Books


Information Security Law: Control of Digital Assets

Annual Subscription with Automatic Renewal

Mark G. Milone


Add To Cart

“An essential tool for any lawyer or businessman concerned about liability from data security breaches or SOX violations.”   —Warren E. Agin, Swiggart & Agin, LLC “In ‘Information Security Law: Control of Digital Assets', Mark Milone offers a comprehensive and useable desk reference, invaluable to counsel wrestling with U.S. information security issues (from incident reaction, to breach notification, to security planning). Through extensive cross-referencing, this pulls together the mosaic of applicable rules and yields a comprehensible road-map to assessing information security obligations.”
Vincent I. Polley, partner at Dickinson Wright PLLC
and former chair of the ABA's Cyberspace Law Committee


For most organizations, an effective information security policy is vitally important. In some instances, it is a legal requirement.

Information Security Law: Control of Digital Assets provides encyclopedic coverage of both the technologies used to protect a network and the laws and policies that bolster them. It is filled with practical advice on all aspects of implementing effective internal controls, protecting user privacy, preventing computer crimes, leveraging intellectual property and avoiding regulatory scrutiny.

Written for lawyers, compliance officers, network administrators, and anyone who oversees the preservation and use of networked data, this important book examines such topics as: ensuring the accuracy of data used to generate financial reports; protecting consumers' personally identifiable information; the Gramm-Leach-Bliley Act's privacy and safeguards rules; HIPAA restrictions on the use of medical information; state and federal remedies for attacks on computer systems; avoiding liability when monitoring computer systems; and more.

Whether your responsibilities include securing networks or creating an adequate plan for responding to security incidents, Information Security Law: Control of Digital Assets will make a difficult job much easier.

Book #00684; looseleaf, one volume, 1,080 pages, published in 2006, updated as needed; no additional charge for updates during your subscription. Looseleaf print subscribers receive supplements. The online edition is updated automatically. ISBN: 978-1-58852-139-2


Satisfaction Guarantee: You will always have a full 30 days from receipt in which to review any book. If you don’t want the book, simply return it in resalable condition within 30 days of receipt and write “cancel” on the invoice. If you paid by credit or debit card you will receive a full refund of the purchase price (excluding return shipping & handling). eBook returns are only available if the eBook has not yet been downloaded and updates made available during any subscription term are not refundable.
For more information about online access and our downloadable EPUB format see our FAQ.

  • Availability: Available
  • Brand: Law Journal Press
  • Product Type: Books
  • Edition: 0
  • Page Count: 1080
  • ISBN: 978-1-58852-139-2
  • Pub#/SKU#: 684
  • Volume(s): 1

Author Image
  • Mark G. Milone
Mark G. Milone is founder of VirtuLaw.com and Information Technology Counsel at The Boeing Company. His practice includes technology licensing, intellectual property, corporate governance, data privacy, and joint ventures. Mr. Milone has developed legal courses for various organizations such as the SANS Institute and his prior publications include Hacktivism: Securing the National Infrastructure and Biometric Surveillance: Searching for Identity. His most recent course, InfoSec Law: Hacking the U.S. Code, is available at http://virtulaw.com.** Mr. Milone can be reached at milone@virtulaw.com.

* This book does not necessarily reflect the views of of the Boeing Company.
** Application for accreditation of this non-transitional course in New York is currently pending.

CHAPTER 1
Information Technology

§ 1.01 Networks
[1] Cyberspace
[2] National Infrastructure
[3] Network “Laws”
[4] Network Classification
[5] Network Access
[6] Authentication
§ 1.02 Data
[1] Stored Data
[2] Communications
[3] Data Classification
§ 1.03 Network Attacks
[1] Primary Vulnerabilities
[1A] Network Intruders
[2] Attack Modes
[3] Malicious Code
[4] Distributed Denial of Service Attacks
[5] Social Engineering
§ 1.04 Network Security
[1] Encryption
[2] Firewalls
[3] Anti-Virus Software
[4] Intrusion Detection Systems
[5] Filtering
[6] Vulnerability Research
[7] National Cybersecurity

CHAPTER 2
Corporate Governance

§ 2.01 Regulation and Enforcement
[1] Commission Censure
[2] Whistleblowing
§ 2.02 Public Company Accounting Oversight Board
[1] Board Responsibility
[2] Board Powers
[3] Board Rules
[4] Public Accounting Firms
[5] Audit Report Standards
[6] Public Accounting Firm Inspections
[7] Public Accounting Firm Investigations
[8] Disciplinary Proceedings
[9] Commission Oversight
[10] Accounting Standards
§ 2.03 Auditor Independence
[1] Non-Audit Services
[2] Pre-Approval Requirements
[3] Audit Partner Rotation
[4] Auditor Reports
[5] Auditor Conflicts of Interest
[6] Mandatory Rotation
§ 2.04 Corporate Responsibility
[1] Audit Committees
[2] Financial Report Certification
[3] Improper Influence
[4] Profit Forfeiture
[5] Attorney Professional Responsibility
[6] Corporate Information Security
[7] Corporate Accountability
[8] Insider Trading
§ 2.05 Enhanced Financial Disclosures
[1] Periodic Report Disclosures
[2] Personal Loans
[3] Stockholder/Management Transactions
[4] Management’s Internal Control Assessment
[5] Senior Financial Officer Ethics
[6] Audit Committee Financial Expert Disclosure
[7] Enhanced Periodic Disclosure Review
[8] Real Time Disclosures
[9] Securities Analyst Conflicts of Interest

CHAPTER 3
Policies and Procedures

§ 3.01 Information Security Policies
[1] Security Policy Implementation
[2] Incident Response Policies
§ 3.02 Privacy Policies
§ 3.03 Employment Policies
[1] Hostile Work Environment
[2] Sexual Harassment
[3] Confidentiality
[4] Electronic Mail
[5] Employee Privacy
[6] Employee Passwords
[7] Copyrighted Materials
§ 3.04 Authorized Use Policies
[1] Network Resources
[2] Acceptable Uses
[3] Unacceptable Uses
§ 3.05 Monitoring Policies
[1] Monitoring Policy Scope
[2] Network Banners
[3] Monitoring Liability
§ 3.06 Data Management Policies

CHAPTER 4
Consumer Data Privacy

§ 4.01 Federal Trade Commission Act
[1] FTCA Compliance
[2] International Privacy Compliance
§ 4.02 Fair Information Practice Principles
[1] Notice
[2] Choice
[3] Access
[4] Integrity
[5] Enforcement
§ 4.03 Children’s Online Privacy Protection Act
[1] Verifiable Consent Exceptions
[2] COPPA Safe Harbors
[3] COPPA Liability

CHAPTER 5
Financial Data Privacy

§ 5.01 Financial Institutions
[1] Board Determination
[2] Exclusions to “Financial Institution”
§ 5.02 Disclosure of Personal Information
[1] Nonpublic Personal Information
[2] Notice and Opt-Out Exceptions
[3] Reuse
[4] Account Numbers
§ 5.03 Financial Institution Privacy Policies
§ 5.04 Financial Institution Regulation
§ 5.05 Gramm-Leach-Bliley Privacy Rules
§ 5.06 Safeguards Rules
[1] FTC Safeguards Rule
[2] SEC Safeguards Rule
[3] Bank Safeguards Rule
§ 5.07 Pretexting
[1] Pretexting Exceptions
[2] Pretexting Enforcement
[3] Pretexting Criminal Penalties
[4] Pretexting Ethics

CHAPTER 6
Credit Data Privacy

§ 6.01 Fair Credit Reporting Act
[1] FCRA and State Laws
[2] Consumer Reporting Agencies
§ 6.02 Consumer Reports
[1] Consumer Report Content
[2] Procuring Consumer Reports
[3] Investigative Consumer Reports
[4]  Compliance Procedures
§ 6.03 Disclosures to Consumers
[1] Summary of Rights
[2] Consumer Disclosure Conditions
[3] Consumer Disclosure Safe Harbor
[4] Charges for Disclosures
§ 6.04 Accuracy Disputes
§ 6.05 Adverse Actions
[1] Credit-Related Information
[2] Affiliate-Provided Information
[3] Compliance Procedures
§ 6.06 Furnishing Information to Reporting Agencies
§ 6.07 FCRA Civil Liability
[1] Willful FCRA Non-Compliance
[2] Negligent FCRA Non-Compliance
[3] Other FCRA Liability
§ 6.08 Administrative Enforcement
[1] Knowing FCRA Violations
[2] State FCRA Actions

CHAPTER 7
Health Data Privacy

§ 7.01 Health Insurance Portability and Accountability Act
§ 7.02 Health Data Standards
[1] HIPAA Electronic Data Exchange
[2] HIPAA Unique Health Identifiers
[3] HIPAA Code Sets
[4] HIPAA Security Standards
[5] HIPAA Electronic Signatures
[6] HIPAA Health Plan Data Transfers
§ 7.03 Health Information Privacy Standards
[1] Organizational Requirements
[2] HIPAA Security Safeguards
§ 7.04 HIPAA Information Use and Disclosure
[1] HIPAA Prohibited Information Use/Disclosure
[2] HIPAA Required Information Use/Disclosure
[3] HIPAA Minimum Information Disclosure
[4] HIPAA Agreed Upon Restrictions
[5] HIPAA De-identified Information
[6] HIPAA Disclosures to Business Associates
[7] HIPAA Confidentiality
§ 7.05 HIPAA Compliance and Liability

CHAPTER 8
Government Data Privacy

§ 8.01 E-Government Act
§ 8.02 Electronic Government Office
§ 8.03 Federal Agency E-Government Compliance
§ 8.04 E-Government Electronic Signatures § 8.05 Federal Information Portals
§ 8.06 E-Government Privacy
§ 8.07 Federal Information Security Management Act
[1] FISMA Director Responsibility
[2] FISMA Federal Agency Responsibility
[3] FISMA Annual Independent Evaluation
§ 8.08 E-Government Information Technology Management
[1] E-Government National Institute of Standards and Technology
[2] E-Government Information Security and Privacy Advisory Board

CHAPTER 9
Computer Crime

§ 9.01 Computer Fraud and Abuse Act
[1] Protected Computers
[2] Access
[3] Unauthorized Program Transmission
[4] Password Trafficking
[5] Extortion
[6] Attempt
[7] Sentencing
§ 9.02 USA Patriot Act
[1] CFAA Amendments
[2] Sunset Provisions
§ 9.03 State and Common Laws
[1] Trespass to Chattels
[2] Conversion
[3] Invasion of Privacy
[4] Official Immunity
§ 9.04 Draft Convention on Cybercrime
§ 9.05 Identity Theft
[1] Identity Theft Classification
[2] Identity Theft Statutory Duties
[3] Identity Theft Duty of Care
[4] Identity Theft and Assumption Deterrence Act
[5] The Fair and Accurate Credit Transactions Act

CHAPTER 10
Electronic Surveillance

§ 10.01 The Fourth Amendment
[1] Expectation of Privacy
[2] Warrants
[3] Electronic Search
[4] Digital Device Seizure
[5] Private vs. Government Actors
[6] Consent to Search
§ 10.02 The Wiretap Act
[1] The Electronic Communications Privacy Act
[2] Interception of Communications
[3] Disclosure by Electronic Communication Service Providers
[4] Interception Devices
[5] Wiretap Authorization
§ 10.03 The Stored Communications Act
[1] Unauthorized Access to Stored Communications
[2] Voluntary Disclosure
[3] Mandatory Disclosure
[4] Stored Communications Act Civil Actions
§ 10.04 The Pen Register and Trap and Trace Devices Act
[1] Pen/Trap Technology
[2] Pen/Trap Exceptions
[3] Pen/Trap Authorization
[4] Pen/Trap Remedies
§ 10.05 The Communications Assistance for Law Enforcement Act
[1] CALEA Capability Requirements
[2] CALEA Capacity Requirements
[3] CALEA Limitations
[4] CALEA Safe Harbor
[5] CALEA Enforcement Orders

CHAPTER 11
Intellectual Property

§ 11.01 Copyrights
[1] United States Constitution
[2] Copyright Act
[3] Digital Millennium Copyright Act
[4] “Super-DMCA” Laws
§ 11.02 Trade Secrets
[1] Uniform Trade Secrets Act
[2] Economic Espionage Act
§ 11.03 Patents
[1] United States Constitution
[2] Patent Act
[3] Trade Secrets Act
§ 11.04 Trademarks
[1] Trademark Act
[2] Anti-Cybersquatting Consumer Protection Act
[3] Uniform Domain Name Dispute Resolution Policy

CHAPTER 12
Regulation

§ 12.01 United States Government
[1] Executive Branch
[2] Congress
[3] Supreme Court
§ 12.02 Business Groups
[1] Consumer Groups
[2] Content Owners
[3] Content Distributors
[4] Technology Groups
[5] Civil Liberties Groups
§ 12.03 International Groups
[1] United Nations
[2] Organisation for Economic Cooperation and Development
[3] International Standards Organization
[4] European Union
[5] Interpol

INDEX