I wrote it quickly down during one of my ad-hoc conversations with a colleague. I had been preparing to CISSP that time, and I used it later in my preparations to CSSLP. From time to time, I come back to this cheat sheet. I decided to put it here for my and everyone's convenience. Enjoy!
- 4th amendment
Nobody can be unreasonably seized and attacked by police.
No unwarranted wiretapping.
- PATRIOT Act
But if you're maybe Alcaida, then the CIA can wiretap you (without a warrant).
If you access any computer, you are a bad guy, you are committing a crime... If you made a loss of $5000 and higher, I can sue you.
If you violate copyright, you are committing a crime. It applies to reverse engineering as well. But if copyrighted data is at rest, or in transit via ISP facilities, ISP is not liable (but you are).
It is a security of accounting of public companies.
- Privacy act of 1974
Federal agencies must protect PII of U.S. people.
Federal agencies must establish security according to NIST SP 800-53 controls.
Security of PFI (personal financial info). Annual "Privacy Notice" by email.
- PCI DSS
Credit card data touches your infrastructure? Take care about security and be compliant. More transactions and money - more fines if you fucked up.
Do you handle PII of European people? These people own their data. Be friendly and compliant!
Do you handle PII of California folks? Don't sell their data!.. Without concent.