This document summarizes several key U.S. laws related to information security, including the Communications Act of 1934 (regulates telecommunications), the Computer Fraud and Abuse Act of 1986 (defines laws against computer crimes), and the Health Insurance Portability and Accountability Act of 1996 (regulates privacy of health information). It provides an overview of each law's subject, year of enactment, and brief description. The laws covered address issues such as privacy, financial reporting, encryption, terrorism, and more.
ICT Role in 21st Century Education & its Challenges.pptx
Laws of interest to security professionals
1. Key U.S. Laws of Interest
to Information Security
Professionals
BY : -
Shivani Gamit (Student@SCIT_2011-13)
2. • Act – Communications Act of 1934, updated
by Telecommunications Deregulation and
Competition Act of 1996
• Subject – Telecommunications
• Year – 1934 (amended 1996 and 2001)
• Description – Regulates interstate and foreign
telecommunications
3. • Act – Computer Fraud and Abuse Act (also
known as Fraud and Related Activity in
Connection with Computers)
• Subject – Threats to computers
• Year – 1986 (amended 1994,1996 and 2001)
• Description – Defines and formalizes laws to
counter threats from computer related acts
and offenses
4. • Act – Computer Security Act
• Subject – Federal Agency of Information
Security
• Year – 1987
• Description – Requires all federal computer
systems that contain classified information to
have surety plans in place, and requires
periodic security training for all individuals
who operate, design, or manage such systems
5. • Act – Economic Espionage
• Subject – Trade secrets
• Year – 1996
• Description – Designed to prevent abuse of
information gained by an individual working in
one company and employed by another
6. • Act – Federal Privacy Act
• Subject – Privacy
• Year – 1974
• Description – Governs federal agency use of
personal information
7. • Act – Gramm-Leach-Bliley Act (GLB) or
Financial Services Modernization Act
• Subject – Banking
• Year – 1999
• Description – Focuses on facilitating affiliation
among banks, insurance, and securities firm; it
has significant impact on the privacy of
personal information used by these industries
8. • Act – Health Insurance Portability and
Accountability Act (HIPAA)
• Subject – Health care privacy
• Year – 1996
• Description – Regulates collection, storage,
and transmission of sensitive personal health
care information
9. • Act – Sarbanes-Oxley Act
• Subject – Financial Reporting
• Year – 2002
• Description – Affects how public organizations
and accounting firms deal with corporate
governance, financial disclosure, and the
practice of public accounting
10. • Act – Security and Freedom through
Encryption Act
• Subject – Use and sale of software that uses
or enables encryption
• Year – 1999
• Description – Clarifies use of encryption for
people in the USA and permits all person in
the U.S. to buy or sell any encryption product
and states that the government cannot
require the use of any kind of key escrow
system for encryption product
11. • Act – USA PATRIOT Improvement and
Reauthorization Act
• Subject – Terrorism
• Year – 2006
• Description – Made permanent 14 of the 16
expanded powers of the department of
Homeland Security and the FBI in investigating
terrorist activity