Computer Security Law

Computer security means protecting the confidentiality, integrity, and availability of information stored on, processed by, and transmitted by computers. In order to achieve this, various governments and organizations have established laws, regulations, and standards for securing computers and the data stored, processed, and transmitted by them. This category is for questions about existing and proposed laws and standards specifically related to computer security including the contents of the laws & regulations, who is legally responsible, who/what the laws/regulations/standards apply to, how the security is evaluated, and how it is documented.

530 Questions
Job Descriptions
Computer Security Law

What is the job description of an IASO?

IASO stands for "Information Assurance Security Officer." In general terms they are responsible for managing and enforcing DoD Information Assurance rules, regulations, policies, and procedures - in particular those of the US Army.

According to AR 25-2, section 3-2 f, the responsibilities an IASO are:

(1) Enforce IA policy, guidance, and training requirements per this regulation and identified BBPs.

(2) Ensure implementation of IAVM dissemination, reporting, and compliance procedures.

(3) Ensure all users meet the requisite favorable security investigations, clearances, authorization, need-to-know, and

security responsibilities before granting access to the IS.

(4) Ensure users receive initial and annual IA awareness training.

(5) Ensure log files and audits are maintained and reviewed for all systems and that authentication (for example,

password) policies are audited for compliance.

(6) Prepare, distribute, and maintain plans, instructions, and SOPs concerning system security.

(7) Review and evaluate the effects on security of system changes, including interfaces with other ISs and document

all changes.

(8) Ensure that all ISs within their area of responsibility are certified, accredited and reaccredited.

(9) Maintain and document CM for IS software (including IS warning banners) and hardware.

(10) Pre-deployment or operational IASOs will ensure system recovery processes are monitored and that security

features and procedures are properly restored.

(11) Pre-deployment or operational IASOs will maintain current software licenses and ensure security related

documentation is current and accessible to properly authorized individuals.

(12) Tenant IASOs will support and assist tenant IAMs (or the installation IAM if no tenant IAM exists).

(13) Report security violations and incidents to the servicing RCERT in accordance with Section VIII, Incident and

Intrusion Reporting.

185186187
MP3 Players Audio and Sound Systems
Computer Security Law

Is it illegal to put an MP3 on a website?

== == If you do not own the copyright to the music/song and do not have the express permission of the legal copyright holder, then yes, it is illegal. Especially if you plan to share the file. Of course, this does not apply to material in the public domain. Or your own works (your work is somewhat protected whether you have filed with the US Copyright Office. I say "somewhat," because by officially filing you have a better chance of protecting yourself and your intellectual property, because you then have legal proof of possession.) Same applies to logos used without express consent -- unless it is your own creation. Logos are protected by trademarks rather than copyright. You could be setting yourself up for serious legal trouble if you wrongly use Intellectual Property owned by someone else. Does the word "theft" ring a bell? As a songwriter and artist myself, I have the right to protect my creative property and I will. Artists work harder than many people realize and it is unfair, immoral and just plain wrong to deny the copyright/trademark owner the credit or income they are due. Now... Even if you are using public-domain material or your own works, some web-space providers do not allow MP3 or other multimedia files on websites on their servers. Check your TOS.

182183184
Celebrity Fan Contact Information
US Army
Computer Security Law

When an Army organization wishes to establish an external official presence on the Internet they must first contact the appropriate IAM and Privacy Act official who will assess what?

A: Threats

979899
Computer Security Law

What is statutory compliance?

In simple words: "statutory" means "the laws and regulations". Complying with central and state acts will keep the company safe from legal risks. In terms of Computer Security this relates to local, state, national, and international laws governing the use of computers as well as the data they hold, process, and transmit. Examples of this would be complying with Sarbanes-Oxley and/or HIPPA in the USA and the EU Data Protection Directive in the EU.

In more detail:

Statutory compliance Statutory means "of or related to statutes," or what we normally call laws or regulations. Compliance just means to comply with or adhere to. So statutory compliance means you are following the laws on a given issue. The term is most often used with organizations, who must follow lots of regulations. When they forget or refuse to follow some of those regulations, they are out of statutory compliance. A company that follows all the rules, is in statutory compliance. Many companies are out of statutory compliance, in part because the cost of following the rule is too high, and/or the consequence is too small to worry about. For example, when you start a new business in most USA cities, you are supposed to go down to the courthouse and file a form stating what business you are now in. If you don't file it, few people will ever notice, and if they do, they usually just tell you to file it now. It behooves any company that uses computers to know what the relevant regulations are for their business, especially if they use computers to store, process, or transmit customer or employee data. If they are publicly traded, there will also be laws about handling, storing, transmitting, retaining, destroying, and disseminating that financial information.

959697
US Air Force History and Traditions
Computer Security Law

In accordance with AR 25-2 whose responsibility is it to ensure all users receive initial and annual IA awareness training?

IASO

789
Computer Security Law

Would you get sued for downloading but not uploading files on LimeWire?

"Sharing" and "downloading" seem to have slightly different legal statuses. If you look into all these lawsuits, at LEAST the VAST majority are people that are allowing their computers to be used as "supernodes", and I would bet money that ALL of the lawsuits are against people that have a shared folder on their computer with copyrighted files on it, and they are allowing people to download from THEM. If you don't SHARE the music that you DOWNLOAD, then most of the lawyers probably won't even give you a second look. They have MUCH bigger fish to fry, with all the fools out there sharing a million files a day off their "downloaded music" folder. (Of course, these are the same fools that keep programs like LimeWire and KaZaa from becoming a digital DESERT with no files on them, so I don't mean to sound UNGRATEFUL; I'm just saying those are the ones getting sued.)

Answer:It is still illegal either way and it would only be slightly easier for the RIAA to catch people sharing than downloading. But from what I've heard, they aren't suing people who don't share. Honestly, your chances of getting struck by lightning are higher than your chances of getting sued by the RIAA no matter what you do.

Answer

Users are less likely to be sued these days because authorities have tried to sue and clampdown on user sharing and downloading files using this method and yet more and more people continue to download illegally.

In Britain, ISP (Internet Service Providers) along with the copyright authorities have now decided that if internet users do not cease to download illegally after being given warnings from ISP's they will then have their broadband internet packages cut off and their internet connections will not longer be available to them.

Just remember its always better to be safe than sorryAnswer

If you want to think about it from a morals/ethics standpoint, downloading copyrighted work for free without the permission of the copyright owner (especially if they want you to pay for it) is like walking into a store and shoplifting a CD. Sharing the file thus downloaded would be equivalent to making copies of a stolen CD and distributing them. In the first case the copyright owner loses the money from a single sale. In the second case they are losing the money from multiple sales. Which one is going to hurt them more? ... which is why you are more likely to get sued for sharing than for only downloading. In both case though, your conscience should bother you and you will be a better person if you actually pay for your copy.

939495
Estates
Computer Security Law

What is difference between Custodian and depository?

Even if terminology can vary depending on jurisdictions, I would make the following distinction (Sorry in advance but I will have to generalise):

- "Depository" is generally (or historically) used to talk about central institutions (nearly utilities) that register the initial deposit of securities on request of the issuer. CSDs are most of the time local organisations built to accomodate the clearing and settlement needs of local traditional exchanges.

- "Custodian" describes a firm (generally banks) that holds securtities on behalf of trading firms.

Patent synergies exists between both activities so the above mentionned distinction is blured in a number of cases:

- A custodian can offer initial depository services to issuers. This model is notably very efficient when the securities are not 100% freely transferable (basically not bearer shares) or when it comes to organising clearing and settlement in multiple currencies.

- A well known European custodian owns several local CSDs and indifferently offers equivalent services via the different entities of the group.

If I stick to the general picture I have just drawn, the custodians are the typical clients of CSDs. To sum up a (very simple) trade life cycle:

1- A trade is carried out on the exchange between two trading firms.

1'- The trade is notified by the exchange to countperparts.

2- It is sent to CCP/Clearing/Settlement agent(s)

2'- The trade is notified by CCP/Clearing

919293
Database Programming
US Military
Computer Security Law

What type of data must be handled and stored properly based on classification markings and handling caveats?

Hhgh

646566
Computer Network Security
Computer Security Law

Does IA BBP requires the IASO to ensure personnel receive system-specific and annual IA awareness training?

According to AR 25-2, the IASO is to ensure personnel receive system-specific and annual IA awareness training. Since AR 25-2 is the Army doctrine for Information Assurance, it could be considered BBP to follow it.

717273
Copyright Law
Technology
Computer Security Law

What is copyright from moral and legal standpoints?

From a legal standpoint, it's a group of laws designed to protect the rights (and incomes) of creators. From a moral standpoint, it's essentially the same: protecting the rights of creators. Because copyright violations are so easy and so frequent, law enforcement has no chance of monitoring and prosecuting every violator; thus, it functions more on the "honor system," relying heavily on individuals' ethical and moral codes to ensure the rights of creators are respected.

495051
Computer Security Law

Levels which are used in the DIACAP?

DoD systems are categorized in two ways: mission assurance category (MAC) and classification level (CL).

There are 3 MAC levels: I, II, and III.

Refer to DoDI 8500.2 for more details, but in general terms:

MAC I systems cannot ever go down - the mission of the organization fails, the war is lost, people die - bad, bad stuff happens if the system goes down without another system coming on line immediately to take over for it

MAC II systems cannot be down for very long. When they are down, mission capability is degraded until the capability is restored. A great many DoD systems fall in this category

MAC III systems need to be back up and running as soon as reasonable. They are not critical or vital to operations but do impact day to day operations. Public facing web sites, continuing learning sites, stuff like that are typical MAC III systems

There are 3 CL levels: classified, sensitive, public

Classified includes system handling information with Confidential, Secret, and Top Secret classifications

Sensitive includes systems handling unclassified information that is nevertheless sensitive such as Personal information (PII) like soldiers social security numbers, annual personnel evaluations, etc, as well as information that is FOUO or CUI (controlled unclassified information.

Public includes systems handling information open to the public such as public DoD web sites.

616263
Software Security
Computer Security Law

What is the BitLocker used for?

Encrypting hard drives

555657
Science
Bachelor of Commerce (BCom)
Computer Security Law

What is the full form of IS officer?

Indian Services Officer

202122
Computer Security
Google
Computer Security Law

What are the advantages and disadvantages of quantum cryptography?

it detects eve's dropping

454647
Acronyms & Abbreviations
Computer Security Law

When does DIACAP requires you to review your IA posture?

DIACAP requires that the system owner see that a review of the IA posture of their system be conducted at least annually.

434445
Computer Security Law

Is a hack or a crack illegal?

A Hacker is good, he hacks websites to find weaknesses-which he will report (he is a white hat hacker) and a cracker is a malicious user who wants to break into websites for personal gain or to vandalise it (black hat)

414243
Copyright Law
Computer Security Law

What is a criterion used in fair use decisions?

According to 17 U.S.C. § 107, there are at least 4 criteria:

In determining whether the use made of a work in any particular case is a fair use the factors to be considered shall include:

  1. the purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational purposes;
  2. the nature of the copyrighted work;
  3. the amount and substantiality of the portion used in relation to the copyrighted work as a whole; and
  4. the effect of the use upon the potential market for or value of the copyrighted work.

In addition, the majority of court decisions since 1994 have relied on a notion of "transformativeness;" a popular definition of this comes from Pierre Leval's 1990 article "Toward a Fair Use Standard," which states a transformative use "must employ the quoted matter in a different manner or for a different purpose from the original."

373839
Economics
Software Engineering
Computer Security Law

What is resource allocation problem in DAA?

We consider scheduling problems in parallel and distributed

settings in which we need to schedule jobs on a

system offering a certain amount of some resource. Each job

requires a particular amount of the resource for its execution.

The total amount of the resource offered by the system is

different at different points of time. Our goal is to choose a

subset of jobs and schedule them such that at any timeslot,

the total amount of resource requirement does not exceed the

total amount of the resource available at that timeslot. We

wish to maximize the profit of the chosen subset of jobs.

The problem formulation is motivated by its applications

in environments such as cloud computing and bandwidth

allocation in networks. Below, we describe a real-life problem

encountered in scheduling scientific applications on a

massively parallel system.

We now describe a scheduling problem typically faced in

the scenario where a number of users are trying to execute

scientific applications on either a cluster of machines or a

supercomputer. The users have to make reservations for the

resources in order to execute their jobs. But, as there are

multiple users competing for the same resources, a user may

not be allocated all the resources she requested. For the sake

of simplicity, let us assume that the resources are processors

on the supercomputer or machines on the cluster. Consider

a particular user. The number of processors (or machines)

allocated to the user may be different at different points of

time (because of reservation policies and the presence of

critical jobs) The user gets to know in advance the number

of processors allocated to her for each timeslot. The user

has a set of jobs that she wishes to execute. Each job of the

user has a requirement on the number of processors needed

for execution. In addition, each job has a release time, a

processing time, a deadline and a profit. The user would

like to select a subset of jobs and schedule them in such

a way that at any timeslot, the total number of processors

required by the jobs active at the timeslot does not exceed the

total number processor available to the user at that timeslot.

Naturally, the user would wish to choose the subset of jobs

having the maximum profit. We would like to highlight that

such a scenario is frequently encountered in practice. We

assume that a job can be executed on any subset of machines

or processors as long as the resource requirement is met (i.e.,

the machines/processors are identical) and the jobs may not

be preempted. In fact, we consider a more general scenario

where job can even specify a set of time intervals where it

can be scheduled; note that this generalizes the notion of

release time and deadline.

Motivated by scheduling and bandwidth allocation scenarios

such as the above one, we study an abstract problem that

we call the Varying bandwidth resource allocation problem

with bag constraints (BAGVBRAP). We use bandwidth as

a generic term to refer to the quantity of the resource

under contention. So, the input will specify the bandwidth

available at each timeslot, and for each job, its bandwidth

requirement and the different time intervals in which it can

be scheduled. This kind of interval selection or interval

scheduling problems arise naturally in practice. We refer

to [1], [2], [3] for real-life applications of interval selection

and scheduling in parallel and distributed computing and

network management. The BAGVBRAP problem also has

applications in smart energy management. Here, we have a

set of electrical appliances that need to be scheduled over a

period of time, during which the amount of available power

may vary, due to the use of different power sources. The

BAGVBRAP problem generalizes several previously studied

scheduling and resource allocation problems. We next define

the problem and then discuss prior

373839
Law & Legal Issues
Computer Security Law

What is the maximum jail sentence penalty for knowingly setting up a buffer overflow attack?

Under 18 U.S.C 1030, subsection (a)(5)(A) it is a criminal offense to:"knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer". Knowingly setting up a buffer overflow attack would fall under this description.

Under 18 U.S.C (c)(4), the penalty would be: "a fine under this title, imprisonment for not more than 5 years, or both"

313233
Politics and Government
Mumbai
Computer Security Law

How can apply for special executive officer in Mumbai?

How can i apply for the Special Executive Officer in Mumbai?

what is the Eligibility Criteria for Being a Special Executive Office?

where should i contact for Special Executive Officer ? is there any Contact Number.

Please! Reply me ASAP. at

mail Id: manoj_shaan12@yahoo.co.in

Mobile : +91-9820045515.

192021
Computer Security Law
US Army
US Military Law

What is AR 25-2?

AR 25-2 is Army Regulation 25-2, Information Management, Information Assurance. According to the executive summary of AR 25-2:

Summary. This regulation provides Information Assurance policy, mandates , roles, responsibilities, and procedures for implementing the Army Information Assurance Program, consistent with today's technological advancements for achieving acceptable levels of security in engineering, implementation, operation, and maintenance for information systems connecting to or crossing any U.S. Army managed network.

Applicability. This regulation applies to the Active Army, the Army National Guard/Army National Guard of the United States, and the U.S. Army Reserve, unless otherwise stated. Also, it applies to all users, information systems, and networks a t all information classification levels; program executive officers; direct reporting program managers; strategic, tactical, and non-tactical environments or installations; internal or external organizations, services, tenants, or agencies.

313233
Computer Security Law

Are dod instruction under DIACAP?

DIACAP is DoD Instruction 8510.01. In that respect, SOME DoD instructions fall under DIACAP, but most DoD instructions have nothing to do with DIACAP.

293031
Computer Security Law

How do you get DIACAP certified?

As an individual, you can't. An information system is what gets accredited for use in the military environment. If you are interested in individual security certification, start with the CompTIA Security+ certification and when you have lots of experience and knowledge, try the Certified Information Systems Security Professional (CISSP) exam.

For the information system accreditation, you start by identifying the military Information Assurance (IA) office that will be handling your system, and then work closely with them to identify and then fulfill their requirements to obtain an Authorization to Operate (ATO).

282930
Jobs & Education
Microsoft Excel
Computer Security Law

Why would the police use a spreadsheet?

Police could use spreadsheets in several ways:

as a simple database

to track trends in crime

to track expenses

to predict future trends based on past patterns (fit the data to a line or curve and then look at where the curve goes)

272829
Computer Security Law

Is the system administrator responsible for ensuring that each assigned DoD information system has a designated Information Assurance Manager with the support authority and resources to sat?

According to DODI 8510.01:

5.16. The Program Manager (PM) or System Manager (SM) for DoD ISs shall:

5.16.1. Ensure that each assigned DoD IS has a designated IA manager (IAM) with the support, authority, and resources to satisfy the responsibilities established in Reference (d) and this Instruction.

So - no - the system administrator is not responsible; the PM or SM is responsible

272829

Copyright © 2020 Multiply Media, LLC. All Rights Reserved. The material on this site can not be reproduced, distributed, transmitted, cached or otherwise used, except with prior written permission of Multiply.