CK CYB 260 Module Three Activity Worksheet

CYB 260 Module Three Worksheet Complete the table below by filling in the three blank columns for each law. Law Briefly describe the law. Whose rights are covered by the law? Who in an organization is responsible for ensuring compliance with the law? Red Flags Rule Requires financial institutions and certain creditors to develop programs identifying and mitigating identity theft risks. Part of the Fair and Accurate Credit Transactions Act (FACTA) of 2003. This rule focuses on protecting consumers from the risks and damages associated with identity theft. It aims to ensure that personal and financial data are handled securely and with vigilance against identity theft. Typically falls to the compliance department, a chief compliance officer, or other designated officials responsible for overseeing fraud and identity theft prevention programs. Payment Card Industry Standards A set of security standards designed to ensure that all entities that store, process, or transmit credit card information maintain a secure environment. Established by the Payment Card Industry Security Standards Council. This standard primarily safeguards cardholder data. It protects personal and financial information associated with payment cards to prevent misuse, fraud, and data breaches. Typically falls to the IT department, specifically the information security team. However, it also involves a cross- functional effort, often requiring coordination with legal, compliance, and operational departments. Children’s Online Privacy Protection Act (COPPA) COPPA imposes certain requirements on operators of websites or online services that are either directed at children under the age of 13 or knowingly collect personal information from children under 13. It also requires website operators to post clear privacy policies, provide direct notice to parents, and maintain the confidentiality, security, and integrity of the personal information collected. COPPA is specifically designed to protect the privacy and safety of children under 13 years of age in the digital space. It safeguards children's personal information on websites and online services, including social networks, games, and mobile apps. This responsibility falls on the operators of websites and online services that target children or collect data from children, including content providers, app developers, and online marketing departments.

Law Briefly describe the law. Whose rights are covered by the law? Who in an organization is responsible for ensuring compliance with the law? Children’s Internet Protection Act (CIPA) Requires schools and libraries that receive federal funding through the E- rate program to implement internet safety policies and to use technology protection measures (such as filters) to block or filter internet access to certain visual depictions. CIPA is focused on protecting children in schools and libraries from exposure to inappropriate content on the internet. It safeguards minors from harmful materials and online interactions, providing a safe online educational environment. Typically the responsibility of the administrators of schools and libraries that benefit from the E-rate program. This includes school principals, library directors, and IT staff who are responsible for implementing filtering technology and enforcing the internet safety policy. Federal Information Security Management Act (FISMA) FISMA is a United States federal law part of the Electronic Government Act of 2002. It requires federal agencies to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations of the agency, including those managed by another agency, contractor, or other source. FISMA is not about individual rights but rather about protecting the nation's critical information infrastructure. It ensures the security, integrity, and availability of federal information systems and data. Typically falls on the heads of each federal agency. Within each agency, Chief Information Officers (CIOs), Chief Information Security Officers (CISOs), and IT security staff play key roles in implementing, managing, and maintaining the required security programs and ensuring compliance. State Data Breach Notification Laws These laws, which vary by state within the United States, require organizations to notify individuals of breaches that involve personally identifiable information. The specifics of these laws, including what constitutes a breach, the timeframe for notification, and the method of notification, can differ significantly from state to state. These laws protect the rights of individuals to be informed about unauthorized access to their personal and sensitive information. They aim to empower individuals to take proactive measures in the event of data breaches that might compromise their personal data. Typically overseen by the legal and compliance departments within an organization. Additionally, IT departments, particularly those involved in data security and information management, play a crucial role in executing the processes in accordance with state laws.