Unformatted text preview: anies, have never had an account with them, nor have given them permission
to obtain personal information. These data aggregators compile, store, and sell personal information. One company (ChoicePoint) has approximately 19 billion records
of personal information.
It seems as though putting all of this information together would make sense. It
would be easier to obtain, have one centralized source, be extremely robust—and be
the delight of identity thieves everywhere. All they have to do is hack into one location
and get enough information to steal thousands of identities. One U.S.-based company,
LexisNexis, compiles and sells personal and financial data on U.S. consumers. Laws, Directives, and Regulations
Regulation in computer and information security covers many areas for many different
reasons. Some issues that require regulation are data privacy, computer misuse, software copyright, data protection, and controls on cryptography. These regulations can
be implemented in various arenas, such as government and private sectors for reasons
dealing with environmental protection, intellectual property, national security, personal privacy, public order, health and safety, and prevention of fraudulent activities. The Increasing Need for Privacy Laws
The following issues have increased the need for more privacy laws and governance:
• Data aggregation and retrieval technologies advancement
• Large data warehouses are continually being created full of private
• Loss of borders (globalization)
• Private data flows from country to country for many different
• Business globalization.
• Convergent technologies advancements
• Gathering, mining, distributing sensitive information. ch10.indd 866 12/4/2009 11:39:08 AM All-in-1 / CISSP All-in-One Exam Guide, 5th Ed. / Harris / 160217-8 Chapter 10: Legal, Regulations, Compliance, and Investigations 867
Security professionals have so much to keep up with these days, from understanding
how the latest worm attacks work and how to properly protect against them, to how new
versions of DoS attacks take place an...
View Full Document