CISSP - Legal, Regulations,
Investigations, Compliance. Exam
Questions and answers, 100% Accurate,
graded A+
HIPAA - ✔✔-The law provides national standards and procedures for the storage, use, and transmission
of personal medical information and health care data.The privacy and security portion of this law seeks
to guard Protected Health Information (PHI) from unauthorized use or disclosure.
GLBA - ✔✔-1999, this law requires financial institutions to: develop privacy notices to give to customers
regarding the collection, use, and sharing of PII. Furthermore, it requires a written security policy to be
in place and tested and employees are fully trained on information security issues.
Computer Fraud and Abuse Act - ✔✔-1986 amended in 1996, Title 18 section 1030. The primary federal
anti-hacking statute. Criminalized attacks on protected computers, which include government and
financial computers as well as those engaged in foreign or interstate commerce. This act is amended by
the Patriot Act
Electronic Communications Privacy Act - ✔✔-created a similar level of search and seizure protection to
non-telephony electronic communication equipment. An example is protection from unwarranted
wiretapping
Patriot Act - ✔✔-2001, expanded law enforcement's electronic monitoring capabilities, allowed for
search and seizure without requiring immediate disclosure, lessened the judicial oversight required of
law enforcement as related to electronic monitoring
Federal Privacy Act - ✔✔-applies to records and documents developed and maintained by specific
branches of the federal government that relate to individual's education, medical history, financial
history, criminal history, employment, etc. Government agencies can maintain this type of information
only if it is necessary and relevant to accomplishing the agency's purpose
, Freedom of Information Act - ✔✔-government files are open to the public unless specific legislation
deems otherwise
Basel II - ✔✔-prevents banks from overextending themselves, sets minimum capital requirements,
addresses information security in that, member institutions must continually address their exposure to
risk and implement security controls to protect their data
PCI DSS - ✔✔-applies to any entity that processes, transmits, stores, or accepts credit card data. it is not
law but a private sector initiative (self regulation). Major credit card companies should seek to ensure
better protection of cardholder data through mandating a security policy, security devices, control
techniques, and monitoring of systems and networks comprising cardholder data environments
California Senate Bill 1386 - ✔✔-one of the first state level breach notification laws. Requires
organizations experiencing a personal data breach involving California residents to notify them of the
potential disclosure. Served as impetus in the US for other breach notification laws
Computer Security Act of 1987 - ✔✔-requires US federal agencies to identify computer systems that
contain sensitive information. The agency must develop a security policy and plan for each of these
systems and conduct periodic training
Economic Espionage Act of 1996 - ✔✔-also called US Economic and Protection of Proprietary
Information Act. Provides the necessary structure when dealing with cares regarding trade secrets and
defined trade secrets to be technical, business, engineering, scientific, or financial.
Due care - ✔✔-defines a minimum standard of protection that business stakeholders must attempt to
achieve. company practices common sense and acts prudently and responsibly
Due diligence - ✔✔-management of due care; follows a formal process. the process of systematically
evaluating information to identify vulnerabilities, threats, and issues relating to an organization's overall
risk
downstream liability - ✔✔-the actions of one company negatively affect another company
Investigations, Compliance. Exam
Questions and answers, 100% Accurate,
graded A+
HIPAA - ✔✔-The law provides national standards and procedures for the storage, use, and transmission
of personal medical information and health care data.The privacy and security portion of this law seeks
to guard Protected Health Information (PHI) from unauthorized use or disclosure.
GLBA - ✔✔-1999, this law requires financial institutions to: develop privacy notices to give to customers
regarding the collection, use, and sharing of PII. Furthermore, it requires a written security policy to be
in place and tested and employees are fully trained on information security issues.
Computer Fraud and Abuse Act - ✔✔-1986 amended in 1996, Title 18 section 1030. The primary federal
anti-hacking statute. Criminalized attacks on protected computers, which include government and
financial computers as well as those engaged in foreign or interstate commerce. This act is amended by
the Patriot Act
Electronic Communications Privacy Act - ✔✔-created a similar level of search and seizure protection to
non-telephony electronic communication equipment. An example is protection from unwarranted
wiretapping
Patriot Act - ✔✔-2001, expanded law enforcement's electronic monitoring capabilities, allowed for
search and seizure without requiring immediate disclosure, lessened the judicial oversight required of
law enforcement as related to electronic monitoring
Federal Privacy Act - ✔✔-applies to records and documents developed and maintained by specific
branches of the federal government that relate to individual's education, medical history, financial
history, criminal history, employment, etc. Government agencies can maintain this type of information
only if it is necessary and relevant to accomplishing the agency's purpose
, Freedom of Information Act - ✔✔-government files are open to the public unless specific legislation
deems otherwise
Basel II - ✔✔-prevents banks from overextending themselves, sets minimum capital requirements,
addresses information security in that, member institutions must continually address their exposure to
risk and implement security controls to protect their data
PCI DSS - ✔✔-applies to any entity that processes, transmits, stores, or accepts credit card data. it is not
law but a private sector initiative (self regulation). Major credit card companies should seek to ensure
better protection of cardholder data through mandating a security policy, security devices, control
techniques, and monitoring of systems and networks comprising cardholder data environments
California Senate Bill 1386 - ✔✔-one of the first state level breach notification laws. Requires
organizations experiencing a personal data breach involving California residents to notify them of the
potential disclosure. Served as impetus in the US for other breach notification laws
Computer Security Act of 1987 - ✔✔-requires US federal agencies to identify computer systems that
contain sensitive information. The agency must develop a security policy and plan for each of these
systems and conduct periodic training
Economic Espionage Act of 1996 - ✔✔-also called US Economic and Protection of Proprietary
Information Act. Provides the necessary structure when dealing with cares regarding trade secrets and
defined trade secrets to be technical, business, engineering, scientific, or financial.
Due care - ✔✔-defines a minimum standard of protection that business stakeholders must attempt to
achieve. company practices common sense and acts prudently and responsibly
Due diligence - ✔✔-management of due care; follows a formal process. the process of systematically
evaluating information to identify vulnerabilities, threats, and issues relating to an organization's overall
risk
downstream liability - ✔✔-the actions of one company negatively affect another company
