Unanswered | Answered

Computer Security Law

Parent Category: Law & Legal Issues
Computer security means protecting the confidentiality, integrity, and availability of information stored on, processed by, and transmitted by computers. In order to achieve this, various governments and organizations have established laws, regulations, and standards for securing computers and the data stored, processed, and transmitted by them. This category is for questions about existing and proposed laws and standards specifically related to computer security including the contents of the laws & regulations, who is legally responsible, who/what the laws/regulations/standards apply to, how the security is evaluated, and how it is documented.
The act requires that data not be disclosed to other parties  without the consent of the individual whom it is about, unless  there is legislation or other overriding legitimate reason to share  the information (for example, the prevention or detection of  crime). Even residential homes may wind...
To a great degree, the Data Protection act of 1998 was passed by  the British Parliament in response to the Directive 95/46/EC of the  European Parliament so that  could be considered the "who" that "invented" the Act. Somewhere  there is probably a record of who first introduced the legislation...
Most spammers utilize very illegal means to broadcast their  messages. They usually use bot networks - groups of machines they  have compromised and turned into "zombies" - to launch their  massive email barrages. There are several reasons for doing this:   1) since spamming is illegal in many...
The answer depends partly on what you mean by "loses".    If by "loses" you mean that they can't find your information then  they might be in violation by failing to be able to provide it to  you when requested - but then again, if they can't find it, then  there may be difficulty proving...
FISMA is the Federal Information Security Management Act of 2002.  It was passed as Title III of the E-Government Act (Public Law  107-347) in December 2002. FISMA requires each federal agency to  develop, document, and implement an agency-wide program to provide  information security for the...
No - the User Representative cannot also be the DAA.
DIACAP is DoD Instruction 8510.01. In that respect, SOME DoD instructions fall under DIACAP, but most DoD instructions have nothing to do with DIACAP.
C. Continue DITSCAP This might have been a correct answer to a quiz in the past, but DoDI 5200.40 (DITSCAP) and DoD 8510.1-M (DITSCAP Manual) were cancelled when DoDI 8510.01 (DIACAP) was issued on November 28, 2007. If a system does not have a signed Phase One System Security Authorization...
DIACAP has been in force for more that 3 years so a system with a  DITSCAP authorization has an EXPIRED authorization and the DAA  should issue a DATO immediately unless the system owner can provide  justifcation for continued operation AND sufficient documentation  to allow the CA to evaluate...
Its all about the safety for your customers and their data, if youhave to ask any information from customers, you have to make surethat their information must not leaked out to anyone , their safetyshould be your priority..
Computer crime, "cyberhacking", is in the news today. Warchive, listen or read for maybe 2 weeks and you will possibly see an article. Right now there are several. North Korea has been implicated in cyberattacks, that later was modified. Great Britain was just hit by "the largest cyber...
AF Systems security memorandum 5003AF Policy Directive 33-2DOD Directive 5200.28
As far as  the ARMY is concerned,   "The main role of the IASO is to provide Information Assurance  oversight, guidance and support to the general user in accordance  with the requirements of the Command's Information Assurance  program.  The IASO  must be familiar with IA policy, guidance...
The roles are listed in DoDI 8510. Usually the names of those  filling the roles will also be listed in the Certification and  Accreditation Plan (C&A Plan)
AR 25-2 does not actually specify password length but the Army  password requirements (from BBP 04-IA-O-0001 which AR 25-2  specifies should be followed) are:   All system-level accounts and privileged-level accounts using  passwords will be a minimum of 15-characters long and changed every ...
The IAO is not the DAA, but is responsible to the DAA.
DITSCAP is the outdated version of the DoD process for assessing  the security of DoD information systems. It was replaced by DIACAP.  DIACAP is, in turn, being replaced by the RMF process where  continuous montoring is to be implemented.    DIACAP :    Platform-centric as opposed to...
Program or System Managers (PM or SM) for DoD  information systems
DoD systems are categorized in two ways: mission assurance category (MAC) and classification level (CL). There are 3 MAC levels: I, II, and III. Refer to DoDI 8500.2 for more details, but in general terms: MAC I systems cannot ever go down - the mission of the organization fails, the war is lost,...
Health Care Industry here all of them 1. Health Care Industry2. When you are assigning a user's rights, it is dependent upon their job needs.3. User Accounts applet then change an account and select the account. Then click change the password4. enter a wrong password5. Power-On passwords,...
"The Sarbanes-Oxley Act of 2002 (SOX), is a United States federal law enacted on July 30, 2002, which set new or enhanced standards for all U.S. public company boards, management and public accounting firms. Compliance to SOX Compliance to SOX is focused specifically on what records need to be...
Yes - DIACAP requires you to review your IA posture. DoDI 8510.2 (DIACAP) and DoDI 8500.2 both require that the IA posture of all systems belonging to an organization must be reviewed at least once a year. Furthermore, the system must be assessed and undergo reaccreditation by the Principal...
The DIACAP Scorecard conveys compliance with assigned IA Controls  and the IS C&A decision status. The Certifying Authority (CA)  has the authority and responsibility for the certification of  information systems governed by a DoD Component IA Program.
AR 25-27 does not currently exist. Perhaps you are thinking of AR 25-2? Please provide the full name of the document you are referring to.
The answer depends on what aspect of computer law you want to "do". To actually practice law and litigate on legal matters involving computer usage, software copyrights and patents, etc. you need a law degree in the USA. I'm not sure what is required elsewhere like the UK or India or Japan or South...
The answer depends a bit on what you mean by "sources of responsibility".DoDI 8510.01, paragraph 5.8.5 states that Heads of the DoD Components Appoint DAAs for DoD ISs under their purview so the DAA derives their authority and responsibility from that appointment. Under paragraph 5.9.1, the Chairman...
IASO is to ensure that all personnel associated with IS receive  system-specific and general awareness security training (see AR  25-2, para 3-2f) including:    IA training and certification  IA situation and awareness briefing  Information Assurance Workforce Improvement Program ...
DoDI 8500.2 assigns responsibilities to role of the IASO as a  DIACAP team member.
For both Certified and Uncertified Army personnel assigned as: IA  Mgmt 1, IA Mgmt 2, IA Mgmt 3 IA Tech 1, IA Tech 2, or IA Tech 3,  the IASO course is required.
The Data Protection Act of 1998 ensures that companies andindividuals do everything in their power to ensure that anyinformation held by said company is only kept for as long asreasonably needed, is kept secure and confidential, and is onlyaccessed by authorised persons who have a genuine need to...
Type your answer here... computers are for both business and personal use. we use computers in almost eveyrhing that a human being can do now. we use them to be able to communicate. the whole world is computerized. but the difference between personal and professional use of a computer is what is...
According to paragraph 6.3.1.3.3 of DODI 8500.2, the PM for a system cannot be the DAA for their own system.
Yes. The Principal Accrediting Authority (PAA) is normally the DAA  (designated accrediting authority) or AO (accrediting  official/officer).
The specific requirements will depend on the exact job but they usually fall into just a few categories: Technical knowledge of how computers workknowledge of how security appliances like firewalls functionknowledge of how networks workknowledge of how specific computer hardware functions (printers...
The status register holds the values of "flags" - bits indicating information about the state of the processor. Usually the bits indicate one of three possible outcomes of an arithmetic function: zero, carry, or overflow. A "Zero" flag means that the result of an operation was "zero" - for example...
The first DIACAP document that lists the team members will usually be a document called the System Identification Profile (SIP).
A Plan of Action and Milestones (POAM) is created to capture corrective actions and track them to completion. Any system receiving an IATO must create this component.
Installation of software, configuration of an IS or connecting any ISs to a distributed computing environment with prior approval.
According to DODI 8510.01: 5.16. The Program Manager (PM) or System Manager (SM) for DoD ISs shall: 5.16.1. Ensure that each assigned DoD IS has a designated IA manager (IAM) with the support, authority, and resources to satisfy the responsibilities established in Reference (d) and this Instruction.
DAA, CA, SIAO, PM, IAM, and IAO (or IASO) www.lunarline.com - best in the biz
DIACAP sets a minimum on how frequently you MUST conduct reviews but does not limit you to only do it that often. According to DoD 8510.01 (DIACAP), paragraph 4.9: "All DoD ISs with an authorization to operate (ATO) shall be reviewed annually to confirm that the IA posture of the IS remains...
Yes - At each state of the process, the IASO must be notified.
DIACAP requires that the system owner see that a review of the IA posture of their system be conducted at least annually.
According to AR 25-2, the IASO is responsible for enforcing policy guidance and training requirements.
These may be waived under severe complications. You would have to  talk to your local office to see if they apply to you.
The secure class of a system to make sure it is protected and secure from other nations.
International Association for the Study of Obesity
In accordance with the army training and BBP certification, the DAA can waive the certification requirements for the army and training due to several operational and personnel constraints.
Logoff their computers at the end of the work day
Encrypting hard drives
Within six months of appointment.
According to DoD 8510.01 (DIACAP), paragraph 5.16.8, the Program Manager (PM) or System Manager (SM) shall: "Ensure annual reviews of assigned ISs required by FISMA are conducted." So reviews must occur at least once a year.
As per Section 4-5, paragraph a.(8)(a):    All users must receive IA awareness training  tailored to the system and information accessible before issuance  of a password for network access. The training will include the  following:    Threats, vulnerabilities, and risks associated with...
DAA may waive the certification requirement under severe operational or personnel constraints
Logoff their computers at the end of the work day
We consider scheduling problems in parallel and distributedsettings in which we need to schedule jobs on asystem offering a certain amount of some resource. Each jobrequires a particular amount of the resource for its execution.The total amount of the resource offered by the system isdifferent at...
The result of encryption of plaintext is cyphertext. When cyphertext is translated back to plaintext, the process is called decryption.
Without knowing the context, it's difficult to be sure. It could be simply a decimal number, 6,245, with leading zeros.In computer programming, it is customary to write base 8 (octal) numbers with leading zeros. This could be a number in base 8, since it doesn't contain any digits greater than 7. In...
For IAM level I GISF GSLC Security+ CAP For IAM level II GSLC CSIM CISSP (or CISSP Associate) CAP For IAM level III GSLC CISM CISSP (or CISSP Associate)
IASO stands for "Information Assurance Security Officer." In general terms they are responsible for managing and enforcing DoD Information Assurance rules, regulations, policies, and procedures - in particular those of the US Army.According to AR 25-2, section 3-2 f, the responsibilities an IASO are...
This question cannot be answered without first specifying the activity.
According to DoD 8510.01 (DIACAP), paragraph 4.9: "All DoD ISs with an authorization to operate (ATO) shall be reviewed annually to confirm that the IA posture of the IS remains acceptable. Reviews will include validation of IA controls and be documented in writing." And according to paragraph 5...
Information System Security Officer
Both the IAM and the IAO have responsibilities in implementing DIACAP. Table E3.A1.T1 of DoDI 8500.2 states that the System Identification Profile must list the members of the DIACAP team, to wit: Identify the DIACAP Team (e.g., DAA, the CA, the DoD IS PM or SM, the DoD IS IAM, IAO, and UR. Note...
DAA may waive the certification requirement under severe operational or personnel constraints.
A. With the consent of the user or file owner, preferably in writing.B. While performing system backup and recovery.C. While performing anti-virus functions.D. As necessary for the continued operation and system integrity of the AIS.E. As part of a properly authorized investigation.F. All of the...
8510.01M was signed in 2000 was written to go with DITSCAP (DoDI 5200.40 - signed in 1997), which has since been superseded by DIACAP (DODI 8510.01 - signed in 2007) Ultimately, responsibility for ensuring the training rests with the IAM, but the IAM can, and often does, delegate the responsibility...
Since under 8500.2, an ATO cannot be issued for more than 3 years, if a system is operating under a DITSCAP package that is 4 years old, its ATO has expired and the DAA can (and should) issue a DATO (Denial of Authorization To Operate), meaning that the system is immediately denied ATC (Authority To...
"Sharing" and "downloading" seem to have slightly different legalstatuses. If you look into all these lawsuits, at LEAST the VASTmajority are people that are allowing their computers to be used as"supernodes", and I would bet money that ALL of the lawsuits areagainst people that have a shared folder...
DODI 8510.01 (DIACAP) is the current DoD process for IA Certification and Accreditation of DoD systems. It replaced DITSCAP.
DIACAP requires that the security posture of any DoD system be evaluated at least annually. A system must undergo the full DIACAP process prior to being placed into service, whenever a major change occurs, and prior the expiration of the accreditation of the system if it already has an ATO. The DAA...
According to DODI 8510.01 (DIACAP), paragraph 4.9: "All DoD ISs with an authorization to operate (ATO) shall be reviewed annually to confirm that the IA posture of the IS remains acceptable. Reviews will include validation of IA controls and be documented in writing." Note that in the case of a MAC...
A DIACAP review has to be executed for every new system, for every major change to an existing system, and at least every 3 years for any currently accredited system.
No - DIACAP (DoDI 8510.01) superseded DITSCAP (DoDI 5200.40) in 2006.
The best answer is probably to flip the question around to ask when it is acceptable to NOT use a non-privileged account. A non-privileged account should always be used except when it is absolutely necessary (and authorized) to use the permissions assigned to a privileged account. Only those acting...
There are several good sources for DIACAP information. The attached links point to some of them. Note that they generally require a CAC to access.
While DKO (Defense Knowledge Service) elaborates on the roles and responsibilities of DIACAP team members, the authoritative original source is in the DIACAP document: DoDI 8510.01. Section 5.15 details the role of the DAA. Section 5.16 details the role of the Program or System Manager. Section 5.17...
The legality of peer to peer programs depends on the laws of the country you are located in and the way the peer to peer program operates. A key issue is whether the peer to peer program encrypts traffic between the computers. In some nations using such encrypted connections is illegal because they...
How can i apply for the Special Executive Officer in Mumbai? what is the Eligibility Criteria for Being a Special Executive Office? where should i contact for Special Executive Officer ? is there any Contact Number. Please! Reply me ASAP. at mail Id: manoj_shaan12@yahoo.co.in Mobile : +91...