trade Secrets?
Relationship of Trademarks on Domain Names
Protecting Copyrights Online—The Digital Millennium Copyright Act (DMCA)
Technology Protection Measures
Service Provider Liability for Copyright Infringement
CHAPTER 11 The Role of Contracts
General Contracting Principles
Performance and Breach of Contract
Twitter and Other Social Networking Sites
Authenticity and Nonrepudiation
Special Types of Contracts in Cyberspace
How Do These Contracts Regulate Behavior?
Information Security Terms in Contracts
Compliance With Legal and Regulatory Requirements
CHAPTER 12 Criminal Law and Tort Law Issues in Cyberspace
Main Principles of Criminal Law
Common Criminal Laws Used in Cyberspace
The Computer Fraud and Abuse Act (1984)
Computer Trespass or Intrusion
Interception of Communications Laws
Common Tort Law Actions in Cyberspace
Intentional Infliction of Emotional Distress
Defamation on College Campuses
PART III Security and Privacy in Organizations
CHAPTER 13 Information Security Governance
What Is Information Security Governance?
Information Security Governance Planning
Common Information Security Governance Roles
Information Security Governance and Management
Information Security Governance in the Federal Government
Information Security Governance Documents
Creating Information Security Policies
Recommended Information Security Policies
Workplace Privacy and Monitoring Policies
Data Retention and Destruction Policies
Intellectual Property Policies
Authentication and Password Policies
Security Awareness and Training
CHAPTER 14 Risk Analysis, Incident Response, and Contingency Planning
Identifying Assets, Vulnerabilities, and Threats
Three Types of Contingency Planning
Disaster Recovery and Business Continuity Planning
Addressing Compliance Requirements
CHAPTER 15 Computer Forensics and Investigations
What Is the Role of a Computer Forensic Examiner?
Collecting, Handling, and Using Digital Evidence
Ethical Principles for Forensic Examination
Legal Issues Involving Digital Evidence
The Fourth Amendment and Search Warrants
Federal Laws Regarding Electronic Data Collection
APPENDIX C Law and Case Citations