1 / 15

IS3350 Security Issues in Legal Context Unit 6 Federal and State Laws on Privacy,

IS3350 Security Issues in Legal Context Unit 6 Federal and State Laws on Privacy, Information Security, and Breach Notification. Learning Objective. Describe legal compliance laws addressing public and private institutions. Key Concepts.

simone-castro
Download Presentation

IS3350 Security Issues in Legal Context Unit 6 Federal and State Laws on Privacy,

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IS3350 Security Issues in Legal Context Unit 6 Federal and State Laws on Privacy, Information Security, and Breach Notification

  2. Learning Objective Describe legal compliance laws addressing public and private institutions

  3. Key Concepts • Federal government information security and privacy regulation • Federal Government Information Security Management Act (FISMA) • Import and export laws for information technology • State regulation of privacy and information security • Data breach notification

  4. EXPLORE: CONCEPTS

  5. Federal Information Security Management Act (FISMA) Categorizing information and information systems by mission impact Complying with minimum security requirements for information systems Selecting appropriate security controls for information systems

  6. Federal Information Security Management Act (FISMA) continued Assessing security controls in information systems Determining security control effectiveness Establishing security authorization of information systems Monitoring security controls Assuring security authorization of information systems

  7. FISMA Implementation Project

  8. FISMA Procedures

  9. Data Breach Notification Laws Requirements to inform customers of a data breach Civil and/or criminal penalties for failure to disclose Private right of action Exemptions from reporting

  10. Data Breach Notification Laws (Continued) Personal Data Privacy and Security Act of 2009 Sponsored by committee Chairman Sen. Patrick Leahy, D-VT Requires breached organizations to notify individuals at risk Notice not required if data was encrypted or rendered useless Data Breach Notification Act Endorsed by California Sen. Dianne Feinstein, D-CA

  11. Regulatory Requirements for the Import and Export of Information Technology Department of Commerce Export Administration Regulations (EAR) Export Administration Act of 1979 Bureau of Industry and Security Commerce Control List (CCL) Department of State International Traffic in Arms Regulations (ITAR) Treasury Department Office of Foreign Assets Control (OFAC).

  12. Regulatory Requirements for the Import and Export of Information Technology Export of Technology or Software Release of technology or software subject to the EAR in a foreign country Release of technology or source code subject to the EAR to a foreign national within the United States or outside. Tansfer of source code Inspection or oral communication of code Violations subject to civil penalties or denial of export privileges Willful violations subject to criminal penalties

  13. EXPLORE: ROLES

  14. ROLES • Chief Information Security Officer • Manages investigations of possible breaches • Legal Counsel I • Handles all legal issues associated compromise of protected data • Office of Public Affairs • Directs all internal and external communication • Manages media relations • Maintains contact with law enforcement. • Human Resources • Advises on personnel issues and communications

  15. Summary • Federal government information security and privacy regulation • Federal Government Information Security Management Act (FISMA) • Import and export laws for information technology • State regulation of privacy and information security • Data breach notification

More Related