Unanswered | Answered

Computer Security Law

Parent Category: Law & Legal Issues
Computer security means protecting the confidentiality, integrity, and availability of information stored on, processed by, and transmitted by computers. In order to achieve this, various governments and organizations have established laws, regulations, and standards for securing computers and the data stored, processed, and transmitted by them. This category is for questions about existing and proposed laws and standards specifically related to computer security including the contents of the laws & regulations, who is legally responsible, who/what the laws/regulations/standards apply to, how the security is evaluated, and how it is documented.
The act requires that data not be disclosed to other partieswithout the consent of the individual whom it is about, unlessthere is legislation or other overriding legitimate reason to sharethe information (for example, the prevention or detection ofcrime). Even residential homes may wind up in...
To a great degree, the Data Protection act of 1998 was passed bythe British Parliament in response to the Directive 95/46/EC of theEuropean Parliament so thatcould be considered the "who" that "invented" the Act. Somewherethere is probably a record of who first introduced the legislationand who...
Most spammers utilize very illegal means to broadcast theirmessages. They usually use bot networks - groups of machines theyhave compromised and turned into "zombies" - to launch theirmassive email barrages. There are several reasons for doing this: 1) since spamming is illegal in many areas, they...
The answer depends partly on what you mean by "loses". If by "loses" you mean that they can't find your information thenthey might be in violation by failing to be able to provide it toyou when requested - but then again, if they can't find it, thenthere may be difficulty proving that they are...
FISMA is the Federal Information Security Management Act of 2002.It was passed as Title III of the E-Government Act (Public Law107-347) in December 2002. FISMA requires each federal agency todevelop, document, and implement an agency-wide program to provideinformation security for the information...
No - the User Representative cannot also be the DAA.
DIACAP is DoD Instruction 8510.01. In that respect, SOME DoD instructions fall under DIACAP, but most DoD instructions have nothing to do with DIACAP.
C. Continue DITSCAP .This might have been a correct answer to a quiz in the past, but DoDI 5200.40 (DITSCAP) and DoD 8510.1-M (DITSCAP Manual) were cancelled when DoDI 8510.01 (DIACAP) was issued on November 28, 2007. If a system does not have a signed Phase One System Security Authorization...
DIACAP has been in force for more that 3 years so a system with aDITSCAP authorization has an EXPIRED authorization and the DAAshould issue a DATO immediately unless the system owner can providejustifcation for continued operation AND sufficient documentationto allow the CA to evaluate the risk of...
Its all about the safety for your customers and their data, if youhave to ask any information from customers, you have to make surethat their information must not leaked out to anyone , their safetyshould be your priority..
Computer crime, "cyberhacking", is in the news today. Warchive, listen or read for maybe 2 weeks and you will possibly see an article. Right now there are several. North Korea has been implicated in cyberattacks, that later was modified. Great Britain was just hit by "the largest cyber...
As far asthe ARMY is concerned, "The main role of the IASO is to provide Information Assuranceoversight, guidance and support to the general user in accordancewith the requirements of the Command's Information Assuranceprogram..The IASOmust be familiar with IA policy, guidance and...
The roles are listed in DoDI 8510. Usually the names of thosefilling the roles will also be listed in the Certification andAccreditation Plan (C&A Plan)
AR 25-2 does not actually specify password length but the Armypassword requirements (from BBP 04-IA-O-0001 which AR 25-2specifies should be followed) are: .All system-level accounts and privileged-level accounts usingpasswords will be a minimum of 15-characters long and changed every60 days .All...
DITSCAP is the outdated version of the DoD process for assessingthe security of DoD information systems. It was replaced by DIACAP.DIACAP is, in turn, being replaced by the RMF process wherecontinuous montoring is to be implemented. DIACAP : .Platform-centric as opposed to system or network...
Program or System Managers (PM or SM) for DoDinformation systems
DoD systems are categorized in two ways: mission assurance category (MAC) and classification level (CL). There are 3 MAC levels: I, II, and III. Refer to DoDI 8500.2 for more details, but in general terms: MAC I systems cannot ever go down - the mission of the organization fails, the war is...
Health Care Industry here all of them 1. Health Care Industry 2. When you are assigning a user's rights, it is dependent upon their job needs . 3. User Accounts applet then change an account and select the account. Then click change the password 4. enter a wrong password 5. Power-On...
"The Sarbanes-Oxley Act of 2002 (SOX), is a United States federal law enacted on July 30, 2002, which set new or enhanced standards for all U.S. public company boards, management and public accounting firms. Compliance to SOX Compliance to SOX is focused specifically on what records need to be...
Yes - DIACAP requires you to review your IA posture. .DoDI 8510.2 (DIACAP) and DoDI 8500.2 both require that the IA posture of all systems belonging to an organization must be reviewed at least once a year. Furthermore, the system must be assessed and undergo reaccreditation by the Principal...
The DIACAP Scorecard conveys compliance with assigned IA Controlsand the IS C&A decision status. The Certifying Authority (CA)has the authority and responsibility for the certification ofinformation systems governed by a DoD Component IA Program.
AR 25-27 does not currently exist. Perhaps you are thinking of AR 25-2? Please provide the full name of the document you are referring to.
The answer depends on what aspect of computer law you want to "do". To actually practice law and litigate on legal matters involving computer usage, software copyrights and patents, etc. you need a law degree in the USA. I'm not sure what is required elsewhere like the UK or India or Japan or South...
The answer depends a bit on what you mean by "sources of responsibility". DoDI 8510.01, paragraph 5.8.5 states that Heads of the DoD Components Appoint DAAs for DoD ISs under their purview so the DAA derives their authority and responsibility from that appointment. Under paragraph 5.9.1, the...
IASO is to ensure that all personnel associated with IS receivesystem-specific and general awareness security training (see AR25-2, para 3-2f) including: .IA training and certification .IA situation and awareness briefing .Information Assurance Workforce Improvement Program .Information...
DoDI 8500.2 assigns responsibilities to role of the IASO as aDIACAP team member.
For both Certified and Uncertified Army personnel assigned as: IAMgmt 1, IA Mgmt 2, IA Mgmt 3 IA Tech 1, IA Tech 2, or IA Tech 3,the IASO course is required.
The Data Protection Act of 1998 ensures that companies andindividuals do everything in their power to ensure that anyinformation held by said company is only kept for as long asreasonably needed, is kept secure and confidential, and is onlyaccessed by authorised persons who have a genuine need to...
Type your answer here... computers are for both business and personal use. we use computers in almost eveyrhing that a human being can do now. we use them to be able to communicate. the whole world is computerized. but the difference between personal and professional use of a computer is what is...
According to paragraph 6.3.1.3.3 of DODI 8500.2, the PM for a system cannot be the DAA for their own system.
Yes. The Principal Accrediting Authority (PAA) is normally the DAA(designated accrediting authority) or AO (accreditingofficial/officer).
The specific requirements will depend on the exact job but they usually fall into just a few categories: Technical .knowledge of how computers work .knowledge of how security appliances like firewalls function .knowledge of how networks work .knowledge of how specific computer hardware...
The status register holds the values of "flags" - bits indicating information about the state of the processor. Usually the bits indicate one of three possible outcomes of an arithmetic function: zero, carry, or overflow. A "Zero" flag means that the result of an operation was "zero" - for example...
The first DIACAP document that lists the team members will usually be a document called the System Identification Profile (SIP).
A Plan of Action and Milestones (POAM) is created to capture corrective actions and track them to completion. Any system receiving an IATO must create this component.
Installation of software, configuration of an IS or connecting any ISs to a distributed computing environment with prior approval.
According to DODI 8510.01: .5.16 . The Program Manager (PM) or System Manager (SM) for DoD ISs shall: 5.16.1 . Ensure that each assigned DoD IS has a designated IA manager (IAM) with the support, authority, and resources to satisfy the responsibilities established in Reference (d) and this...
DAA, CA, SIAO, PM, IAM, and IAO (or IASO) www.lunarline.com - best in the biz
According to DODI 8500.2, the "DIACAP team members" are defined as: .E2.25. DIACAP Team. Comprised of the individuals responsible for implementing the DIACAP for a specific DoD IS. At a minimum the DIACAP Team includes the DAA, the CA, the DoD IS program manager (PM) or system manager (SM), the...
Yes - At each state of the process, the IASO must be notified.
DIACAP requires that the system owner see that a review of the IA posture of their system be conducted at least annually.
According to AR 25-2, the IASO is responsible for enforcing policy guidance and training requirements.
According to section 1-5, paragraph a), AR 25-2 applies to distributed computing environments (DCEs). Software may be installed and configured to allow connection of an IS to a DCE if AR 25-2 is followed and prior approval is granted.
Failure to use a base64 password, allowing the admin to seamlessly integrate authentication protocols
These may be waived under severe complications. You would have totalk to your local office to see if they apply to you.
The secure class of a system to make sure it is protected and secure from other nations.
International Association for the Study of Obesity
In accordance with the army training and BBP certification, the DAA can waive the certification requirements for the army and training due to several operational and personnel constraints.
Logoff their computers at the end of the work day
Encrypting hard drives
Within six months of appointment.
There are no mistakes list to determine which are mistakes. To makesure no mistakes are committed consult a professional.
According to DoD 8510.01 (DIACAP), paragraph 5.16.8, the Program Manager (PM) or System Manager (SM) shall: "Ensure annual reviews of assigned ISs required by FISMA are conducted.".So reviews must occur at least once a year.
As per Section 4-5, paragraph a.(8)(a): All users must receive IA awareness trainingtailored to the system and information accessible before issuanceof a password for network access. The training will include thefollowing: .Threats, vulnerabilities, and risks associated with the system.This...
DAA may waive the certification requirement under severe operational or personnel constraints
Logoff their computers at the end of the work day
We consider scheduling problems in parallel and distributed settings in which we need to schedule jobs on a system offering a certain amount of some resource. Each job requires a particular amount of the resource for its execution. The total amount of the resource offered by the system is different...
The result of encryption of plaintext is cyphertext. When cyphertext is translated back to plaintext, the process is called decryption.
Without knowing the context, it's difficult to be sure. .It could be simply a decimal number, 6,245, with leading zeros. .In computer programming, it is customary to write base 8 (octal) numbers with leading zeros. This could be a number in base 8, since it doesn't contain any digits greater...
If it is a DoD system, then according to DoDI 8510 - yes - it doesrequire prior approval. If it is a commercial system, then the answer will be dependent onthe company policy (but a good company policy WILL require approvalprior to connection).
For IAM level I GISF GSLC Security+ CAP For IAM level II GSLC CSIM CISSP (or CISSP Associate) CAP For IAM level III GSLC CISM CISSP (or CISSP Associate)
IASO stands for "Information Assurance Security Officer." In general terms they are responsible for managing and enforcing DoD Information Assurance rules, regulations, policies, and procedures - in particular those of the US Army. According to AR 25-2, section 3-2 f, the responsibilities an IASO...
This question cannot be answered without first specifying the activity.
According to DoD 8510.01 (DIACAP), paragraph 4.9: "All DoD ISs with an authorization to operate (ATO) shall be reviewed annually to confirm that the IA posture of the IS remains acceptable. Reviews will include validation of IA controls and be documented in writing." And according to...
Information System Security Officer
Both the IAM and the IAO have responsibilities in implementing DIACAP. Table E3.A1.T1 of DoDI 8500.2 states that the System Identification Profile must list the members of the DIACAP team, to wit: .Identify the DIACAP Team (e.g., DAA, the CA, the DoD IS PM or SM, the DoD IS IAM, IAO, and UR. ....
DAA may waive the certification requirement under severe operational or personnel constraints.
A. With the consent of the user or file owner, preferably in writing. .B. While performing system backup and recovery. .C. While performing anti-virus functions. .D. As necessary for the continued operation and system integrity of the AIS. .E. As part of a properly authorized investigation. .F....
8510.01M was signed in 2000 was written to go with DITSCAP (DoDI 5200.40 - signed in 1997), which has since been superseded by DIACAP (DODI 8510.01 - signed in 2007) Ultimately, responsibility for ensuring the training rests with the IAM, but the IAM can, and often does, delegate the...
From a legal standpoint, it's a group of laws designed to protect the rights (and incomes) of creators. From a moral standpoint, it's essentially the same: protecting the rights of creators. Because copyright violations are so easy and so frequent, law enforcement has no chance of monitoring and...
Since under 8500.2, an ATO cannot be issued for more than 3 years, if a system is operating under a DITSCAP package that is 4 years old, its ATO has expired and the DAA can (and should) issue a DATO (Denial of Authorization To Operate), meaning that the system is immediately denied ATC (Authority To...
"Sharing" and "downloading" seem to have slightly different legalstatuses. If you look into all these lawsuits, at LEAST the VASTmajority are people that are allowing their computers to be used as"supernodes", and I would bet money that ALL of the lawsuits areagainst people that have a shared folder...
DODI 8510.01 (DIACAP) is the current DoD process for IA Certification and Accreditation of DoD systems. It replaced DITSCAP.
DIACAP requires that the security posture of any DoD system be evaluated at least annually. A system must undergo the full DIACAP process prior to being placed into service, whenever a major change occurs, and prior the expiration of the accreditation of the system if it already has an ATO. The DAA...
According to DODI 8510.01 (DIACAP), paragraph 4.9: "All DoD ISs with an authorization to operate (ATO) shall be reviewed annually to confirm that the IA posture of the IS remains acceptable. Reviews will include validation of IA controls and be documented in writing." Note that in the case of a...
A DIACAP review has to be executed for every new system, for every major change to an existing system, and at least every 3 years for any currently accredited system.