The differences between criminal law, civil law,and administrative law are:
Criminal law protects society against acts that violate the basic principles we believe in. Violations of criminal law are prosecuted by federal and state governments.
Civil law provides the framework for the transaction of business between people and organizations.
Violations of civil law are brought to the court and argued by the two affected parties. Administrative law is used by government agencies to effectively carry out their day-to-day business.
The computer fraud and abuse act protects computers used by the government or in interstate commerce from a variety of abuses. The computer security act outlines steps the government must take to protect its own systems from attack. The government information security reform act further develops the federal government information security program.
Copyrights protect original works of authorship, such as books, articles, poems, and songs. Trademarks are names, slogans, and logos that identify a company, product, or service. Patents provide protection to the creators of new inventions. Trade secret law protects the operating secrets of a firm.
The digital millennium copyright act prohibits the circumvention of copy protection mechanisms placed in digital media and limits the liability of Internet service providers for the activities of their users.
The economic espionage act provides penalties for individuals found guilty of the theft of trade secrets. Harsher penalties apply when the individual knows that the information will benefit a foreign government.
Contractual license agreements are written agreements between a software vendor and user. Shrink-wrap agreements are written on software packaging and take effect when a user opens the package. Click-wrap agreements are included in a package but require the user to accept the terms during the software installation process.
The uniform computer information transactions act provides a framework for the enforcement of shrink-wrap and click-wrap agreements by federal and state goverments.
Ni high-performance computers or encryption technology may be exported to tier 4 countries. The export of hardware capable of operating in excess of 0.75 weighted teraflops to tier 3 countries must be approved by the department of commerce. New rules permit the easy exporting of “mass market” encryption software.
The united states has a number of privacy laws that affect the government’s use of information as well as the use of information by specific industries, such as financial services companies and health-care organizations that handle sensitive information. The EU has a more comprehensive directive on data privacy that regulates the use and exchange of personal information.
Most organizations are subject to a wide variety of legal and regulatory requirements related to information security. Building a compliance program ensures that you become and remain compliant with these often overlapping requirements.
The expanded use of cloud services by many organizations requires added attention to conducting reviews of information security controls during the vendor selection process and as part of ongoing vendor governance.