Unanswered | Answered

Computer Security Law

~400 answered questions
Parent Category: Law & Legal Issues
Computer security means protecting the confidentiality, integrity, and availability of information stored on, processed by, and transmitted by computers. In order to achieve this, various governments and organizations have established laws, regulations, and standards for securing computers and the data stored, processed, and transmitted by them. This category is for questions about existing and proposed laws and standards specifically related to computer security including the contents of the laws & regulations, who is legally responsible, who/what the laws/regulations/standards apply to, how the security is evaluated, and how it is documented.
If you do not own the copyright to the music/song and do not have the express permission of the legal copyright holder, then yes, it is illegal. Especially if you plan to share the file. Of course, this does not apply to material in the public domain. Or your own works (your work is somewhat pr…
Popularity: 183
seems like "sharing" and "downloading" are different. if you look into all these lawsuits, at LEAST the VAST majority are people that are allowing their computers to be used as "supernodes", and I would bet money that ALL of the lawsuits are against people that have a shared folder on their compute…
Popularity: 94
Legal consequences Up to thirty years in jailUp to a $100,000 fineLoss of electronic privilegesA felony record.  Other consequences Hacking, when used in an ethical manner and with permission, raises awareness and causes software creators and system administrators to improve their security. …
Popularity: 25
In simple words: "statutory" means "the laws and regulations". Complying with central and state acts will keep the company safe from legal risks. In terms of Computer Security this relates to local, state, national, and international laws governing the use of computers as well as the data they hold,…
Popularity: 47
Relating to the data protection act 1998Transborder data flow deals with the movement of personally identifiable data from one country to another. Hence, "Trans-border"
Popularity: 14
It sounds like the question is asking about the "Data Protection Act 1998", a United Kingdom Act of Parliament which defines UK law on the processing of data on identifiable living people. It replaced a couple of earlier laws: the Data Protection Act 1984 and the Access to Personal Files Act 1987. I…
Popularity: 6
Computer fraud is mostly the use of a computer to commit fraud in any way or manner.
Popularity: 0
Computer Law - is a set of recent legal enactments, currently in existence in several countries. while Computer Ethics more on covers for the actions that is done with the computer, whether it is ethically good or unethical.
Popularity: 3
The answer depends on what aspect of computer law you want to "do". To actually practice law and litigate on legal matters involving computer usage, software copyrights and patents, etc. you need a law degree in the USA. I'm not sure what is required elsewhere like the UK or India or Japan or South …
Popularity: 2
Indian Services Officer
Popularity: 5
The legality of "hacking" an online game depends on what you mean by "hacking". In the most common use of the term - it is illegal to hack an online game. In order to hack an online game, you are usually hacking the server that hosts the game. This is breaking and entering into a server that does n…
Popularity: 7
yaa it is a subject of 7th sem pune!
Popularity: 1
Any deliberate action that compromises the confidentiality, integrity, or availability of a computer would be considered sabotage. Examples would include writing and releasing a virus, worm, or trojan, sending out spam, initiating a denial of service attack, installing a "back door", altering or del…
Popularity: 6
There are many advantages of hacking for the hacker. They can gain access to someone's bank account, or passwords. The disadvantage for the hacker is that they may get caught and face stiff penalties.
Popularity: 0
Even if terminology can vary depending on jurisdictions, I would make the following distinction (Sorry in advance but I will have to generalise): - "Depository" is generally (or historically) used to talk about central institutions (nearly utilities) that register the initial deposit of securities …
Popularity: 46
10 characters minimum 15 or more is recommended According to AR 25-2, Section IV, paragraph 4-12 b: The IAM or designee will manage the password generation, issuance, and control process. If used, generate passwords in accordance with the BBP for Army Password Standards. BBP for Army password…
Popularity: 4
"IAW AR 25-2" means "in accordance with AR 25-2". AR 25-2 is Army Regulation 25-2, Information Management, Information Assurance. According to the executive summary of AR 25-2: Summary. This regulation provides Information Assurance policy, mandates , roles, responsibilities, and procedures for impl…
Popularity: 5
Not too sure about any "data misuse act", but the Computer Misuse Act of 1990 is an Act of the Parliament of the United Kingdom which criminalized unauthorized access to computer materials, unauthorized access with intent to commit or facilitate comm…
Popularity: 0
- Data has to be kept well secure-Data isn't allowed to be transferred to any country outside the EU, without similar legislation-It allows the induvidual the right to access any electronically stored information relating to that individual-Data is only allowed to be held for only as long as it's ne…
Popularity: 2
Installation of software, configuration of an IS or connecting any ISs to a distributed computing environment with prior approval
Popularity: 7
According to AR 25-2, Section IV, paragraph 4-12 b: The IAM or designee will manage the password generation, issuance, and control process. If used, generate passwords in accordance with the BBP for Army Password Standards. BBP for Army password standards are contained in 04-IA-O-0001, paragraph 5A…
Popularity: 1
AR 25-2 does not specify a maximum password length, however,According to AR 25-2, Section IV, paragraph 4-12 b: The IAM or designee will manage the password generation, issuance, and control process. If used, generate passwords in accordance with the BBP for Army Password Standards. BBP for Army pa…
Popularity: 3
While this site is named Answers.com, we do not provide answers to certification exams.
Popularity: 1
Opinion Hackers are dangerous and the cause of one of the worst things in America, identity theft. A hacker could destroy lives. Opinion Hackers have developed an array of levels of hacking ranging from good hackers to bad hackers. However, a hacker historically is one who searches out and exploits…
Popularity: 3
AR 25-2 is Army Regulation 25-2, Information Management, Information Assurance. According to the executive summary of AR 25-2: Summary. This regulation provides Information Assurance policy, mandates , roles, responsibilities, and procedures for implementing the Army Information Assurance Program, …
Popularity: 16
DoD Information Assurance Certification and Accreditation Process (DIACAP) It is the title of DoD Instruction 8510.01, which defined the process for certification and accreditation of DoD information systems (computer, computer networks, etc.) for Information Assurance (confidentiality, integrity,…
Popularity: 11
There is NO DoD instruction that states that IA posture gets reviewed every two years; the relevant DoD Instruction is DoDI 8500.2, but it states that the IA posture must be reviewed at least once a year, not just every two years. DoDI 8510.2 (DIACAP) also cites DoDI 8500.2, which requires that the …
Popularity: 1
Three confidentiality levels are used in DIACAP: Public Sensitive Classified
Popularity: 8
According to AR 25-2, Section IV, paragraph 4-12 b: The IAM or designee will manage the password generation, issuance, and control process. If used, generate passwords in accordance with the BBP for Army Password Standards. BBP for Army password standards are contained in 04-IA-O-0001, paragraph 5A…
Popularity: 3
(1) Classified (2) Sensitive (3) Public
Popularity: 5
bddbbcbbabaccddbcbadcabcdabccaadbddbaadbcacddcbba
Popularity: 5
to stop people from claiming work which does not belong to them
Popularity: 1
DIACAP replaced DITSCAP as the process for certification and accreditation of DoD information systems. DIACAP supersedes DITSCAP.
Popularity: 1
NO DITSCAP was superseded by DIACAP DIACAP is currently (as of 2016) being superseded by RMF
Popularity: 5
DIACAP was originally established in DoDI 8510.bb, however the current version is DODI 8510.01, dated November 28, 2007.
Popularity: 3
You are probably referring to the Computer Misuse Act of 1990. It is an act by the Parliament of the UK. Sections 1 through 3 of the act define 3 specific criminal acts related to computer use (or rather misuse) unauthorised access to computer material, punishable by 12 months' imprisonment (or 6 …
Popularity: 0
You can get a copy of AR-25-2 from the attached link.
Popularity: 1
Information Awareness Security Officer
Popularity: 2
In Oregon (as of 2016) the maximum penalty for a Class C Felony is 5 years / $125,000 fine.
Popularity: 1
The 8 principles of data protection are as follows:1. Processed fairly and lawfully.2. Obtained for specified and lawful purposes.3. Adequate, relevant and not excessive.4. Accurate and up to date.5. Not kept any longer than necessary.6. Processed in accordance with the "data subject's" (the individ…
Popularity: 0
IASO stands for Information Assurance Security Officer. It is a position described in the Army Information Assurance document AR 25-2. It is equivalent to the IAO pesition described in DoDI 8500.2 and DoDI 8510.01.
Popularity: 4
25-2 380-53
Popularity: 3
According to AR 25-2, Section IV, paragraph 4-12 b: The IAM or designee will manage the password generation, issuance, and control process. If used, generate passwords in accordance with the BBP for Army Password Standards. BBP for Army password standards are contained in 04-IA-O-0001, paragraph 5…
Popularity: 3
False The relevant DoD Instruction is DoDI 8500.2, but it should be noted that the IA posture must be reviewed at least once a year, not just every two years. DoDI 8510.2 (DIACAP) also cites DoDI 8500.2, which requires that the IA posture of all systems belonging to an organization must be reviewed…
Popularity: 1
classified,sensitive,public.
Popularity: 4
DoD Information Assurance Certification and Accreditation Process. The term is general to all of DoD, not just the Army.
Popularity: 6
For US DoD systems: under DIACAP, the IA posture of an organization should be reviewed at least annually. All systems must undergo a complete review at least every 3 years but should also undergo at least a partial review every year (annual security review). More sensitive and more critical systems …
Popularity: 1
DODI 8510 bb was the initial release of the DIACAP document. The current version is DODI 8510.01, dated November 29, 2007.
Popularity: 5
As an individual, you can't. An information system is what gets accredited for use in the military environment. If you are interested in individual security certification, start with the CompTIA Security+ certification and when you have lots of experience and knowledge, try the Certified Information…
Popularity: 29
DODI 8510.01 was signed November 28, 2007. Draft versions circulated for several years prior to that however.
Popularity: 3
Actually the requirement is for the posture to be reviewed by the system owner at least annually if it is MAC II or III and every 6 months if it is MAC I.
Popularity: 1
DoDI 8510.2 and DoDI 8500.2 require that the IA posture of all systems belonging to an organization must be reviewed at least once a year. Furthermore, the system must be assessed and undergo reaccreditation by the Principal Accredditation Authority (PAA) - which generally means the DAA - at least e…
Popularity: 1
According to DoD regulations, the IA posture of any DoD organization must be reviewed at least annually. FISMA requires that the IA posture of all US government organizations be reviewed at least annually. Many other nations have adopted similar requirements for organizations that they regulate. It …
Popularity: 1
A military IASO is an "Information Assurance Security Officer". It is an Army term equivalent to "IAO" used elsewhere in DOD. According to Ar 25-2, paragraph 3-2f: DOD uses the term IAO for IASO responsibilities. All IASOs will- (1) Enforce IA policy, guidance, and training requirements per this r…
Popularity: 3
This answer is per DIACAP (Defense Information Assurance Certifications and Accreditation Program - DODI 8510), as the defacto standard in the field of information assurance; historically the process was over a three year period. However, after due diligence and oversight, it was discovered that man…
Popularity: 1
The relevant DoD Instruction is DoDI 8500.2, but it should be noted that the IA posture must be reviewed at least once a year, not just every two years. DoDI 8510.2 (DIACAP) also cites DoDI 8500.2, which requires that the IA posture of all systems belonging to an organization must be reviewed at lea…
Popularity: 1
The Data Protection Act gives the individual person the right to access to any electronically stored information relating to that individual. It also states that personal data held is 'accurate, necessary, up-to-date, and held only for as long as is necessary.
Popularity: 0
Classified, Sensitive, and Public
Popularity: 3
DoDI 8510.2 and DoDI 8500.2 require that the IA posture of all systems belonging to an organization must be reviewed at least once a year.Furthermore, the system must be assessed and undergo reaccreditation by the Principal Accredditation Authority (PAA) - which generally means the DAA - at least ev…
Popularity: 5
DIACAP (DoD 8510.01) requires organizations to abide by DoDI 8500.2. Paragraph 4.9 of 8500.2 states: 4.9. All DoD ISs with an authorization to operate (ATO) shall be reviewed annually to confirm that the IA posture of the IS remains acceptable. Reviews will include validation of IA controls and be d…
Popularity: 1
The question may be asking about asset (as in bookkeeping) and security (as in collateral on a loan) rather than 'computer security'. From a computer security standpoint, the requirements would include: establishing records retention requirements for audit papers - since these can be electronic rec…
Popularity: 14
Generally hacking websites are illegal because they involve sharing information on how to perform illegal actions or share information that was gained illegally.
Popularity: 0
According to AR 25-2, Section IV, paragraph 4-12 b: The IAM or designee will manage the password generation, issuance, and control process. If used, generate passwords in accordance with the BBP for Army Password Standards. BBP for Army password standards are contained in 04-IA-O-0001, paragraph 5A…
Popularity: 2
While there may be a discrepancy between what the act is supposed to do and what it actually accomplishes, the intent of the law was to define UK law on the processing of data on identifiable living people - especially on electronic data systems. In practice it is supposed to provide a way for indiv…
Popularity: 3
Insotallation of software, configuration of an IS or connecting any ISs to a distributed computing environment with prior approval.
Popularity: 1
The relevant DoD Instruction is DoDI 8500.2, which states that the IA posture must be reviewed at least once a year.
Popularity: 0
Classified, Sensitive and Public
Popularity: 3
The data protection act does just that. It protects a persons details from being shown to or made available to persons that have no legal right to such information or to the data. Any person that accesses this data or related information that has no right of access is in breach of the act.
Popularity: 2
Contact the DAA to request an IATO while you hurry up and get your act together and get the DIACAP documentation together before they shut the system down!
Popularity: 4
False
Popularity: 2
The Certification Authority is responsible to review validation results, determine the degree to which a system complies with assigned controls, determine risk based on those results, and then make a certification recommendation to the DAA. The recommendation is sometimes referred to as a "certifica…
Popularity: 1
DIACAP is established by DoD Instruction 8510.01.
Popularity: 1
The User Representative and the DAA are distinct entities. The two roles are not combined. It is possible however for the DAA to delegate much of their responsibility and authority to others who represent them in meetings, collaborations, and review of requests for ATO's. Even if they delegate, they…
Popularity: 1
The in-document summary of AR 25-2 states: This regulation provides Information Assurance policy, mandates, roles, responsibilities, and procedures for implementing the Army Information Assurance Program, consistent with today's technological advancements for achieving acceptable levels of security …
Popularity: 3
No - DIACAP required that the posture be at least partially reviewed every year (for the Annual Security Review - aka ASR) except for very sensitive systems that must be reviewed more often - usually every six months. A comprehensive review is required every 3 years under DIACAP.
Popularity: 0
The Certification Authority is tasked with determining the degree to which a system complies with the assigned IA controls (based on validation results) and then provides the certification determination to the DAA. The DAA then makes a decision on whether to authorize the system for operation.
Popularity: 0
There are more than 3 laws with significant effect on information security, but three of them are: Gramm-Leach-Bliley Act (GLB), also known as the Financial Services Modernization Act of 1999 This one requires financial institutions to develop a written information security plan that describes how t…
Popularity: 1
Probably the simplest way to differentiate between ethics and law is the consequences of violating them. If you are unethical, you might get sued but may not go to jail. There are typically no criminal penalties for not adhering to reasonable computer ethics codes. Computer law, on the other hand, u…
Popularity: 3
Sorry - but you are responsible to learn the answers through study. The instruction isn't all that long and you should be able to find the answers if you just read through the course materials and the related instructions. Even if we provided the answers here, they would not remain correct because t…
Popularity: 1
AR 25-2 specifies MINIMUM password length, but the only limitation on MAXIMUM length is how long a password the OS or application can handle; AR 25-2 does not specify a maximum password length, however, According to AR 25-2, Section IV, paragraph 4-12 b: The IAM or designee will manage the passwor…
Popularity: 2
The act requires that data not be disclosed to other parties without the consent of the individual whom it is about, unless there is legislation or other overriding legitimate reason to share the information (for example, the prevention or detection of crime). Even residential homes may wind up in p…
Popularity: 1
To a great degree, the Data Protection act of 1998 was passed by the British Parliament in response to the Directive 95/46/EC of the European Parliament so that could be considered the "who" that "invented" the Act. Somewhere there is probably a record of who first introduced the legislation and who…
Popularity: 1
Most spammers utilize very illegal means to broadcast their messages. They usually use bot networks - groups of machines they have compromised and turned into "zombies" - to launch their massive email barrages. There are several reasons for doing this: 1) since spamming is illegal in many areas, th…
Popularity: 1
The answer depends partly on what you mean by "loses". If by "loses" you mean that they can't find your information then they might be in violation by failing to be able to provide it to you when requested - but then again, if they can't find it, then there may be difficulty proving that they are …
Popularity: 1
dipota ka
Popularity: 1
FISMA is the Federal Information Security Management Act of 2002. It was passed as Title III of the E-Government Act (Public Law 107-347) in December 2002. FISMA requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the informatio…
Popularity: 1
No - the User Representative cannot also be the DAA.
Popularity: 0
DIACAP is DoD Instruction 8510.01. In that respect, SOME DoD instructions fall under DIACAP, but most DoD instructions have nothing to do with DIACAP.
Popularity: 15
C. Continue DITSCAP This might have been a correct answer to a quiz in the past, but DoDI 5200.40 (DITSCAP) and DoD 8510.1-M (DITSCAP Manual) were cancelled when DoDI 8510.01 (DIACAP) was issued on November 28, 2007. If a system does not have a signed Phase One System Security Authorization Agreemen…
Popularity: 1
DIACAP has been in force for more that 3 years so a system with a DITSCAP authorization has an EXPIRED authorization and the DAA should issue a DATO immediately unless the system owner can provide justifcation for continued operation AND sufficient documentation to allow the CA to evaluate the risk …
Popularity: 0
It is illegal if you don't buy it.
Popularity: 0
Its all about the safety for your customers and their data, if you have to ask any information from customers, you have to make sure that their information must not leaked out to anyone , their safety should be your priority..
Popularity: 1
Computer crime, "cyberhacking", is in the news today. Warchive, listen or read for maybe 2 weeks and you will possibly see an article. Right now there are several. North Korea has been implicated in cyberattacks, that later was modified. Great Britain was just hit by "the largest cyber attack…
Popularity: 1
AF Systems security memorandum 5003AF Policy Directive 33-2DOD Directive 5200.28
Popularity: 1
As far as the ARMY is concerned, "The main role of the IASO is to provide Information Assurance oversight, guidance and support to the general user in accordance with the requirements of the Command's Information Assurance program. The IASO must be familiar with IA policy, guidance and training req…
Popularity: 0