Joanna Lyn Grama - Legal Issues in Information Security, 2nd Edition

World Headquarters
Jones & Bartlett Learning
5 Wall Street
Burlington, MA 01803
978-443-5000
www.jblearning.com

Jones & Bartlett Learning books and products are available through most bookstores and online booksellers. To contact Jones & Bartlett Learning directly, call 800-832-0034, fax 978-443-8000, or visit our website, www.jblearning.com.

Substantial discounts on bulk quantities of Jones & Bartlett Learning publications are available to corporations, professional associations, and other qualified organizations. For details and specific discount information, contact the special sales department at Jones & Bartlett Learning via the above contact information or send an email to .

Copyright 2015 Jones & Bartlett Learning, LLC, an Ascend Learning Company

All rights reserved. No part of the material protected by this copyright may be reproduced or utilized in any form, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the copyright owner.

Legal Issues in Information Security, Second Edition is an independent publication and has not been authorized, sponsored, or otherwise approved by the owners of the trademarks or service marks referenced in this product. The screenshots in this product are for educational and instructive purposes only. All trademarks displayed are the trademarks of the parties noted therein. Such use of trademarks is not an endorsement by said parties of Jones & Bartlett Learning, its products, or its services, nor should such use be deemed an endorsement by Jones & Bartlett Learning of said third partys products or services.

Microsoft, Internet Explorer, Windows, Microsoft Office, Microsoft Security Development Lifecycle, and Microsoft Baseline Security Analyzer are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. (ISC)2, CISSP, ISSAP, ISSMP, ISSEP, CSSLP, CCFP, CAP, SSCP, and CBK are registered and service marks of (ISC)2, Inc.

This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional service. If legal advice or other expert assistance is required, the service of a competent professional person should be sought.

Production Credits

Chief Executive Officer: Ty Field

President: James Homer

Chief Product Officer: Eduardo Moura

SVP, Curriculum Solutions: Christopher Will

Director of Sales, Curriculum Solutions: Randi Roger

Editorial Management: High Stakes Writing, LLC, Lawrence J. Goodrich, President

Copy Editor, High Stakes Writing: Ruth Walker

Associate Program Manager: Rainna Erikson

Production Manager: Susan Beckett

Composition: Gamut+Hue, LLC

Rights & Photo Research Associate: Lauren Miller

Manufacturing and Inventory Control Supervisor: Amy Bacus

Senior Marketing Manager: Andrea DeFronzo

Cover Design: Scott Moden

Cover Image: DVARG/ShutterStock, Inc.

Chapter Opener Image: Rodolfo Clix/Dreamstime.com

Printing and Binding: Edwards Brothers Malloy

Cover Printing: Edwards Brothers Malloy

ISBN: 978-1-284-05474-3

Library of Congress Cataloging-in-Publication Data not available at time of printing

6048

Printed in the United States of America
21 20 19 18 17 10 9 8 7 6 5 4 3 2

Contents

To my son, A.J.,
and my husband, Ananth

Preface

Purpose of This Book

This book is part of the Information Systems Security & Assurance Series from Jones & Bartlett Learning (www.jblearning.com). Designed for courses and curriculums in IT Security, Cybersecurity, Information Assurance, and Information Systems Security, this series features a comprehensive, consistent treatment of the most current thinking and trends in this critical subject area. These titles deliver fundamental information-security principles packed with real-world applications and examples. Authored by Certified Information Systems Security Professionals (CISSPs), they deliver comprehensive information on all aspects of information security. Reviewed word for word by leading technical experts in the field, these books are not just current, but forward-thinkingputting you in the position to solve the cybersecurity challenges not just of today, but of tomorrow, as well.

This book discusses information security and the law. Information security is the practice of protecting information to ensure the goals of confidentiality, integrity, and availability. Information security makes sure that accurate information is available to authorized individuals when it is needed. Governments, private organizations, and individuals all use information security to protect information. Sometimes these organizations do a very good job of protecting information. Sometimes they do not.

When governments, private organizations, and individuals do a poor job of protecting the information entrusted to them, legislatures respond with new laws that require a more structured approach to information security. The U.S. federal government has enacted a number of laws that focus on protecting different types of information. This second edition takes into account the changing legal and regulatory landscape since this book was first published. Finding out which law applies to a particular situation, or type of data, is often confusing.

This book tries to help eliminate that confusion. focuses on how to create an information security program that addresses the laws and compliance requirements discussed throughout the book.

Learning Features

The writing style of this book is practical and conversational. Step-by-step examples of information security concepts and procedures are presented throughout the text. Each chapter begins with a statement of learning objectives. Illustrations are used both to clarify the material and to vary the presentation. The text is sprinkled with Notes, Tips, FYIs, Warnings, and sidebars to alert the reader to additional and helpful information related to the subject under discussion. Chapter Assessments appear at the end of each chapter, with solutions provided in the back of the book.

Chapter summaries are included in the text to provide a rapid review or preview of the material and to help students understand the relative importance of the concepts presented.

Audience

The material is suitable for undergraduate or graduate computer science majors or information science majors, students at a two-year technical college or community college who have a basic technical background, or readers who have a basic understanding of IT security and want to expand their knowledge.

Acknowledgments

Some things are even more fun the second time around! Many talented people worked long hours to make the second edition of this book a reality, and they all have my sincere appreciation. I wish to thank Jones & Bartlett Learning for inviting me back to work on this edition. Editors Ruth Walker and Lawrence J. Goodrich (High Stakes Writing, LLC) worked tirelessly to make this project successful. I was honored to work again with talented attorney Michael H. Goldner, JD, CISSP, Dean of EC-Council University, who provided many insightful comments on revisions. And finally, thanks to Carole Jelen, literary agent, for putting this book deal together and answering my many questions with grace and good humor.