Page 1516 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1516
Chapter 4: Laws, Regulations, and Compliance
1. C. The Computer Fraud and Abuse Act, as amended, provides
criminal and civil penalties for individuals convicted of using
viruses, worms, Trojan horses, and other types of malicious code to
cause damage to computer systems.
2. A. The Federal Information Security Management Act (FISMA)
includes provisions regulating information security at federal
agencies. It places authority for classified systems in the hands of
the National Security Agency (NSA) and authority for all other
systems with the National Institute for Standards and Technology
(NIST).
3. D. Administrative laws do not require an act of the legislative
branch to implement at the federal level. Administrative laws
consist of the policies, procedures, and regulations promulgated by
agencies of the executive branch of government. Although they do
not require an act of Congress, these laws are subject to judicial
review and must comply with criminal and civil laws enacted by the
legislative branch.
4. C. The National Institute of Standards and Technology (NIST) is
charged with the security management of all federal government
computer systems that are not used to process sensitive national
security information. The National Security Agency (part of the
Department of Defense) is responsible for managing systems that
do process classified and/or sensitive information.
5. C. The original Computer Fraud and Abuse Act of 1984 covered
only systems used by the government and financial institutions.
The act was broadened in 1986 to include all federal interest
systems. The Computer Abuse Amendments Act of 1994 further
amended the CFAA to cover all systems that are used in interstate
commerce, including a large portion (but not all) of the computer
systems in the United States.
