0
Computer Security Law
Computer security means protecting the confidentiality, integrity, and availability of information stored on, processed by, and transmitted by computers. In order to achieve this, various governments and organizations have established laws, regulations, and standards for securing computers and the data stored, processed, and transmitted by them. This category is for questions about existing and proposed laws and standards specifically related to computer security including the contents of the laws & regulations, who is legally responsible, who/what the laws/regulations/standards apply to, how the security is evaluated, and how it is documented.
310 Questions
Contact the DAA to request an IATO while you hurry up and get your act together and get the DIACAP documentation together before they shut the system down!
How often should I change password according to BBP?
10. Army Password Standards BBP
1. All system or system-level passwords and privileged-level accounts (e.g., root, enable,
admin, administration accounts, etc.) will be a minimum of IS-character case-sensitive
password changed every 60 days (lAW JTF-GNO CTO).
Why are hacking websites illegal?
Generally hacking websites are illegal because they involve sharing information on how to perform illegal actions or share information that was gained illegally.
A military IASO is an "Information Assurance Security Officer". It is an Army term equivalent to "IAO" used elsewhere in DOD. According to Ar 25-2, paragraph 3-2f:
DOD uses the term IAO for IASO responsibilities. All IASOs will-
(1) Enforce IA policy, guidance, and training requirements per this regulation and identified BBPs.
(2) Ensure implementation of IAVM dissemination, reporting, and compliance procedures.
(3) Ensure all users meet the requisite favorable security investigations, clearances, authorization, need-to-know, and security responsibilities before granting access to the IS.
(4) Ensure users receive initial and annual IA awareness training.
(5) Ensure log files and audits are maintained and reviewed for all systems and that authentication (for example, password) policies are audited for compliance.
(6) Prepare, distribute, and maintain plans, instructions, and SOPs concerning system security.
(7) Review and evaluate the effects on security of system changes, including interfaces with other ISs and document all changes.
(8) Ensure that all ISs within their area of responsibility are certified, accredited and reaccredited.
(9) Maintain and document CM for IS software (including IS warning banners) and hardware.
(10) Pre-deployment or operational IASOs will ensure system recovery processes are monitored and that security features and procedures are properly restored.
(11) Pre-deployment or operational IASOs will maintain current software licenses and ensure security related documentation is current and accessible to properly authorized individuals.
(12) Tenant IASOs will support and assist tenant IAMs (or the installation IAM if no tenant IAM exists).
(13) Report security violations and incidents to the servicing RCERT in accordance with Section VIII, Incident and Intrusion Reporting.
Does an IA posture of an organization have to be reviewed every two years?
According to DoD regulations, the IA posture of any DoD organization must be reviewed at least annually. FISMA requires that the IA posture of all US government organizations be reviewed at least annually. Many other nations have adopted similar requirements for organizations that they regulate. It should be noted however that the IA postures of paticularly sensitive and/or critical systems need to be reviewed more frequently - perhaps twice a year or even more often depending on the system.
How do you get DIACAP certified?
As an individual, you can't. An information system is what gets accredited for use in the military environment. If you are interested in individual security certification, start with the CompTIA Security+ certification and when you have lots of experience and knowledge, try the Certified Information Systems Security Professional (CISSP) exam.
For the information system accreditation, you start by identifying the military Information Assurance (IA) office that will be handling your system, and then work closely with them to identify and then fulfill their requirements to obtain an Authorization to Operate (ATO).
What does the acronym DIACAP stand for in the army?
DoD Information Assurance Certification and Accreditation Process.
The term is general to all of DoD, not just the Army.
IA posture of an organization will be reviewed every two years?
For US DoD systems: under DIACAP, the IA posture of an organization should be reviewed at least annually. All systems must undergo a complete review at least every 3 years but should also undergo at least a partial review every year (annual security review). More sensitive and more critical systems may be required to undergo review more often - some as often as every 6 months.
NIST recommends pretty much the same.
IASO stands for Information Assurance Security Officer. It is a position described in the Army Information Assurance document AR 25-2. It is equivalent to the IAO pesition described in DoDI 8500.2 and DoDI 8510.01.
What are the three confidentiality levels which are used in the DIACAP?
(1) Classified (2) Sensitive (3) Public
What does the acronym DIACAP stand for?
DoD Information Assurance Certification and Accreditation Process (DIACAP)
It is the title of DoD Instruction 8510.01, which defined the process for certification and accreditation of DoD information systems (computer, computer networks, etc.) for Information Assurance (confidentiality, integrity, availability, non-repudiation, etc.).
It has since been replaced by the RMF process - although as of 2016 some packages were still being allowed to process for accreditation under DIACAP with ATO's issued for much shorter periods of time.
DoD InfDoD Information Assurance Certification and Accreditation Program
ormation Assurance Certification and Accreditation Program
Why don't people understand that hackers are not bad people?
Opinion
Hackers are dangerous and the cause of one of the worst things in America, identity theft. A hacker could destroy lives.
Opinion
Hackers have developed an array of levels of hacking ranging from good hackers to bad hackers. However, a hacker historically is one who searches out and exploits weaknesses in computer systems in order to gain unauthorized access. Some do this simply because they can and breaking into a system is a source of pride for most. Computer hackers typically steal and damage property that doesn't belong to them. Placing all labels and semantics aside, in a civilized society governed by laws that protect its citizens, people who steal are considered "bad" as they should be. Hackers are modern day pirates.
What is difference between Custodian and depository?
Even if terminology can vary depending on jurisdictions, I would make the following distinction (Sorry in advance but I will have to generalise):
- "Depository" is generally (or historically) used to talk about central institutions (nearly utilities) that register the initial deposit of securities on request of the issuer. CSDs are most of the time local organisations built to accomodate the clearing and settlement needs of local traditional exchanges.
- "Custodian" describes a firm (generally banks) that holds securtities on behalf of trading firms.
Patent synergies exists between both activities so the above mentionned distinction is blured in a number of cases:
- A custodian can offer initial depository services to issuers. This model is notably very efficient when the securities are not 100% freely transferable (basically not bearer shares) or when it comes to organising clearing and settlement in multiple currencies.
- A well known European custodian owns several local CSDs and indifferently offers equivalent services via the different entities of the group.
If I stick to the general picture I have just drawn, the custodians are the typical clients of CSDs. To sum up a (very simple) trade life cycle:
1- A trade is carried out on the exchange between two trading firms.
1'- The trade is notified by the exchange to countperparts.
2- It is sent to CCP/Clearing/Settlement agent(s)
2'- The trade is notified by CCP/Clearing
Any deliberate action that compromises the confidentiality, integrity, or availability of a computer would be considered sabotage. Examples would include writing and releasing a virus, worm, or trojan, sending out spam, initiating a denial of service attack, installing a "back door", altering or deleting data, damaging computer equipment, causing data on someone else's computer to become corrupted, encrypting someone's hard drive and holding it hostage until they pay a ransom for the decryption key, intercepting computer traffic and altering it before sending it along (a type of man-in-the middle attack), or causing physical damage to a computer system by deliberate malicious actions. This list is not exhaustive, but it should give you a sense of the types of things that constitute "computer sabotage". One of the most worrisome current threats is the possibility for someone to hack into a control system for some utility and cause it to malfunction. This has already happened when someone hacked into a sewage treatment system in Australia and caused valves to open that caused raw sewage to be discharged without treatment. Other systems such as telephone, electrical power, and transportation remain potentially vulnerable to criminals.
Relating to the data protection act 1998
Transborder data flow deals with the movement of personally identifiable data from one country to another. Hence, "Trans-border"
Would you get sued for downloading but not uploading files on LimeWire?
"Sharing" and "downloading" seem to have slightly different legal statuses. If you look into all these lawsuits, at LEAST the VAST majority are people that are allowing their computers to be used as "supernodes", and I would bet money that ALL of the lawsuits are against people that have a shared folder on their computer with copyrighted files on it, and they are allowing people to download from THEM. If you don't SHARE the music that you DOWNLOAD, then most of the lawyers probably won't even give you a second look. They have MUCH bigger fish to fry, with all the fools out there sharing a million files a day off their "downloaded music" folder. (Of course, these are the same fools that keep programs like LimeWire and KaZaa from becoming a digital DESERT with no files on them, so I don't mean to sound UNGRATEFUL; I'm just saying those are the ones getting sued.)
Answer:It is still illegal either way and it would only be slightly easier for the RIAA to catch people sharing than downloading. But from what I've heard, they aren't suing people who don't share. Honestly, your chances of getting struck by lightning are higher than your chances of getting sued by the RIAA no matter what you do.Answer
Users are less likely to be sued these days because authorities have tried to sue and clampdown on user sharing and downloading files using this method and yet more and more people continue to download illegally.
In Britain, ISP (Internet Service Providers) along with the copyright authorities have now decided that if internet users do not cease to download illegally after being given warnings from ISP's they will then have their broadband internet packages cut off and their internet connections will not longer be available to them.
Just remember its always better to be safe than sorryAnswerIf you want to think about it from a morals/ethics standpoint, downloading copyrighted work for free without the permission of the copyright owner (especially if they want you to pay for it) is like walking into a store and shoplifting a CD. Sharing the file thus downloaded would be equivalent to making copies of a stolen CD and distributing them. In the first case the copyright owner loses the money from a single sale. In the second case they are losing the money from multiple sales. Which one is going to hurt them more? ... which is why you are more likely to get sued for sharing than for only downloading. In both case though, your conscience should bother you and you will be a better person if you actually pay for your copy.
What is covered by data protection act 1998?
- Data has to be kept well secure
-Data isn't allowed to be transferred to any country outside the EU, without similar legislation
-It allows the induvidual the right to access any electronically stored information relating to that individual
-Data is only allowed to be held for only as long as it's neccessary
Hope that's helpful, because I didn't have an clue! I only got the homework a week ago, and then I researched the answer.
What is copyright from moral and legal standpoints?
From a legal standpoint, it's a group of laws designed to protect the rights (and incomes) of creators. From a moral standpoint, it's essentially the same: protecting the rights of creators. Because copyright violations are so easy and so frequent, law enforcement has no chance of monitoring and prosecuting every violator; thus, it functions more on the "honor system," relying heavily on individuals' ethical and moral codes to ensure the rights of creators are respected.
Classified data must be handled and stored properly based on classification marking and what else?
Classified information data must be handled and stored properly based on classification markings and handling caveats.
How long do IASO personnel get to complete the IASO course?
According to AR 25-2, paragraph 4-3a (5), an IASO must
Complete an IASO Course within 6 months of appointment.
