Classification of laws

law

license

Import/Export Control

privacy

Compliance

Contracts and Procurement

Understand the differences between criminal, civil, and administrative law. Criminal law protects society from conduct that violates the fundamental principles of our faith. Violations of criminal laws will be prosecuted by U.S. federal and state governments. Civil law provides the framework for business transactions between people and organizations. Violations of civil law will be argued through the courts by the affected parties. Administrative law is the law that government agencies use to carry out their day-to-day affairs effectively.

Be able to explain the basic provisions of major laws designed to protect society from the effects of computer crime. The Computer Fraud and Abuse Act (as amended) protects computers used in government or interstate commerce from misuse. The Electronic Communications Privacy Act (ECPA) makes it a crime to invade an individual's electronic privacy.

Understand the differences between copyrights, trademarks, patents, and trade secrets. Copyright protects a creator's original works, such as books, articles, poems, and pieces. Trademarks are names, slogans and logos that identify a company, product or service. Patents provide protection to creators of new inventions. Trade secret laws protect corporate operating secrets.

Be able to explain the basic provisions of the Digital Millennium Copyright Act of 1998. The Digital Millennium Copyright Act prohibits circumvention of copyright protection mechanisms in digital media and limits Internet service providers' liability for advertising activities.

Understand the basic provisions of the Economic Espionage Act. The Economic Espionage Act punishes individuals who steal trade secrets.

Learn about the different types of software license agreements. A contractual license agreement is a written agreement between the software provider and the user. The license agreement effective upon opening is written on the software package and becomes effective when the user opens the package. A click-to-play license agreement is included in the software package, but requires the user to accept these terms during the software installation process.

Understand the notification requirements for organizations that experience a data breach. California’s SB 1386 is the first statewide law to require notification of breaches. Most states in the United States have now passed similar laws. Currently, federal law only requires entities subject to HIPAA to notify individuals when their protected personal health information has been compromised.

Understand the major laws governing the privacy of personal information in the United States, Europe, and Canada. Countries have many privacy laws that affect government use of information and the availability of information to specific industries, such as financial services companies and healthcare organizations that handle sensitive information. The European Union has a very comprehensive General Data Protection Regulation that governs the use and exchange of personal information. In Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) governs the use of personal information.

Explain the importance of a comprehensive compliance program. Most organizations are subject to various legal and regulatory requirements related to information security. Build a compliance program to ensure you achieve and consistently comply with these often important compliance requirements.

Learn how to incorporate security into your procurement and supplier management processes. The extensive use of cloud services by many organizations requires review of information security controls during the vendor selection process and during ongoing vendor management.

Ability to determine compliance and other requirements for information protection. Cybersecurity professionals must be able to analyze situations and determine the applicable jurisdictions and laws. They must be able to identify relevant contractual, legal, regulatory and industry standards and interpret them in the light of specific circumstances.

Understand legal and regulatory issues and how they relate to information security. Understand the concepts of cybercrime and data breaches and be able to apply them to the environment when an incident occurs. Understand what licenses and intellectual property protections apply to your organization's data and what your obligations are when you encounter data belonging to another organization. Understand the privacy and export control issues associated with transferring information across national borders.

1.Briamm is working with an American software company that uses encryption in its products and plans to export its counterpart outside the United States. Which of the following federal government agencies has the authority to regulate the export of encryption software? A.NSA B. NIST C.BIS D.FTC

2.Wendy recently accepted a position as a senior cybersecurity administrator for a U.S. government agency, and she is considering the legal requirements that will impact her new position. Which of the following laws governs the information security operations of federal agencies? A. FISMA B.FERPA C.CFAA D. ECPA

3. Which type of law does not require the U.S. Congress to implement it at the federal level, but is implemented by the executive branch in the form of regulations, policies, and procedures? Formulate? A. Criminal law B. Common law C.Civil law D. Administrative law

4. Which U.S. state was the first to pass a comprehensive privacy law based on the requirements of the European Union’s General Data Protection Regulation? A. California B. New York State C. Vermont D.Texas

5. When the U.S. Congress passed CALEA in 1994, what kind of organizations were required to cooperate with law enforcement investigations? A. Financial institutions B. Communication operator C.Medical and health organizations D.Website

6. Which of the following laws protects citizens’ privacy rights by limiting the power of government agencies to search private homes and facilities? A. Privacy Act B. Fourth Amendment C.Second Amendment D. (Gramm-Leach-Bliley Act)

7. Matthew recently created a new algorithm for solving mathematical problems that he wants to share with the world. However, he wanted to obtain some form of intellectual property protection (IP) before publishing his software code in a technical journal. Which of the following types of protection would best meet the need? A.Copyright B. Trademark C.Patent D.Trade secrets

8 Mary is the co-founder of the manufacturing company Arne wideets. Together with her partners, she has developed a special oil that will greatly improve the manufacturing process of small parts. To protect the secret of the formula, Nary, and Loe planned to mass-produce the oil themselves at the factory after the other workers left. They want to protect the formula for as long as possible. Which of the following types of intellectual property (IP) protection would best meet your needs? A.Copyright B. Trade indication C.Patent D. Trade secrets

What symbol should he use next to his name to indicate its protected status? A.O. B.R. C. тм D.

10. Tom works as a consultant for a federal government agency that obtains personal information from voters. He wanted to foster closer research relationships between institutions and universities and needed to share personal information with several universities. What laws prevent government agencies from disclosing personal information that an individual has provided to the government under protected circumstances? A. Privacy Act B. Electronic Communications Privacy Act C. Health Insurance Portability and Accountability Act D.<Gramm-Leach-Bliley Act)

11.Renee's organization is entering into a partnership with a company located in France, a process that will involve the exchange of personal information. Her partners in France wanted to ensure that the exchange of information complied with the GDPR. Which of the following mechanisms is most appropriate? A. Binding Corporate Rules B. Privacy Shield C. Privacy lock D. Quasi-contractual terms

12. The Children’s Online Privacy Protection Act (COPPA) is designed to protect the privacy of children using the Internet. What is the minimum age of children from whom a company can collect personally identifiable information without parental consent? A. 13 B. 14 C. 15 D.16

13. Kevin is evaluating his organization's obligations under state data breach notification laws. Which of the following information, when presented with an individual's name, is generally not protected by data breach notification laws A. Social Security Number B. Driver’s license number C.Credit card number D.Student ID number

14. Roser is the CISO of a healthcare organization covered by HIPAA. Under what circumstances does he expect vendors of some of the organization's data to be allowed access to protected health information (PHI) data? A This is allowed if the service provider is certified by the Department of Health and Human Services. B This is allowed if the service provider has a business associate agreement. C. This is allowed if the service provider Roser's network is located in the same state. D. This is not allowed under any circumstances.

15. Framees learns that a user in her organization recently signed up for a cloud service without her supervisor being qualified, and that company credentials were stored in the service. Which of the following statements is correct? A If the user does not sign a written contract, the organization has no obligations towards the service provider. B. Users are likely to agree to a click-through license agreement that is binding on the organization. C. User's conduct may violate federal law. D. The user's conduct may violate state law.

16. Greg recently accepted a position as a cybersecurity compliance officer at a private bank. What laws most directly affect how their organization handles personal information? A. HIPAA B.GLBA C. SOX D. FISMA

17. Ruth recently received a utility patent covering a new invention of hers. How long will the legal protection for her invention last? A. 14 years from the date of application B. 14 years from the date the patent is granted C. 20 years from the date of application D. 20 years from the date the patent is granted

18.Ryan is reviewing the terms of a proposed vendor agreement between the financial institution where he works and a cloud service provider. Which of the following is Ryan least concerned about? A. What security audits does the supplier perform? B. What provisions are in place to protect the confidentiality, integrity and availability of data? Is Supplier C HIPAA compliant? D. What encryption algorithm and key length are used?

19.Justin is a cybersecurity consultant working with a retailer to design their new point-of-sale (POS) system. where Are the compliance obligations related to the processing of credit card information that may occur through the system? A. SOX B. HIPAA C.PCIDSS D.FERPA

20. Lomand and Shordon recently co-authored a paper describing a new superfluid vacuum theory. How long will the copyright on their paper last? A. 70 years after publication B. 70 years after the first draft was completed C. 70 years after the death of the first author D. 70 years after the death of the last author