Download United States Federal Code on Computer Crimes Cyber Security Enhancement Act 2002 Description.

Enforces life sentences for hackers who recklessly endanger the lives of others, specifically transportation systems, power companies, or other public services or utilities.
18 U.S.C. § 1029 Fraud and Related Activity in Connection with Access Devices
18 U.S.C. § 1030 Fraud and Related Activity in Connection with Computers
18 U.S.C. § 1362 Communication Lines, Stations, or Systems
18 U.S.C. § 2510 Wire and Electronic Communications Interception and Interception of Oral Communications
18 U.S.C. § 2701 Stored Wire and Electronic Communications and Transactional Records Access

6.11.3 Crimes and Criminal Procedure Section 1029 Subsection (a)

1. Business drivers:
Business drivers represent constraints placed on by external elements. They can be viewed as business objectives with metrics. The drivers measure value, risk, and economic cost. Value drivers determine the worth of assets, of the system to the business, and of the business itself. Risk drivers involve compliance, corporate structure, corporate image, and the risk tolerance of the company. Economic drivers determine productivity impact, competitive advantage, and system cost.

2. IT drivers:
IT drivers represent operational constraints in the general IT environment. For example, the complexity of a system, including its environment, that is exposed to internal and external threats presents risks that the organization must address.

California’s landmark SB1386 was the first data breach law enacted. A data breach law covers the requirements companies have to notify consumers whose personal information has been compromised (such as a copy being stolen or lost, and presumably in the hands of someone not entitled to have that information). A significant majority of U.S. states have followed suit, although each has its own requirements. The four basic tenets are as follows:

1. Notification guidelines: when a company is required to inform people whose data privacy has been breached

2. Penalty for failure to disclose: whether

3. Private right of action: if/when individuals have the right to file a lawsuit

HIPAA’s requirements with respect to business associates are directly relevant to companies and vendors who enter into an outsourcing relationship. HIPAA mandates numerous precautions, restrictions, and obligations of which the vendor as a business associate must be aware. The vendors must agree to comply with the same stringent confidentiality or security requirements and transfer restrictions as those that the HIPAA Rules impose on their clients that are covered entities. For example, being able to respond, within the regulatory time frames, to a patient’s request for an accounting of the disclosures of the patient’s information in the vendor’s custody would require having in place the technology, structure, and personnel necessary to handle the request.

A vendor that offers services to HIPAA-covered entities should take into account the requirements, restrictions, and obligations set forth in the HIPAA Privacy Rule and Security Rule before preparing a proposal for outsourcing services. However, the customer should ensure that the vendor will be able to assist in the compliance, respond to the

Comparison of eight Governance Risk Control (GRC) Regulatory Compliances from Health Insurance Portability and Accountability Act (HIPAA), European Union Data Protection Directive (EUDPD), AICPA Generally Accepted Privacy Principles (GAPP), Payment Card Industry Data Security Standard (PCI DSS, ISO 27002 Code of Practice for Information Security Management, COBIT, The Sarbanes-Oxley Act of 2002 (SOX), Gramm-Leach-Bliley Act (GLBA)

1. Health Insurance Portability and Accountability Act (HIPAA)
HIPAA includes among its components privacy and security rules for the handling of personal and medical information within the health care industry. These rules focus on Protected Health Information (PHI) and electronic PHI (ePHI) that result from efforts to streamline the health care system in the United States and mandate the standardization of electronic transactions, code sets, and identifiers. The privacy and security rules for this act are detailed and prescriptive. Although the regulation focuses on organizations in the U.S. health care industry, it can extend to other organizations if they engage in certain activities, such as managing employee group health plans, or providing services to organizations that this regulation directly affects. If your organization is in the United States and maintains a health plan for its employees, HIPAA most likely applies to the collected and stored information. The U.S. Health and Human Services department (HHS) Office for Civil Rights (OCR) enforces HIPAA regulations.