Cybersecurity Law, 2nd Edition

Cybersecurity Law, 2nd Edition

by Jeff Kosseff
Released November 2019
Publisher(s): Wiley
ISBN: 9781119517207

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

The second edition of the definitive guide to cybersecurity law, updated to reflect recent legal developments

The revised and updated second edition of Cybersecurity Law offers an authoritative guide to the key statutes, regulations, and court rulings that pertain to cybersecurity. Written by an experienced cybersecurity lawyer and law professor, the second edition includes new and expanded information that reflects the latest changes in laws and regulations. The book includes material on recent FTC data security consent decrees and data breach litigation.

Topics covered reflect new laws, regulations, and court decisions that address financial sector cybersecurity, the law of war as applied to cyberspace, and recently updated guidance for public companies’ disclosure of cybersecurity risks. This important guide:

  • Provides a new appendix, with 15 edited opinions covering a wide range of cybersecurity-related topics, for students learning via the caselaw method
  • Includes new sections that cover topics such as: compelled access to encrypted devices, New York’s financial services cybersecurity regulations, South Carolina’s insurance sector cybersecurity law, the Internet of Things, bug bounty programs, the vulnerability equities process, international enforcement of computer hacking laws, the California Consumer Privacy Act, and the European Union’s Network and Information Security Directive
  • Contains a new chapter on the critical topic of law of cyberwar
  • Presents a comprehensive guide written by a noted expert on the topic
  • Offers a companion Instructor-only website that features discussion questions for each chapter and suggested exam questions for each chapter 

Written for students and professionals of cybersecurity, cyber operations, management-oriented information technology (IT), and computer science, Cybersecurity Law, Second Edition is the up-to-date guide that covers the basic principles and the most recent information on cybersecurity laws and regulations.

JEFF KOSSEFF is Assistant Professor of Cybersecurity Law at the United States Naval Academy in Annapolis, Maryland. He was a finalist for the Pulitzer Prize, and a recipient of the George Polk Award for national reporting.

 

Table of contents

  1. Cover
  2. About the Author
  3. Acknowledgment and Disclaimers
  4. Foreword to the Second Edition (2019)
  5. Introduction to First Edition
  6. About the Companion Website
  7. 1 Data Security Laws and Enforcement Actions
    1. 1.1 FTC Data Security
    2. 1.2 State Data Breach Notification Laws
    3. 1.3 State Data Security Laws
    4. 1.4 State Data Disposal Laws
  8. 2 Cybersecurity Litigation
    1. 2.1 Article III Standing
    2. 2.2 Common Causes of Action Arising from Data Breaches
    3. 2.3 Class Action Certification in Data Breach Litigation
    4. 2.4 Insurance Coverage for Cybersecurity Incidents
    5. 2.5 Protecting Cybersecurity Work Product and Communications from Discovery
  9. 3 Cybersecurity Requirements for Specific Industries
    1. 3.1 Financial Institutions: Gramm‐Leach‐Bliley Act Safeguards Rule
    2. 3.2 New York Department of Financial Services Cybersecurity Regulations
    3. 3.3 Financial Institutions and Creditors: Red Flags Rule
    4. 3.4 Companies that Use Payment and Debit Cards: Payment Card Industry Data Security Standard (PCI DSS)
    5. 3.5 California Internet of Things Cybersecurity Law
    6. 3.6 Health Providers: Health Insurance Portability and Accountability Act (HIPAA) Security Rule
    7. 3.7 Electric Transmission: Federal Energy Regulatory Commission Critical Infrastructure Protection Reliability Standards
    8. 3.8 Nuclear Regulatory Commission Cybersecurity Regulations
    9. 3.9 South Carolina Insurance Cybersecurity Law
  10. 4 Cybersecurity and Corporate Governance
    1. 4.1 Securities and Exchange Commission Cybersecurity Expectations for Publicly Traded Companies
    2. 4.2 Fiduciary Duty to Shareholders and Derivative Lawsuits Arising from Data Breaches
    3. 4.3 Committee on Foreign Investment in the United States and Cybersecurity
  11. 5 Anti‐Hacking Laws
    1. 5.1 Computer Fraud and Abuse Act
    2. 5.2 State Computer Hacking Laws
    3. 5.3 Section 1201 of the Digital Millennium Copyright Act
    4. 5.4 Economic Espionage Act
    5. 5.5 Budapest Convention on Cybercrime
  12. 6 U.S. Government Cyber Structure and Public–Private Cybersecurity Partnerships
    1. 6.1 U.S. Government's Civilian Cybersecurity Organization
    2. 6.2 Department of Homeland Security Information Sharing under the Cybersecurity Act of 2015
    3. 6.3 Critical Infrastructure Executive Order and the National Institute of Standards and Technology's Cybersecurity Framework
    4. 6.4 U.S. Military Involvement in Cybersecurity and the Posse Comitatus Act
    5. 6.5 Vulnerabilities Equities Process
  13. 7 Surveillance and Cyber
    1. 7.1 Fourth Amendment
    2. 7.2 Electronic Communications Privacy Act
    3. 7.3 Communications Assistance for Law Enforcement Act (CALEA)
    4. 7.4 Encryption and the All Writs Act
    5. 7.5 Encrypted Devices and the Fifth Amendment
  14. 8 Cybersecurity and Federal Government Contractors
    1. 8.1 Federal Information Security Management Act
    2. 8.2 NIST Information Security Controls for Government Agencies and Contractors
    3. 8.3 Classified Information Cybersecurity
    4. 8.4 Covered Defense Information and Controlled Unclassified Information
  15. 9 Privacy Laws
    1. 9.1 Section 5 of the FTC Act and Privacy
    2. 9.2 Health Insurance Portability and Accountability Act
    3. 9.3 Gramm‐Leach‐Bliley Act and California Financial Information Privacy Act
    4. 9.4 CAN‐SPAM Act
    5. 9.5 Video Privacy Protection Act
    6. 9.6 Children's Online Privacy Protection Act
    7. 9.7 California Online Privacy Laws
    8. 9.8 California Consumer Privacy Act
    9. 9.9 Illinois Biometric Information Privacy Act
  16. 10 International Cybersecurity Law
    1. 10.1 European Union
    2. 10.2 Canada
    3. 10.3 China
    4. 10.4 Mexico
    5. 10.5 Japan
  17. 11 Cyber and the Law of War
    1. 11.1 Was the Cyberattack a “Use of Force” that Violates International Law?
    2. 11.2 If the Attack Was a Use of Force, Was that Force Attributable to a State?
    3. 11.3 Did the Use of Force Constitute an “Armed Attack” that Entitles the Target to Self‐Defense?
    4. 11.4 If the Use of Force Was an Armed Attack, What Types of Self‐Defense Are Justified?
    5. 11.5 If the Nation Experiences Hostile Cyber Actions that Fall Short of Use of Force or Armed Attacks, What Options Are Available?
  18. Appendix A: Text of Section 5 of the FTC Act
    1. [15 U.S.C.] §45. Unfair methods of competition unlawful; prevention by Commission
  19. Appendix B: Summary of State Data Breach Notification Laws
    1. Alabama
    2. Alaska
    3. Arizona
    4. Arkansas
    5. California
    6. Colorado
    7. Connecticut
    8. Delaware
    9. District of Columbia
    10. Florida
    11. Georgia
    12. Hawaii
    13. Idaho
    14. Illinois
    15. Indiana
    16. Iowa
    17. Kansas
    18. Kentucky
    19. Louisiana
    20. Maine
    21. Maryland
    22. Massachusetts
    23. Michigan
    24. Minnesota
    25. Mississippi
    26. Missouri
    27. Montana
    28. Nebraska
    29. Nevada
    30. New Hampshire
    31. New Jersey
    32. New Mexico
    33. New York
    34. North Carolina
    35. North Dakota
    36. Ohio
    37. Oklahoma
    38. Oregon
    39. Pennsylvania
    40. Rhode Island
    41. South Carolina
    42. South Dakota
    43. Tennessee
    44. Texas
    45. Utah
    46. Vermont
    47. Virginia
    48. Washington State
    49. West Virginia
    50. Wisconsin
    51. Wyoming
  20. Appendix C: Text of Section 1201 of the Digital Millennium Copyright Act
    1. 17 U.S.C. §1201. Circumvention of copyright protection systems
  21. Appendix D: Text of the Computer Fraud and Abuse Act
    1. § 1030. Fraud and related activity in connection with computers
  22. Appendix E: Text of the Electronic Communications Privacy Act
    1. Title I (Wiretap Act), 18 U.S.C §§ 2510–2523
    2. Title II (Stored Communications Act), 18 U.S.C. §§ 2701–2713
    3. Title III (Pen Registers and Trap and Trace Devices), 18 U.S.C. §§ 3121–3127
  23. Appendix F: Key Cybersecurity Court Opinions
  24. Index
  25. End User License Agreement

Product information

  • Title: Cybersecurity Law, 2nd Edition
  • Author(s): Jeff Kosseff
  • Release date: November 2019
  • Publisher(s): Wiley
  • ISBN: 9781119517207