𝔖 Scriptorium
✦   LIBER   ✦
πŸ“

Cybersecurity Law, Standards And Regulations

✍ Scribed by Tari Schreider

Publisher
Rothstein Publishing
Year
2020
Tongue
English
Leaves
325
Edition
2nd Edition
Category
Library
⬇  Acquire This Volume

No coin nor oath required. For personal study only.

✦ Synopsis

In today’s litigious business world, cyber-related matters could land you in court. As a computer security professional, you are protecting your data, but are you protecting your company? While you know industry standards and regulations, you may not be a legal expert. Fortunately, in a few hours of reading, rather than months of classroom study, Tari Schreider’s Cybersecurity Law, Standards and Regulations (2nd Edition), lets you integrate legal issues into your security program. Tari Schreider, a board-certified information security practitioner with a criminal justice administration background, has written a much-needed book that bridges the gap between cybersecurity programs and cybersecurity law. He says, β€œMy nearly 40 years in the fields of cybersecurity, risk management, and disaster recovery have taught me some immutable truths. One of these truths is that failure to consider the law when developing a cybersecurity program results in a protective faΓ§ade or false sense of security.” In a friendly style, offering real-world business examples from his own experience supported by a wealth of court cases, Schreider covers the range of practical information you will need as you explore – and prepare to apply – cybersecurity law. His practical, easy-to-understand explanations help you to:
β€’ Understand your legal duty to act reasonably and responsibly to protect assets and information.
β€’ Identify which cybersecurity laws have the potential to impact your cybersecurity program.
β€’ Upgrade cybersecurity policies to comply with state, federal, and regulatory statutes.
β€’ Communicate effectively about cybersecurity law with corporate legal department and counsel.
β€’ Understand the implications of emerging legislation for your cybersecurity program.
β€’ Know how to avoid losing a cybersecurity court case on procedure – and develop strategies to handle a dispute out of court.
β€’ Develop an international view of cybersecurity and data privacy – and international legal frameworks.
Schreider takes you beyond security standards and regulatory controls to ensure that your current or future cybersecurity program complies with all laws and legal jurisdictions. Hundreds of citations and references allow you to dig deeper as you explore specific topics relevant to your organization or your studies. This book needs to be required reading before your next discussion with your corporate legal department. This new edition responds to the rapid changes in the cybersecurity industry, threat landscape and providers. It addresses the increasing risk of zero-day attacks, growth of state-sponsored adversaries and consolidation of cybersecurity products and services in addition to the substantial updates of standards, source links and cybersecurity products.

✦ Table of Contents

Cover......Page 1
Title page......Page 2
Copyright......Page 3
Acknowledgments......Page 4
Foreword......Page 6
Foreword 2......Page 8
Contents......Page 10
Introduction to the 2nd Edition......Page 18
Chapter 1 - Introduction to Cybersecurity Law......Page 22
1.1 Infamous Cybercrimes......Page 23
1.2 Cybercrime Taxonomy......Page 24
1.3 Civil vs. Criminal Cybersecurity Offenses......Page 25
1.3.1 Clarifying the Definition of Cybercrime......Page 26
1.3.3 Creating a Strong Cybercrime Definition......Page 27
1.3.4 Cybercrime Categories in the Incident Response Plan......Page 28
1.4.2 Actus Reus......Page 29
1.4.4 Causation......Page 30
1.6 Tort Law......Page 31
1.6.2 Strict Liability Tort......Page 32
1.7 Cyberlaw Enforcement......Page 33
1.7.1 Regulatory Enforcement......Page 34
1.7.3 State Enforcement......Page 35
1.7.5 International Enforcement......Page 36
1.8 Cybersecurity Law Jurisdiction......Page 37
1.8.1 Challenging Jurisdiction......Page 38
1.8.2 Extradition......Page 39
1.9.2 Cyber Tort Punishment......Page 41
Chapter 2 - Overview of US Cybersecurity Law......Page 46
2.1.1 Computer Crime Laws in the Public Sector......Page 47
2.1.3 Application of Laws to Cybersecurity......Page 48
2.2 Alternative Dispute Resolution (ADR)......Page 49
2.1 Cybersecurity Case Mediation Law......Page 50
2.2.2 Cybersecurity Case Arbitration Law......Page 51
2.2.3 Cybersecurity Case Dispositive Motion Law......Page 52
2.3 Successful Data Breach Lawsuits......Page 56
2.4 Duty of Care Doctrine......Page 57
2.4.2 Duty to Reveal Security Breaches......Page 58
2.4.4 Duty to Protect Information......Page 60
2.5.1 Failure to Act Duty......Page 61
2.5.3 Cybersecurity Good Samaritan Law......Page 62
2.7 Common Law Duty......Page 63
2.8.1 Cybercrime Penalties......Page 64
2.9.1 Federal Laws Addressing Computer Security......Page 65
2.9.2 The US Code......Page 67
2.10 Procedural Law......Page 68
2.10.2 Rules of Civil Procedure (Cyber Tort)......Page 69
2.11 State Computer Crime Laws......Page 71
2.11.1 State Ransomware Laws......Page 72
2.11.2 Federal Ransomware Laws......Page 73
2.11.4 State Denial of Service Laws......Page 74
2.11.5 State Election Security Legislation......Page 75
2.11.7 Identity Theft Laws......Page 76
2.11.8 State Cyberbullying Laws......Page 77
2.12 False Claims Act (FCA)......Page 78
Chapter 3 - Cyber Privacy and Data Protection Law......Page 84
3.2 Privacy Laws......Page 85
3.2.1 Children's Privacy Laws......Page 86
3.2.2 Healthcare Data Privacy Laws......Page 89
3.2.3 Federal Privacy Laws......Page 96
3.2.4 Cybercrime on Tribal Lands......Page 98
3.2.6 State Chief Information Privacy Officer (CIPO) Laws......Page 100
3.2.7 International Privacy Laws......Page 101
3.3 Data Breach Laws......Page 102
3.3.1 State Data Breach Laws......Page 103
3.3.2 Federal Data Breach Laws......Page 104
3.3.3 International Data Breach Laws......Page 108
3.3.4 General Data Protection Regulation (GDPR)......Page 111
3.4.1 Injury vs. No-Injury Class Action Lawsuits......Page 114
3.4.2 Data Privacy and the US Supreme Court......Page 116
3.4.3 Shareholder Derivative Lawsuits......Page 118
3.4.4 Securities Fraud Lawsuits......Page 119
3.5 Privacy Notice Law......Page 120
3.6 Personal Liability......Page 121
3.6.2 Preemptive Liability Protection......Page 122
3.6.3 Cybersecurity Whistleblower Protections......Page 123
3.7 Data Disposal Laws......Page 124
3.8 Electronic Wiretap Laws......Page 125
3.10 Social Media Privacy......Page 126
3.11 Event Data Recorder (EDR) Privacy......Page 127
3.12 Automated License Plate Reader (ALPR) Privacy......Page 129
Chapter 4 - Cryptography and Digital Forensics Law......Page 136
4.1 Brief Overview of Cryptography......Page 137
4.2 Cryptography Law......Page 138
4.2.1 Export Control Laws......Page 139
4.2.2 Import Control Laws......Page 141
4.2.3 Cryptography Patent Infringement......Page 142
4.2.4 Search and Seizure of Encrypted Data......Page 145
4.2.5 Encryption Personal Use Exemption......Page 147
4.3.1 State Encryption Safe Harbor Provision......Page 148
4.4 Fifth Amendment and Data Encryption......Page 149
4.5 Laws and Regulations Requiring Encryption......Page 150
4.6 International Cryptography Law Perspective......Page 151
4.7 International Key Disclosure Law......Page 152
4.8.1 Preservation Order......Page 153
4.8.2 Digital Best Evidence Rule......Page 154
4.8.3 Digital Chain of Custody......Page 155
4.8.5 Digital Evidence Spoliation......Page 156
4.8.6 Fourth Amendment Rights and Digital Evidence......Page 157
4.8.8 Security Consultant Client Privilege......Page 158
4.9 State Digital Forensics Law......Page 159
ο‚· Executive Agreements –The Act permits federal officials to enter into executive agreements granting foreign access to data stored in the U.S., even if that data would otherwise be protected under The Electronic Communications Privacy Act (ECPA). Pri.........Page 160
4.12 Biometrics Law......Page 161
4.13 Genetic Information Privacy Laws......Page 163
Chapter 5 - Acts, Standards & Regulations......Page 168
5.1 Basel III Accord......Page 169
5.2 Chemical Facility Anti-Terrorism Standards (CFATS) Act......Page 170
5.3 Defense Federal Acquisition Regulations Supplement (DFARS)......Page 172
5.3.1 Minimum Requirements for DFARS......Page 173
5.4 Directive on Security of Network and Information Systems NIS Directive......Page 174
5.5 European Union Cybersecurity Act......Page 175
5.6 Family Educational Rights and Privacy Act (FERPA)......Page 176
5.8 Federal Information Security Management Act (FISMA)......Page 177
5.9 Financial Industry Regulatory Authority (FINRA) Rules......Page 178
5.10 Food and Drug Administration Code of Federal Regulations Title 21 Part 11......Page 179
5.10.1 ALCOA Model......Page 180
5.11 Health Information Technology for Economic and Clinical Health Act (HITECH)......Page 181
5.13 Joint Commission on the Accreditation of Healthcare Organizations (JCAHO)......Page 182
5.14 North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP)......Page 185
5.15 Payment Card Industry – Data Security Standard (PCI- DSS)......Page 186
5.16 Sarbanes Oxley Act (SOX)......Page 187
5.17 Standards......Page 188
5.17.1 International Organization for Standardization (ISO) Security Standards......Page 189
5.17.2 National Institute of Standards & Technology (NIST)......Page 194
5.17.4 Industry-Specific Cyber Security Standards......Page 198
Chapter 6 - Creating a Cybersecurity Law Program......Page 204
6.1.1 Model......Page 205
6.1.2 Architecture......Page 208
6.1.3 Program Staffing and Roles......Page 209
6.1.4 Program Policies......Page 212
6.1.5 Program Procedures......Page 215
6.1.6 Program Technology......Page 217
6.1.7 Mapping Legal Requirements to Controls......Page 221
6.2 Cyber Liability Insurance......Page 223
6.2.1 Coverage Categories......Page 224
6.2.3 Policy Value......Page 226
6.2.5 Policy Claims......Page 227
6.2.7 Policy Lawsuits......Page 228
6.2.9 Insurable vs Uninsurable Risk......Page 231
6.2.11 Silent Cyber Risk Insurance......Page 232
6.3.1 Data Breach Calculators......Page 233
6.4 Compliance Auditing......Page 234
6.4.1 Critical Audit Matters (CAM)......Page 235
6.4.2 Internal vs. External Auditing......Page 236
6.4.3 Auditing Associations......Page 238
Chapter 7 - Future Developments in Cybersecurity Law......Page 244
7.1.1 Constutionality of Cybersecurity Law......Page 245
7.2.1 Legal Implications of the Internet of Things (IoT)......Page 246
7.2.2 Legal Implications of Big Data......Page 247
7.2.3 Legal Implications of Cloud Computing......Page 248
7.2.4 Legal Implications of Security Testing......Page 249
7.3 Future US Cybersecurity Legislation......Page 251
7.4 US Foreign Policy on Cybersecurity......Page 253
7.5 National Association of Insurance Commissioners (NAIC) Model Cybersecurity Law......Page 255
7.6.1 Cybersecurity Law and Trade Pacts......Page 257
7.6.3 Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP) Cybersecurity Framework......Page 258
7.6.4 Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) System......Page 261
7.6.5 US-Mexico-Canada Agreement (USMCA)......Page 263
7.6.7 Data Localization Laws......Page 264
7.6.8 Singapore Payment Services Act......Page 266
7.7 Aligning the Law of the Sea to Cybersecurity Law......Page 267
7.8 Cybersecurity Law in Outer Space......Page 268
7.9 The Law of Armed Conflict in Cyberwar......Page 269
7.10 North Atlantic Treaty Organization (NATO) Cyberlaw Stance......Page 270
7.11 United Nations – Universal Cybersecurity Legal Framework......Page 271
7.12 International Treaties on Cybersecurity......Page 272
7.13 Brexit Impact on European Union Cybersecurity Law......Page 273
7.14 G7 Perspective on Cybercrime......Page 274
Useful Checklists and Information......Page 282
Index......Page 292
Credits......Page 319
About the Author......Page 323

✦ Subjects

Computer Security: Law And Legislation

πŸ“œ SIMILAR VOLUMES

Cybersecurity Law, Standards and Regulat
πŸ“ Cybersecurity Law, Standards and Regulations
✍ Schreider Tari πŸ“‚ Library πŸ“… 2020 πŸ› Rothstein Publishing 🌐 English

<p>In today’s litigious business world, cyber-related matters could land you in court. As a computer security professional, you are protecting your data, but are you protecting your company? While you know industry standards and regulations, you may not be a legal expert. Fortunately, in a few hours

Wiley Federal Government Auditing: Laws,
πŸ“ Wiley Federal Government Auditing: Laws, Regulations, Standards, Practices, and Sarbanes-Oxley
✍ Edward F. Kearney, Roldan Fernandez, Jeffrey W. Green, David M. Zavada πŸ“‚ Library πŸ“… 2013 πŸ› John Wiley & Sons 🌐 English

Now in a Second Edition, Federal Government Auditing is a single-source reference guide that assists professionals and nonprofessionals performing audits unique to federal departments and agencies, to contractors and grantees, universities, and other non-profits. It also includes coverage of federal

Output Regulation and Cybersecurity of N
πŸ“ Output Regulation and Cybersecurity of Networked Switched Systems
✍ Lili Li, Jun Fu πŸ“‚ Library πŸ“… 2023 πŸ› Springer 🌐 English

<p><span>Networked switched system has emerged as an essential system model in the field of control due to its accurate reflection of the wide-area distribution and typical switching characteristics of increasingly sophisticated controlled objects in engineering practice. The openness of communicati

Output Regulation and Cybersecurity of N
πŸ“ Output Regulation and Cybersecurity of Networked Switched Systems
✍ Lili Li; Jun Fu πŸ“‚ Library πŸ“… 2023 πŸ› Springer Nature 🌐 English

Networked switched system has emerged as an essential system model in the field of control due to its accurate reflection of the wide-area distribution and typical switching characteristics of increasingly sophisticated controlled objects in engineering practice. The openness of communication networ