[Cisspstudy] List of Regulatory Compliances (US Centric World)
Prakash
prakash2757 at yahoo.com
Sun Nov 1 07:42:43 EST 2009
Good day Clement,
Yes. These regulatory compliance are not much of use for CISSP exams as its mostly on common criteria now.
However this will surely increase knowledge of security professional & give them more exposure to the world.
- Prakash
--- On Sat, 10/31/09, Clement Dupuis <clement.dupuis at cccure.com> wrote:
From: Clement Dupuis <clement.dupuis at cccure.com>
Subject: Re: [Cisspstudy] List of Regulatory Compliances (US Centric World)
To: "The CISSP Study Mailing list" <cisspstudy at cccure.org>
Date: Saturday, October 31, 2009, 7:01 PM
Good day Prakash,
This is great information for members of the list living in the USA.
However, for the exam purpose I would not spend too much time on remembering any of those laws. US Specific laws have been removed from the exam a few years ago.
Thanks for yet another contribution
Best regards
Clement
On Sat, Oct 31, 2009 at 16:20, Prakash <prakash2757 at yahoo.com> wrote:
Electronic
Communications Privacy Act regulates the monitoring of online
information unless specific legal directives make exceptions.
Computer Fraud
and Abuse Act of 1986, 18 U.S.C. 1001, established felony penalties for
breaking into federal interest computer systems and penalties for
illegally obtained computer password trafficking. Essentially this law
clarified that unauthorized computer entry was considered illegal. In
the early 1980s, entry into U.S. federal computer systems was not
considered illegal.
Healthcare
Insurance Portability and Accountability Act (HIPAA) provides guidance
on how confidential patient information can be treated and accessed.
E-sign Laws
have become a necessity because several federal and state laws in the
United States and in many other countries now grant digital forms of
transactions the same power as verbal or written contracts (depending
on the country). This provides for a powerful need to validate and
trust online senders of documents and other materials.
Children's
Online Privacy Protection Act (COPPA) specifies practices for Web sites
that cater to children age 13 and under. This is important for retail
and toy sites that may try to attract children in the hopes of having
them influence their parents to choose one product over another.
Children's
Online Protection Act (COPA) essentially provides restrictions for Web
sites that require parental involvement and control to authorize either
site access or some site transactions. This ensures that the child did
not stumble across harmful or dangerous information or activities
without the parents of consent. Note that COPA is under judicial review
because the ACLU (American Civil Liberties Union) has brought the U.S.
government to court on the legality of enforcing the law. A final
decision has not yet been reached (it was sent to a lower court by the
U.S. Supreme Court without judgment in May 2002).
Financial
Services Modernization Act (Gramm-Leach-Bliley Act) requires clear
disclosure of financial institutions of privacy statements, including
how private information is used with affiliates and third parties. The
law requires opt-out ability, which allows consumers the right not to
have their information shared or sold to unknown parties
- Prakash
http://www.linkedin.com/in/prakashp
_______________________________________________
cisspstudy mailing list
cisspstudy at cccure.org
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
-----Inline Attachment Follows-----
_______________________________________________
cisspstudy mailing list
cisspstudy at cccure.org
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20091101/f252ffab/attachment.html>
More information about the cisspstudy
mailing list