•    Employment
  •    Academia
  •    Research
    • NICE Framework
    • CAE Program

Policy, Legal, Ethics, and Compliance

The intent of the Policy, Legal, Ethics, and Compliance Knowledge Unit is to provide students with and understanding of information assurance in context and the rules and guidelines that control them.

Topics

  1. Payment Card Industry Data Security Standard (PCI DSS)
  2. Federal Laws and Authorities d. Privacy (COPPA) HIPAA / FERPA
  3. Federal Laws and Authorities a. Computer Security Act b. Sarbanes – Oxley c. Gramm – Leach – Bliley d. Privacy (COPPA) HIPAA / FERPA e. USA Patriot Act f. Americans with Disabilities Act, Section 508 g. Other Federal laws and regulations
  4. Federal Laws and Authorities
  5. Federal Laws and Authorities a. Computer Security Act b. Sarbanes – Oxley c. Gramm – Leach – Bliley d. Privacy (COPPA) HIPAA / FERPA e. USA Patriot Act f. Americans with Disabilities Act, Section 508 g. Other Federal laws and regulations
  6. d. Privacy (COPPA) HIPAA / FERPA
  7. State, US and international standards / jurisdictions
  8. Privacy (COPPA) HIPAA / FERPA
  9. Federal Laws and Authorities a. Computer Security Act b. Sarbanes – Oxley c. Gramm – Leach – Bliley d. Privacy (COPPA) HIPAA / FERPA e. USA Patriot Act f. Americans with Disabilities Act, Section 508 g. Other Federal laws and regulations

Outcomes

  1. List the applicable laws and policies related to cyber defense and describe the major components of each pertaining to the storage and transmission of data.
  2. Describe their responsibilities related to the handling of data as it pertains to legal, ethical and/or agency auditing issues.
  3. Describe how the type of legal dispute (civil, criminal, private) affects the evidence used to resolve it.
  4. Federal Laws and Authorities
  5. State, US and international standards / jurisdictions
  6. Payment Card Industry Data Security Standard (PCI DSS)
  7. BYOD issues
  8. Describe their responsibilities related to the handling of data as it pertains to legal, ethical and/or agency auditing issues
  9. List the applicable laws and policies related to cyber defense and describe the major components of each pertaining to the storage and transmission of data
  10. Federal Laws and Authorities a. Computer Security Act b. Sarbanes – Oxley c. Gramm – Leach – Bliley d. Privacy (COPPA) HIPAA / FERPA e. USA Patriot Act f. Americans with Disabilities Act, Section 508 g. Other Federal laws and regulations
  11. Describe how the type of legal dispute (civil, criminal, private) affects the evidence used to resolve it.

KSA-T

Below are the Knowledge, Skills, Abilities and Tasks (KSA-T) identified as being required to perform this work role.
Learn More about the KAS-T's.

  • Knowledge
  • Skills
  • Abilities
  • Tasks
ID DESCRIPTION
K0261 Knowledge of Payment Card Industry (PCI) data security standards.
K0260 Knowledge of Personally Identifiable Information (PII) data security standards.
K0107 Knowledge of Insider Threat investigations, reporting, investigative tools and laws/regulations.
K0003 Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
K0411 Knowledge of cyber laws and legal considerations and their effect on cyber planning.
K0262 Knowledge of Personal Health Information (PHI) data security standards.
K0168 Knowledge of applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures.
K0267 Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures.
ID DESCRIPTION
ID DESCRIPTION
A0113 Ability to determine whether a security incident violates a privacy principle or legal standard requiring specific legal action.
ID DESCRIPTION