Cybersecurity Law
Authors:
Mireles, Michael S. / Hobaugh Jr., Jack L.
Edition:
1st
Copyright Date:
2022
23 chapters
have results for cybersecurity
Michael S. Mireles’s Cybersecurity Law Part 9 76 results (showing 5 best matches)
- The expansive and evolving area of cybersecurity law requires an understanding of the intersection and interaction of cybersecurity, cybersecurity law, and privacy law. These three areas often overlap but never fully converge. To fully understand cybersecurity law, one must understand the relationships between cybersecurity, cybersecurity law, and privacy law. The authors identify and discuss those relationships throughout the book. Moreover, we will delve into the various substantive areas of cybersecurity, cybersecurity law, and privacy law where those areas are coextensive, but sometimes where they are not.
- We chose the term Cybersecurity Counselor over Cybersecurity Attorney because counselor is a broader term that designates providing cybersecurity-related advice that goes beyond cybersecurity legal issues. A cybersecurity counselor will have the opportunity to advise clients across a broad swath of cybersecurity-related issues. The cybersecurity counselor may be involved in all aspects of a company’s cybersecurity lifecycle, including but not limited to the creation of initial cybersecurity policies, controls, guidance and procedure, risk analysis under a risk analysis framework, business continuity planning, disaster recovery planning, training, and incident response. A competent cybersecurity counselor can become a liaison or bridge between the C-suite or General Counsel’s office and the cybersecurity professional.
- We will also explain the technology that requires cybersecurity and enables the application of technological cybersecurity tools. This is not a technical book, but some level of understanding of the technology is key to understanding the cybersecurity principals and the application of cybersecurity law. Although it may prove helpful, the reader does not require a technical background.
- Often, cybersecurity and cybersecurity law deficiencies do not become apparent until a privacy law enforcement action has been triggered. For example, a data breach that negatively affects persons can trigger tort negligence actions, federal agency cybersecurity enforcement, state data breach notification (privacy) laws, and state AG cybersecurity investigation and enforcement actions. These events often disclose underlying cybersecurity deficiencies and cybersecurity law infractions that would have gone unnoticed without the breach, such as lack of encryption or “reasonable security measures” to safeguard data. It is often only after the discovery of the privacy infraction, that the underlying and arguably, more important cybersecurity law infractions surface.
- What is cybersecurity law and how does it relate to cybersecurity and privacy law? Although the term cybersecurity law has been quickly adopted as an oft-used legal buzz word and big law is quickly adding cybersecurity law as a practice area, a well-adopted definition does not yet exist. As Professor Jeff Kosseff noted in his 2018 law review article, “Defining Cybersecurity Law”, “the U.S. legal system lacks a consistent definition of the term ‘cybersecurity law’.”
- Open Chapter
Michael S. Mireles’s Cybersecurity Law Part 18 65 results (showing 5 best matches)
- This chapter covers risk assessment and cybersecurity frameworks. Cybersecurity frameworks provide the foundation for creating and maintaining industry standard practices for a robust cybersecurity program. The information security (infosec) department will normally own the cybersecurity framework. Although infosec will own the framework, it will take every department from development to legal to implement and maintain the framework. If you are a cybersecurity attorney, you will come to know the framework by heart. A huge part of the framework is risk assessment. If there was not risk in doing business, there would be no need for a framework or infosec. But with the coming of the internet age, came job security for those in the infosec field because with more connectivity and online presence came more cybersecurity risk. This chapter will also address various frameworks with a focus on the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) version 1....
- K-12 Cybersecurity Act
- The Framework for Improving Critical Infrastructure Cybersecurity (“The Framework”) provides a prioritized, flexible, repeatable, performance-based, and cost-effective approach to managing cybersecurity risk at all levels in an organization. It is applicable to organizations of all sizes and sectors. The Framework provides a common language for understanding, managing, and expressing cybersecurity risk both internally and externally. It can be used to help identify and prioritize actions for reducing cybersecurity risk, and it is a tool for aligning policy, business, and technological approaches to managing that risk.
- The Framework focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes. The Framework consists of three parts: the Framework Core, the Implementation Tiers, and the Framework Profiles. The Framework Core is a set of cybersecurity activities, outcomes, and informative references that are common across sectors and critical infrastructure. Elements of the Core provide detailed guidance for developing individual organizational Profiles. Through use of Profiles, the Framework will help an organization to align and prioritize its cybersecurity activities with its business/mission requirements, risk tolerances, and resources. The Tiers provide a mechanism for organizations to view and understand the characteristics of their approach to managing cybersecurity risk, which will help in prioritizing and achieving cybersecurity objectives.
- As the authors acknowledged in the beginning of this book, cybersecurity, cybersecurity law, and privacy law overlap. Privacy cannot be achieved without cybersecurity. Some have confused information privacy law with the protecting the privacy of data. Data does not have privacy protection; people have privacy protection. Data has cybersecurity protection. But without protecting the data, humans cannot achieve privacy. On the heels of cybersecurity frameworks have developed privacy frameworks. Privacy frameworks acknowledge and incorporate and build upon the cybersecurity frameworks. The NIST Privacy Framework Version: A Tool for Improving Privacy Through Enterprise Risk Management, Version 1.0 was introduced on January 16, 2020.
- Open Chapter
Michael S. Mireles’s Cybersecurity Law Part 16 18 results (showing 5 best matches)
- The following materials include some private right of action cases that demonstrate confusion by the courts concerning how to deal with cybersecurity deficiencies and demonstrate the need for state cybersecurity laws that provide a right of action to adequately protect its citizens from data breaches. Indeed, citizens and their data are not protected by poorly conceived or drafted cybersecurity laws, or a failure to enact cybersecurity laws.
- - data security requirements – these can be met by maintaining a cybersecurity framework based on National Institute of Standard and Technology (NIST) Cybersecurity Framework Version 1.1, ISO 27000 series or others.
- As discussed in the preceding chapters, the United States does not have one overarching cybersecurity law but instead relies on a collection of privacy and cybersecurity laws that each cover a specific area. For example, the Health Insurance Portability and Accountability Act (HIPAA) focuses on an individual’s protected health information and the medical industry. In contrast, the Gramm–Leach–Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, focuses on the financial industry. The states have been able to promulgate cybersecurity and privacy laws where the federal government has left a void. The states started with breach notification laws that require notification for their citizens whose personal information has been disclosed. States have also promulgated student data privacy laws. Next, after the European General Data Protection Regulation came the promulgation of privacy rights laws formed as consumer protection laws. And now there is a wave of...
- Part 121 – Strengthening Data Privacy and Security in NY State Educational Agencies to Protect Personally Identifiable Information – was an amendment to Education Law sections 2-d, 101, 207, and 305. Section 121.5 provides the Data Security and Privacy Standard that had to be adopted by New York education agencies by July 1, 2020. Significantly, in Part 121, the Education Department adopted the NIST Cybersecurity Framework (CSF) Version 1.1 “as the standard for data security and privacy for educational agencies.” Other states have also been adopting the NIST CSF 1.1 as a valid framework for demonstrating reasonable cybersecurity standard. In addition to NIST CSF 1.1, many state DPAs have also adopted NIST Special Publication guidelines for demonstrating particular areas of cybersecurity strength and compliance. On January 16, 2020, NIST published version 1.0 of its NIST Privacy Framework that will likely become a companion document to the NIST CSF 1.1 and thus, also a source of...
- This section provides a discussion of the Maryland and Massachusetts breach notification laws. These two breach notification laws are shown to demonstrate notable provisions that the cybersecurity or privacy attorney must be aware of. Notably, both laws do not provide for a private right of action.
- Open Chapter
Michael S. Mireles’s Cybersecurity Law Part 17 21 results (showing 5 best matches)
- Cybersecurity insurance is becoming increasingly important; however, the cost of that insurance is growing in response to the ubiquity of cybersecurity breaches and ransomware attacks. The U.S. Cybersecurity and Infrastructure Security Agency discusses cybersecurity insurance:
- Regulators in the United States and abroad have become more active in issuing cybersecurity guidance and undertaking enforcement activities in response. The President of the United States has named cybersecurity a “top priority and essential to national and economic security.”
- Notably, attorneys should ensure that clients have secured cybersecurity insurance and can verify that service providers, such as cloud services, have adopted reasonable and appropriate cybersecurity measures and cybersecurity insurance. For example, a contract can include requirements concerning adoption of industry or government standards for third party service providers. Additionally, a contract can include representations requiring compliance with relevant law as well as choice of law and forum clauses. Finally, as discussed , a requirement concerning inspection of a third party’s cybersecurity policies, procedures and measures may be prudent.
- The U.S. Cybersecurity & Infrastructure Security Agency discusses cybersecurity insurance:
- In Chapter 4 U.S. Securities and Exchange Commission Cybersecurity, , there is a discussion of a case concerning a securities action related to cybersecurity.
- Open Chapter
Michael S. Mireles’s Cybersecurity Law Part 21 65 results (showing 5 best matches)
- The European Cybersecurity Act was adopted by the European Members of Parliament in 2019.
- establishes the first EU-wide cybersecurity certification framework to ensure a common cybersecurity certification approach in the European internal market and ultimately improve cybersecurity in a broad range of digital products (e.g. Internet of Things) and services.
- This Chapter provides framing information to understand some of the pressing international related issues relating to cybersecurity law. Notably, as discussed in section 13.2, there are numerous reasons why there is not a comprehensive treaty covering cybersecurity law. Thus, this Chapter provides a general overview of some of the important issues related to cybersecurity law from an international perspective. The Chapter reviews the following subjects: 1) Movement Toward a Comprehensive Cybersecurity Treaty; 2) the European Union’s General Data Protection Regulation (GDPR); 3) the European Convention on Cybercrime; 4) the Tallinn Manual (2.0) concerning cyberwar; 5) U.S. Cyberspace Solarium Commission Report; and 6) Regional Free Trade Agreements.
- These issues as well as others have hindered the efforts to adopt a comprehensive cybersecurity law treaty. Commentators have made several proposals to address the international state of cybersecurity law. attempts to develop norms and confidence building measures related to cybersecurity law.
- The United Nations has given attention to cybersecurity for quite some time. This has included resolutions as well as the formation of working groups to address cybersecurity issues. The following discussion provides an overview of some of those efforts.
- Open Chapter
Michael S. Mireles’s Cybersecurity Law Part 12 43 results (showing 5 best matches)
- As noted above, The New York Department of Financial Services [NYDFS] has issued Cybersecurity Regulations. The Cybersecurity Regulations apply to institutions regulation by the NYDFS which generally includes banks, insurance companies and other financial institutions. Notably, the NYDFS cybersecurity regulations contain more specificity than the GLBA Safeguards Rule. The regulations require the creation of a cybersecurity program, a cybersecurity policy, penetration testing and vulnerability assessments, an audit trail, access privileges, application security, risk assessment, cybersecurity personnel and intelligence, third party service provider security policy, multi-factor authentication, limitations on data retention, training and monitoring, encryption of nonpublic information, and an incident response plan. section will discuss the NYDFS cybersecurity regulations as well as other relevant materials, including a recent enforcement action.
- Section 500.02 sets forth the basic requirements for the required cybersecurity program. Importantly, the cybersecurity program is tied to the protection of information systems through the focus on the triad of cybersecurity: confidentiality, integrity and availability. The cybersecurity program is tied to ongoing risk assessment and management. The core functions tied to that risk assessment include identifying and assessing “internal and external cybersecurity risks;” using “defensive infrastructure and implement[ing protective] policies and procedures;” “detecting Cybersecurity Events;” “respond[ing]” to those events “to mitigate any negative effects;” recovery and restoration of “normal operations and services;” and “fulfill applicable regulatory reporting obligations. The NYDFS also has the right to access documentation concerning the cybersecurity program. Notably, Section 500.03 requires written policy or policies concerning “the protection of its Information Systems and...
- Section 500.08 requires the establishment of “written procedures, guidelines and standards to ensure” that “in-house developed applications” and “externally developed applications” are secure and must be “periodically reviewed, assessed, and updated.” Section 500.09 provides additional detail concerning the “conduct [of] periodic Risk Assessment[s]. The “policies and procedures shall include: (1) criteria for the evaluation and categorization of identified cybersecurity risks or threats …; (2) criteria for the assessment of the confidentiality, integrity, security and availability of the Covered Entity’s Information Systems and Nonpublic Information, including the adequacy of existing controls in the context of identified risks; and (3) requirements describing how identified risks will be mitigated or accepted based on the Risk Assessment and how the cybersecurity program will address the risks.” Section 500.10 requires that the cybersecurity program is managed by qualified
- Section 500.11 concerns third party service providers. The covered entity must have “written policies and procedures designed to ensure the security of [information and systems] that are accessible to, or held by Third Party Service Providers.” Those policies and procedures “shall be based on the Risk Assessment of the Covered Entity and shall address to the extent applicable” specific requirements such as “minimum cybersecurity practices required to be met;” “due diligence processes used to evaluate the adequacy of cybersecurity practices;” and “periodic assessments of … risk … and the continued adequacy of [Third Party Service Providers] cybersecurity practices.” Moreover, the policies and procedures, “to the extent applicable, must provide for “guidelines addressing: access controls; encryption; notice concerning cybersecurity events; and “representations and warranties addressing the Third Party Service Provider’s cybersecurity policies and procedures that relate to the security...
- The National Institute of Standards and Technology defines cybersecurity as “the process of protecting information by preventing, detecting, and responding to attacks.” As part of cybersecurity, institutions should consider management of internal and external threats and vulnerabilities to protect information assets and the supporting infrastructure from technology-based attacks.
- Open Chapter
Michael S. Mireles’s Cybersecurity Law Part 20 33 results (showing 5 best matches)
- • Activity 3: Determine how to address customer needs and goals. Manufacturers can determine how to address those needs and goals by having their IoT devices provide particular device cybersecurity capabilities in order to help customers mitigate their cybersecurity risks. To provide a starting point to use in identifying the necessary device cybersecurity capabilities, a companion publication is provided, which is a set of device cybersecurity capabilities that customers are likely to need to achieve their goals and fulfill their needs.
- The NIST has released a guidance document titled, “Foundational Cybersecurity Activities for IOT Device Manufacturers,” in May 2020. The document provides cybersecurity counseling for IOT device manufacturers concerning the development of devices to be sold to consumers. The Executive Summary provides, in relevant part:
- • Activity 2: Research customer cybersecurity needs and goals. Customers’ risks drive their cybersecurity needs and goals. Manufacturers cannot completely understand or anticipate all of their customers’ risks. However, manufacturers can make their devices at least minimally securable by those they expect to be customers of their product and who use them consistent with the expected use cases.
- o Device cybersecurity capabilities that the device provides, as well as cybersecurity functions that can be provided by a related device or a manufacturer service or system.”
- 1. Educate customers of the IoT device and others in the ecosystem about the presence and use of device cybersecurity capabilities. For example, it may be important to educate customers and others about: a. How to use device identifiers b. How to change configuration settings c. How to configure and use access control functionality d. How to use software update functionality, including aspects such as update validation and/or rollback that may be part of the device cybersecurity capability. 2. Educate customers and others about how an IoT device can be securely reprovisioned or disposed of. 3. Make customers and others aware of their cybersecurity responsibilities related to the IoT device and how responsibilities may be shared between them and others, such as the IoT device manufacturer. (e.g., related to maintenance of the IoT device) 4. Make customers and others aware of key assumptions and expectations related to the cybersecurity of the IoT device that were documented,...
- Open Chapter
Michael S. Mireles’s Cybersecurity Law Part 13 52 results (showing 5 best matches)
- Congress created the SEC through the Securities Act of 1934. Congress also passed the Securities Act of 1933. These congressional actions were designed to restore confidence during the Great Depression. As one might expect, cybersecurity was not on the minds of Congress during these actions. But with the advent of computers and computerized trading, the SEC has had to address cybersecurity. The SEC maintains a dedicated Cybersecurity webpage that can be found at:
- Even overseers like the SEC are not immune from cybersecurity risk. In a statement released by the SEC Chairman Jay Clayton on September 20, 2017, titled, “Statement on Cybersecurity,” the Chairman noted that the SEC appears to have experienced cybersecurity breaches as well. The Statement provides, in relevant part:
- The guidance provides the Commission’s views about public companies’ disclosure obligations under existing law with respect to matters involving cybersecurity risk and incidents. It also addresses the importance of cybersecurity policies and procedures and the application of disclosure controls and procedures, insider trading prohibitions, and Regulation FD and selective disclosure prohibitions in the cybersecurity context.
- This chapter includes an examination of regulations enforced by the SEC and the associated enforcement. This chapter also reviews private litigation involving securities fraud and cybersecurity and disclosure issues related to cybersecurity.
- The following three enforcement actions are examples of cybersecurity and cybersecurity-related actions under Regulation S-P and Regulation SCI. The first is a Regulation SCI matter. The following two concern Regulation S-P.
- Open Chapter
Michael S. Mireles’s Cybersecurity Law Part 15 31 results (showing 5 best matches)
- The Department of Labor, Employee Benefits Administration has released cybersecurity best practices for ERISA retirement plan fiduciaries. practices require a relatively robust cybersecurity program. The Cybersecurity Program Best Practices requires:
- The initiative will hold accountable entities or individuals that put U.S. information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches. The benefits of the initiative will include:
- The Department of Transportation also regulates other areas such as trains and automobiles. For example, the Federal Railroad Administration regulates connected trains and released a document titled, “Cybersecurity Risk Management and Railroads.” DEP’T OF TRANSPORTATION, FEDERAL RAILROAD ADMINISTRATION,
- The Federal Student Aid Office of the Department of Education has online resources concerning cybersecurity. Notably, the website includes a data breach reporting form and alerts of threats. The Federal Student Aid Office of the Department of Education released a letter concerning setting forth guidance on cybersecurity issues:
- Federal Student Aid’s Postsecondary Institution Cybersecurity Team (Cybersecurity Team) will also be informed of findings related to GLBA, and may request additional documentation from the institution in order to assess the level of risk to student data presented by the institution or servicer’s information security system.
- Open Chapter
Michael S. Mireles’s Cybersecurity Law Part 11 34 results (showing 5 best matches)
- Moreover, the FTC and courts may analyze that test along with determining whether reasonable and appropriate security measures exist in the cybersecurity context. One possible alternate approach is that the reasonable and appropriate security measures inquiry could be the only test—with an understanding that some injury standard must be satisfied. However, the FTC and courts appear to focus on both tests as, at least, complimentary. Interestingly, the second and third parts of the tests may arguably not always map well on a cybersecurity analysis. For example, customers are usually relying on the expertise of vendors to provide some level of cybersecurity protection, thus, consumers are unlikely to avoid the problem. Moreover, consumers are unlikely to know there is a problem—there is an information asymmetry because knowledge about the practices of the company are held by the company. This is particularly true in cases wherein defendant companies have made deceptive representations...
- As with the FTC cases, the above guidance is part of the normal best practices landscape practiced by cybersecurity professionals and informs what reasonable and appropriate security measures consist of. It is also a clear signal that the FTC is and will be taking an active and proactive role in cybersecurity. However, the broad nature of the inquiry – abstracting away from specific practices – is illustrated, for preventative and remedial purposes, in an article titled, . In that article, Almudena Arcelus, Brian Ellman and Randal S. Milch discuss how businesses should evaluate whether to increase their cybersecurity. The authors point to several questions that should guide the cost benefit analysis of adopting better cybersecurity:
- There may be ambiguity at the margins; however, the company likely to find trouble with the standard is one that treats sensitive data and systems without care and ignores cybersecurity practices. As discussed , the NIST Risk Assessment Framework provides a systematic approach to assessing, identifying and recovering from cybersecurity incidents.
- The following materials provide context for the FTC’s application of the reasonable and appropriate security measures standard for cybersecurity under the unfair practices prong after a brief discussion of the general format of FTC cybersecurity-related orders.
- As with the FTC cases, the above information is part of the normal best practices landscape practiced by cybersecurity professionals. It is also a clear signal that the FTC is and will be taking an active and proactive role in cybersecurity.
- Open Chapter
Michael S. Mireles’s Cybersecurity Law Part 7 31 results (showing 5 best matches)
- CHAPTER ONE. OVERVIEW OF CYBERSECURITY AND CYBERSECURITY LAW
- (B.) Introduction to the Relationship Between Cybersecurity, Cybersecurity Law and Privacy Law and “Reasonable Security Measures”
- (A.) Brief History of Computing in the Cybersecurity Context
- § 1.2 WHAT IS CYBERSECURITY LAW?
- § 1.3 RESPONSIBILITIES OF A CYBERSECURITY PROFESSIONAL
- Open Chapter
Michael S. Mireles’s Cybersecurity Law Part 14 9 results (showing 5 best matches)
- HIPAA is the Health Insurance Portability and Accountability Act of 1996. Most Americans are familiar with the term HIPAA and would probably classify it as a privacy law that protects their medical data. The U.S. Department of Health and Human Services (HHS) provides a Security Rule for the protection of electronic health information. Given the sensitivity of health information, the Security Rule is one of the more detailed rules concerning cybersecurity in the U.S. sectoral approach to cybersecurity. Moreover, there is overlapping enforcement of HIPAA through the HHS, state attorney generals and some forms of private litigation. This chapter reviews the Security Rule and Breach Notification Rules, its enforcement and private litigation concerning HIPAA in the cybersecurity context.
- III. Strengthen Cybersecurity Infrastructure
- with other federal agencies that enforce cybersecurity, the accused normally has the choice to come to terms with the OCR accusations and enter into a resolution agreement. With such an agreement, “the covered entity or business associate agrees to perform certain obligations and make reports to HHS, generally for a period of three years. During the period, HHS monitors the covered entity’s compliance with its obligations. A resolution agreement may include the payment of a resolution amount.”
- An advanced persistent threat (APT) is a long-term cybersecurity attack that continuously attempts to find and exploit vulnerabilities in a target’s information systems to steal information or disrupt the target’s operations. Although individual APT attacks need not be technologically sophisticated, the persistent nature of the attack, as well as the attacker’s ability to change tactics to avoid detection, make APTs a formidable threat.
- (last visited June 7, 2017). As an example of outreach and guidance, The Health and Human Services, Office of Civil Rights, released a Spring 2019 OCR Cybersecurity Newsletter addressing advanced persistent threats and zero day vulnerabilities:
- Open Chapter
Michael S. Mireles’s Cybersecurity Law Part 22 Your search matches the chapter title
- Normally, the authors would not single out ransomware from the myriad of cybersecurity threats and give ransomware a dedicated chapter, but recent events have directed the spotlight on ransomware, and it now deserves its own dedicated chapter.
- - Identify and fix internet-facing vulnerabilities and misconfigurations of software and hardware. This can often be accomplished with available cybersecurity tools to discover the vulnerabilities and then applying software and operating system patches to fix the vulnerability
- unlock encrypted data. Ransom payment was not the direction the City wanted to go, and pursued all avenues to find alternative solutions. In a cost/benefit scenario of rebuilding the City’s data versus paying the ransom, the ransom option far outweighed attempting to rebuild. The inconvenience of a lengthy service outage for residents was also taken into consideration. While there is no way to eliminate the risk of these types of attacks, the City is taking steps to install crypto-safe backups, deploy additional cybersecurity systems, and implement regular vulnerability assessments to prevent future data threats.
- , a ransomware attack may indicate that cybersecurity related laws have been violated. Depending on the business model of the victim as well as the federal regulator, a specific federal regulation may have been violated which may lead to an enforcement action. In some cases, a state agency may be able to enforce a federal regulation such as HIPAA. Notably, the federal Computer Fraud and Abuse Act likely will apply to a ransomware situation as well. Additionally, many states have enacted laws similar to the federal Computer Fraud and Abuse Act which may also apply. Importantly, several states have enacted laws specifically dealing with extortion and the access to computers without authorization. These laws are discussed,
- Open Chapter
Michael S. Mireles’s Cybersecurity Law Part 5 Your search matches the chapter title
Michael S. Mireles’s Cybersecurity Law Part 3 Your search matches the chapter title
Michael S. Mireles’s Cybersecurity Law Part 19 7 results (showing 5 best matches)
- § 11.3 State Cybercrime Laws Related to Cybersecurity
- § 11.3 State Cybercrime Laws Related to Cybersecurity
- Numerous states have adopted similar laws to the CFAA. The following materials consider two examples. The first is the Washington state law, the “Washington Cybercrime Act.” The second is the California state law, the “Comprehensive Computer Data Access and Fraud Act.” The materials also include an overview of other state cybercrime laws related to cybersecurity.
- (C.) Overview of Other State Criminal Cybersecurity-related Laws
- This chapter explores some laws related to prohibiting and addressing hacking. This chapter provides an introduction to numerous federal and state laws. The federal laws include the Computer Fraud and Abuse Act, Defend Trade Secrets Act, Economic Espionage Act, Stored Communications Act and the Digital Millennium Copyright Act’s provisions on anti-circumvention. This chapter also sets forth an examination of two state anti-hacking laws, the Washington Cybercrime Act, and the California Comprehensive Computer Data Access and Fraud Act, and provides an overview of the cybercrime laws of other states that are related to cybersecurity. A common set of facts could result in the violation of several of the aforementioned laws.
- Open Chapter
Michael S. Mireles’s Cybersecurity Law Part 2 Your search matches the chapter title
Michael S. Mireles’s Cybersecurity Law Your search matches the chapter title
Michael S. Mireles’s Cybersecurity Law Part 23 17 results (showing 5 best matches)
- Publication Date: December 28th, 2021
- ISBN: 9781636590196
- Subject: Internet Law
- Series: Hornbooks
- Type: Hornbook Treatises
- Description: This book provides a relatively comprehensive examination of cybersecurity related laws that would be helpful for lawyers, law students, and Chief Information Security Officers (CISOs) and other cybersecurity and privacy professionals. The book outlines and details the U.S. federal sectoral approach to cybersecurity, such as covering the Gramm-Leach-Bliley Act and regulations, and the Health Insurance Portability and Accountability Act Security Rule, as well as an examination of state laws impacting cybersecurity, such as data breach notification, privacy and state education laws. International issues as well as specific topics such as ransomware and the Internet of things are addressed. Notably, the book provides a review of the role of the cybersecurity professional, risk assessment as well as the National Institute of Standards and Technology (NIST) risk assessment framework, and laws related to hacking.