Atjaunināt sīkdatņu piekrišanu

Legal and Privacy Issues in Information Security 3rd edition [Mīkstie vāki]

3.71/5 (26 ratings by Goodreads)
  • Formāts: Paperback / softback, 552 pages, weight: 879 g
  • Izdošanas datums: 15-Dec-2020
  • Izdevniecība: Jones and Bartlett Publishers, Inc
  • ISBN-10: 1284207803
  • ISBN-13: 9781284207804
Citas grāmatas par šo tēmu:
  • Mīkstie vāki
  • Cena: 106,73 €
  • Grāmatu piegādes laiks ir 3-4 nedēļas, ja grāmata ir uz vietas izdevniecības noliktavā. Ja izdevējam nepieciešams publicēt jaunu tirāžu, grāmatas piegāde var aizkavēties.
  • Daudzums:
  • Ielikt grozā
  • Piegādes laiks - 4-6 nedēļas
  • Pievienot vēlmju sarakstam
Legal and Privacy Issues in Information Security 3rd editionPalielināt
  • Formāts: Paperback / softback, 552 pages, weight: 879 g
  • Izdošanas datums: 15-Dec-2020
  • Izdevniecība: Jones and Bartlett Publishers, Inc
  • ISBN-10: 1284207803
  • ISBN-13: 9781284207804
Citas grāmatas par šo tēmu:
Permanent link: https://www.kriso.lv/db/9781284207804.html
Keywords:
"The third edition of Legal Issues in Information Security addresses the area where law and information security concerns intersect. Information systems security and legal compliance are now required to protect critical governmental and corporate infrastructure, intellectual property created by individuals and organizations alike, and information that individuals believe should be protected from unreasonable intrusion. Organizations must build numerous information security and privacy responses into their daily operations to protect the business itself, fully meet legal requirements, and to meet the expectations of employees and customers"--

A&P Binding: PB Saleable

Thoroughly revised and updated to address the many changes in this evolving field, the third edition of Legal and Privacy Issues in Information Security addresses the complex relationship between the law and the practice of information security. Information systems security and legal compliance are required to protect critical governmental and corporate infrastructure, intellectual property created by individuals and organizations alike, and information that individuals believe should be protected from unreasonable intrusion. Organizations must build numerous information security and privacy responses into their daily operations to protect the business itself, fully meet legal requirements, and to meet the expectations of employees and customers.Instructor Materials for Legal Issues in Information Security include: PowerPoint Lecture Slides Instructor's Guide Sample Course Syllabus Quiz & Exam Questions Case Scenarios/HandoutsNew to the third Edition:•Includes discussions of amendments in several relevant federal and state laws and regulations since 2011•Reviews relevant court decisions that have come to light since the publication of the first edition•Includes numerous information security data breaches highlighting new vulnerabilities
Preface xix
Acknowledgments xxi
About the Author xxiii
PART I Fundamental Concepts
1(84)
Chapter 1 Information Security Overview
3(28)
Why Is Information Security an Issue?
4(1)
What Is Information Security?
5(1)
What Is Confidentiality?
6(1)
What Is Integrity?
7(1)
What Is Availability?
8(2)
Basic Information Security Concepts
10(1)
Vulnerabilities
10(2)
Threats
12(2)
Risks
14(1)
Safeguards
15(3)
Choosing Safeguards
18(1)
What Are Common Information Security Concerns?
18(1)
Shoulder Surfing
18(1)
Social Engineering
19(1)
Phishing and Targeted Phishing Scams
19(1)
Malware
20(1)
Spyware and Keystroke Loggers
21(1)
Logic Bombs
21(1)
Backdoors
22(1)
Denial of Service Attacks
22(1)
What Are the Mechanisms That Ensure Information Security?
23(1)
Laws and Legal Duties
23(1)
Contracts
23(1)
Organizational Governance
24(1)
Data Protection Models
24(1)
U.S. National Security Information
25(1)
Voluntary Organizations
26(1)
Do Special Kinds of Data Require Special Kinds of Protection?
26(1)
Chapter Summary
27(1)
Key Concepts And Terms
28(1)
Chapter 1 Assessment
28(1)
Endnotes
29(2)
Chapter 2 Privacy Overview
31(32)
Why Is Privacy an Issue?
32(1)
What Is Privacy?
33(1)
Types of Personal Information
34(1)
How Is Privacy Different from Information Security?
35(1)
What Are the Sources of Privacy Law?
36(1)
Constitutional Law
36(2)
Federal Law
38(2)
Freedom of Information Act (1966)
38(1)
Privacy Act (1974)
39(1)
E-Government Act (2002)
39(1)
Electronic Communications Privacy Act (1986)
39(1)
The Wiretap Act (1968, amended)
39(1)
Census Confidentiality (1952)
39(1)
Mail Privacy Statute (1971)
40(1)
Cable Communications Policy Act (1984)
40(1)
Driver's Privacy Protection Act (1994)
40(1)
State Laws
40(1)
Common Law
41(2)
Intrusion Into Seclusion
41(1)
Portrayal in a False Light
42(1)
Appropriation of Likeness or Identity
42(1)
Public Disclosure of Private Facts
42(1)
Voluntary Agreements
43(1)
What Are Threats to Personal Data Privacy in the Information Age?
44(1)
Technology-Based Privacy Concerns
44(5)
Spyware
44(1)
Cookies, Web Beacons, and Clickstreams
45(2)
Wireless Technologies
47(1)
GPS Technology
48(1)
Security Breaches
48(1)
People-Based Privacy Concerns
49(2)
Social Networking Sites
50(1)
Online Data Gathering
51(1)
What Is Workplace Privacy?
51(1)
Telephone, Voicemail, and Email Monitoring
52(2)
Telephone and Voicemail Monitoring
52(1)
Email Monitoring
53(1)
Computer Use Monitoring
54(1)
Off-Duty Computer Monitoring
55(1)
Video Surveillance Monitoring
55(2)
Special Rules for Public Employees
56(1)
Whet Are General Principles for Privacy Protection in Information Systems?
57(1)
Privacy Policies
58(1)
International Privacy Laws
59(1)
Chapter Summary
59(1)
Key Concepts And Terms
60(1)
Chapter 2 Assessment
60(1)
Endnotes
61(2)
Chapter 3 The American Legal System
63(22)
The American Legal System
64(1)
Federal Government
64(6)
Legislative Branch
65(2)
Executive Branch
67(1)
Judicial Branch
67(3)
State Government
70(3)
Sources of American Law
73(1)
Common Law
73(1)
Code Law
74(1)
Constitutional Law
74(1)
How Does It All Fit Together?
74(1)
Types of Law
75(1)
Civil
75(1)
Criminal
76(1)
Administrative
77(1)
The Role of Precedent
78(1)
Regulatory Authorities
79(1)
What Is the Difference Between Compliance and Audit?
80(1)
How Do Security, Privacy, and Compliance Fit Together?
81(1)
Chapter Summary
82(1)
Key Concepts And Terms
82(1)
Chapter 3 Assessment
83(1)
Endnotes
84(1)
PART II Laws Influencing Information Security
85(266)
Chapter 4 Security and Privacy of Consumer Financial Information
87(28)
Business Challenges Facing Financial Institutions
88(1)
The Different Types of Financial Institutions
89(1)
Consumer Financial Information
90(1)
Who Regulates Financial Institutions?
90(1)
The Federal Reserve System
91(1)
Federal Deposit Insurance Corporation
92(1)
National Credit Union Administration
93(1)
Office of the Comptroller of the Currency
94(1)
Special Role of the Federal Financial Institutions Examination Council
95(1)
Special Roles of the Consumer Financial Protection Bureau and the Federal Trade Commission
96(1)
Consumer Financial Protection Bureau
96(1)
Federal Trade Commission
96(1)
The Gramm-Leach-Bliley Act
97(1)
Purpose, Scope, and Main Requirements
97(1)
The Privacy Rule
98(1)
The Safeguards Rule
99(3)
The Pretexting Rule
102(1)
Oversight
103(1)
Federal Trade Commission Red Flags Rule
103(1)
Purpose
103(1)
Scope
103(1)
Main Requirements
104(1)
Oversight
105(1)
Payment Card Industry Standards
106(1)
Purpose
107(1)
Scope
107(1)
Main Requirements
108(1)
Oversight
108(1)
Case Studies and Examples
109(1)
FTC Privacy and Safeguards Rule Enforcement
109(1)
Credit Card Security Example
110(1)
Chapter Summary
111(1)
Key Concepts And Terms
111(1)
Chapter 4 Assessment
111(1)
Endnotes
112(3)
Chapter 5 Security and Privacy of Information Belonging to Children and in Educational Records
115(24)
Challenges in Protecting Children on the Internet
116(1)
Identification of Children
117(1)
First Amendment and Censorship
118(1)
Defining Obscenity
118(1)
Children's Online Privacy Protection Act
119(1)
Purpose of COPPA
119(1)
Scope of the Regulation
120(1)
Main Requirements
121(3)
Privacy Policy
121(1)
Privacy Policy Content
121(1)
Gaining Parental Consent
122(2)
Oversight
124(1)
Children's Internet Protection Act
124(1)
Purpose
124(1)
Scope of the Regulation
125(1)
Main Requirements
125(3)
Content Filtering
125(2)
Internet Safety Policy
127(1)
Exceptions
127(1)
Oversight
128(1)
Family Educational Rights and Privacy Act (FERPA)
128(1)
Scope
128(1)
Main Requirements
129(3)
Annual Notification
130(1)
Access to Education Records
130(1)
Amendment of Education Records
131(1)
Disclosure of Education Records
131(1)
Disclosure Exceptions Under FERPA
132(1)
Security of Student Records Under FERPA
133(1)
Oversight
133(1)
State Laws Protecting Student Data
134(1)
Case Studies and Examples
134(1)
Children's Privacy
135(1)
Release of Disciplinary Records
135(1)
Chapter Summary
136(1)
Key Concepts And Terms
136(1)
Chapter 5 Assessment
137(1)
Endnotes
138(1)
Chapter 6 Security and Privacy of Health Information
139(36)
Business Challenges Facing the Healthcare Industry
140(1)
Why Is Healthcare Information So Sensitive?
141(2)
The Health Insurance Portability and Accountability Act
143(1)
Purpose
143(2)
Scope
145(2)
Main Requirements of the Privacy Rule
147(14)
Required Disclosures
148(1)
Permitted Uses and Disclosures
149(5)
Uses and Disclosures That Require Authorization
154(1)
Minimum Necessary Rule
155(1)
Other Individual Rights Under the Privacy Rule
155(2)
Privacy Notices
157(2)
Administrative Requirements
159(1)
Breach Notification Provisions
160(1)
Main Requirements of the Security Rule
161(7)
Safeguards and Implementation Specifications
162(6)
Oversight
168(1)
The Role of State Laws Protecting Medical Records
169(1)
Case Studies and Examples
169(1)
OCR Enforcement Information
169(1)
HIPAA and Federal Trade Communications Act
169(2)
Chapter summary
171(1)
Key Concepts And Terms
171(1)
Chapter 6 Assessment
171(1)
Endnotes
172(3)
Chapter 7 Corporate Information Security and Privacy Regulation
175(26)
The Enron Scandal and Securities-Law Reform
176(1)
Corporate Fraud at Enron
176(3)
Why Is Accurate Financial Reporting Important?
179(2)
The Sarbanes-Oxley Act of 2002
181(1)
Purpose and Scope
182(1)
Main Requirements
183(8)
Public Company Accounting Oversight Board
183(2)
Document Retention
185(2)
Certification
187(4)
Oversight
191(1)
Compliance and Security Controls
192(1)
COBIT
192(1)
GAIT
192(1)
ISO/IEC Standards
193(1)
NIST Computer Security Guidance
194(1)
SOX Influence in Other Types of Companies
194(1)
Corporate Privacy Issues
195(1)
Case Studies and Examples
196(1)
Chapter Summary
197(1)
Key Concepts And Terms
197(1)
Chapter 7 Assessment
197(1)
Endnotes
198(3)
Chapter 8 Federal Government Information Security and Privacy Regulations
201(24)
Information Security Challenges Facing the Federal Government
202(2)
The Federal Information Security Modernization Act
204(1)
Purpose and Scope
204(1)
Main Requirements
204(9)
Agency Information Security Programs
204(3)
The Role of NIST
207(4)
Central Incident Response Center
211(1)
National Security Systems
212(1)
Oversight
213(1)
Protecting Privacy in Federal Information Systems
214(1)
The Privacy Act of 1974
214(1)
The E-Government Act of 2002
215(2)
0MB Breach Notification Policy
217(1)
Import and Export Control Laws
218(1)
Case Studies and Examples
219(1)
Chapter Summary
220(1)
Key Concepts And Terms
221(1)
Chapter 8 Assessment
221(1)
Endnotes
222(3)
Chapter 9 State Laws Protecting Citizen Information and Breach Notification Laws
225(24)
History of State Actions to Protect Personal Information
226(1)
ChoicePoint Data Breach
226(1)
Breach Notification Regulations
227(1)
California Breach Notification Act
228(2)
Other Breach Notification Laws
230(4)
Activities That Constitute a Breach
230(1)
Time for Notification
230(1)
Contents of Notification
231(1)
Encryption Requirements
232(1)
Penalties for Failure to Notify
232(1)
Private Cause of Action
233(1)
Data-Specific Security and Privacy Regulations
234(1)
Minnesota and Nevada: Requiring Businesses to Comply With Payment Card Industry Standards
234(2)
Indiana: Limiting SSN Use and Disclosure
236(2)
California: Protecting Consumer Privacy
238(1)
Encryption Regulations
239(1)
Massachusetts: Protecting Personal Information
239(2)
Nevada Law: Standards-Based Encryption
241(1)
Data Disposal Regulations
242(1)
Washington: Everyone Has an Obligation
242(1)
New York: Any Physical Record
243(1)
Case Studies and Examples
244(1)
Chapter Summary
245(1)
Key Concepts And Terms
245(1)
Chapter 9 Assessment
246(1)
Endnotes
247(2)
Chapter 10 Intellectual Property Law
249(36)
The Digital Wild West and the Importance of Intellectual Property Law
250(1)
Legal Ownership and the Importance of Protecting Intellectual Property
250(2)
Patents
252(1)
Patent Basics
253(3)
Patent Requirements
253(3)
The Patent Application Process
256(1)
Infringement and Remedies
257(1)
What Is the Difference Between Patents and Trade Secrets?
258(1)
Trademarks
259(2)
Trademark Basics
261(2)
Use in Commerce
262(1)
Distinctive
262(1)
Trademark Registration
263(2)
Infringement and Remedies
265(1)
Relationship of Trademarks on Domain Names
266(2)
Copyright
268(1)
Copyright Basics
268(2)
Copyright Registration
270(1)
Infringement and Remedies
271(3)
Fair Use
272(2)
Protecting Copyrights Online--The Digital Millennium Copyright Act (DMCA)
274(1)
DMCA Basics
274(3)
Technology Protection Measures
274(2)
Online Copyright Infringement
276(1)
Computer Maintenance
277(1)
DMCA Unintended Consequences
277(1)
Title I Concerns
278(1)
Title II Concerns
278(1)
Case Studies and Examples
278(1)
Trade Secrets
278(1)
Service Provider Liability for Copyright Infringement
279(1)
Digital Collections
280(1)
Chapter Summary
280(1)
Key Concepts And Terms
281(1)
Chapter 10 Assessment
281(1)
Endnotes
282(3)
Chapter 11 The Role of Contracts
285(32)
General Contracting Principles
286(1)
Contract Form
286(1)
Capacity to Contract
287(1)
Contract Legality
288(1)
Form of Offer
288(1)
Form of Acceptance
289(2)
Meeting of the Minds
291(1)
Consideration
291(1)
Performance and Breach of Contract
292(2)
Contract Repudiation
294(1)
Contracting Online
295(2)
Legal Capacity Online
297(1)
Form of Offer and Acceptance
297(3)
Email Communications
298(1)
Text and Instant Messages
298(1)
Twitter and Other Social Networking Sites
299(1)
Existence and Enforcement
300(1)
Authenticity and Nonrepudiation
300(1)
Special Types of Contracts in Cyberspace
301(2)
Shrinkwrap Contracts
303(1)
Clickwrap Contracts
303(2)
Browsewrap Contracts
305(1)
How Do These Contracts Regulate Behavior?
306(1)
Emerging Contract Law Issues
307(1)
Cloud Computing
308(1)
Information Security Terms in Contracts
309(3)
Data Definition and Use
310(1)
General Data Protection Terms
310(1)
Compliance With Legal and Regulatory Requirements
311(1)
Case Studies and Examples
312(1)
Contract Formation via Email
312(1)
Chapter Summary
313(1)
Key Concepts And Terms
313(1)
Chapter 11 Assessment
314(1)
Endnotes
315(2)
Chapter 12 Criminal Law and Tort Law Issues in Cyberspace
317(34)
General Criminal Law Concepts
318(1)
Main Principles of Criminal Law
319(4)
Type of Wrongful Conduct
319(1)
Elements of a Crime
319(2)
Jurisdiction
321(2)
Criminal Procedure
323(3)
Common Criminal Laws Used in Cyberspace
326(1)
The Computer Fraud and Abuse Act (1984)
326(3)
Computer Trespass or Intrusion
329(1)
Theft of Information
329(1)
Interception of Communications Laws
330(1)
Spam and Phishing Laws
330(2)
Cybersquatting
332(1)
Malicious Acts
332(1)
Weil-Known Cybercrimes
333(1)
General Tort Law Concepts
334(1)
Strict Liability Torts
334(1)
Negligence Torts
335(2)
Intentional Torts
337(1)
Civil Procedure
338(3)
Common Tort Law Actions in Cyberspace
341(1)
Defamation
341(2)
Intentional Infliction of Emotional Distress
343(1)
Trespass Torts
344(1)
Privacy Violations
345(1)
Case Studies and Examples
346(1)
CAN-SPAM Act
346(1)
Defamation on College Campuses
346(1)
Chapter Summary
347(1)
Key Concepts And Terms
347(1)
Chapter 12 Assessment
348(1)
Endnotes
349(2)
PART III Security and Privacy in Organizations
351(96)
Chapter 13 Information Security Governance
353(34)
What Is Information Security Governance?
354(1)
Information Security Governance Planning
355(1)
Common Information Security Governance Roles
356(1)
Information Security Governance and Management
357(1)
Information Security Governance in the Federal Government
358(1)
Information Security Governance Documents
359(1)
Policies
360(1)
Standards
361(1)
Procedures
361(1)
Guidelines
362(1)
Creating Information Security Policies
363(4)
Policy Development Process
363(4)
Recommended Information Security Policies
367(1)
Acceptable Use Policies
368(4)
AUP Terms
370(1)
Enforcement
371(1)
Anti-Harassment Policies
372(1)
Workplace Privacy and Monitoring Policies
373(1)
Data Retention and Destruction Policies
374(3)
Data Retention Policies
375(1)
Data Destruction Policies
376(1)
Intellectual Property Policies
377(1)
Authentication and Password Policies
377(2)
Security Awareness and Training
379(1)
Case Studies and Examples
380(1)
Acceptable Use Case Study
380(2)
Chapter Summary
382(1)
Key Concepts And Terms
382(1)
Chapter 13 Assessment
383(1)
Endnotes
384(3)
Chapter 14 Risk Analysis, Incident Response, and Contingency Planning
387(32)
Contingency Planning
388(1)
Risk Management
389(1)
Risk Assessment Process
390(10)
Risk Assessment Team
391(1)
Identifying Assets, Vulnerabilities, and Threats
392(2)
Likelihood and Potential Loss
394(4)
Document Needed Controls
398(2)
Risk Response
400(1)
Training Employees
401(1)
Continuous Monitoring
401(1)
Three Types of Contingency Planning
401(1)
Incident Response Planning
402(5)
Incident Response Team
403(1)
IR Plan Process
404(3)
Disaster Recovery and Business Continuity Planning
407(5)
DR/BC Team
408(1)
DR/BC Plan Development
409(3)
Testing the Plan
412(2)
Special Considerations
414(1)
Addressing Compliance Requirements
414(1)
When to Call the Police
415(1)
Public Relations
415(1)
Chapter Summary
416(1)
Key Concepts And Terms
416(1)
Chapter 14 Assessment
417(1)
Endnotes
418(1)
Chapter 15 Computer Forensics and Investigations
419(28)
What Is Computer Forensics?
420(3)
What Is the Role of a Computer Forensic Examiner?
423(2)
Collecting, Handling, and Using Digital Evidence
425(1)
The Investigative Process
426(5)
Identification
426(1)
Preservation
426(1)
Collection
427(2)
Examination
429(1)
Presentation
430(1)
Ethical Principles for Forensic Examination
431(1)
Legal Issues Involving Digital Evidence
432(1)
Authority to Collect Evidence
432(7)
The Fourth Amendment and Search Warrants
432(3)
Federal Laws Regarding Electronic Data Collection
435(4)
Admissibility of Evidence
439(3)
The Hearsay Rule
441(1)
The Best Evidence Rule
442(1)
Chapter Summary
442(1)
Key Concepts And Terms
442(1)
Chapter 15 Assessment
443(1)
Endnotes
444(3)
Appendix A Answer Key 447(4)
Appendix B Standard Acronyms 451(4)
Appendix C Law and Case Citations 455(10)
Appendix D The Constitution of the United States of America 465(18)
Glossary of Key Terms 483(12)
References 495(18)
Index 513
Joanna Lyn Grama (JD, CISSP, CIPT, CRISC) is an Associate Vice President at Vantage Technology Consulting Group. She has more than 20 years of experience in higher education with a strong focus on law, IT security policy, compliance, governance, and data privacy issues.Grama is a former member of the U.S. Department of Homeland Securitys Data Privacy and Integrity Advisory Committee (appointed to the Committee by Secretary Janet Napolitano) and served as the chairperson of its technology subcommittee. Grama is also vice president of the board of directors for the central Indiana Information Systems Audit and Control Association (ISACA) chapter; and a member of the International Association for Privacy Professionals (IAPP); the American Bar Association, Section of Science and Technology Law, Information Security Committee; and the Indiana State Bar Association. She is a frequent speaker on a variety of IT security topics, including identity theft, personal information security, and university security and privacy compliance issues.