CISSP-ISSEP · Question #128
Which of the following acts is endorsed to provide a clear statement of the proscribed activity concerning computers to the law enforcement community, those who own and operate computers, and those te
The correct answer is A. Computer Fraud and Abuse Act. Computer Fraud and Abuse Act (CFAA) was enacted precisely to address the gap in law - it explicitly defines unauthorized computer access as a federal crime, giving law enforcement clear statutes to prosecute offenders, computer owners a legal basis for protection, and would-be at
Question
Which of the following acts is endorsed to provide a clear statement of the proscribed activity concerning computers to the law enforcement community, those who own and operate computers, and those tempted to commit crimes by unauthorized access to computers?
Options
- AComputer Fraud and Abuse Act
- BGovernment Information Security Reform Act (GISRA)
- CComputer Security Act
- DFederal Information Security Management Act (FISMA)
How the community answered
(59 responses)- A90% (53)
- B2% (1)
- C5% (3)
- D3% (2)
Explanation
Computer Fraud and Abuse Act (CFAA) was enacted precisely to address the gap in law - it explicitly defines unauthorized computer access as a federal crime, giving law enforcement clear statutes to prosecute offenders, computer owners a legal basis for protection, and would-be attackers fair warning of criminal consequences. It is the foundational U.S. criminal statute for computer-related offenses.
Why the others are wrong:
- GISRA (B) focused on requiring federal agencies to conduct security program reviews and report to Congress - it's a management/oversight law, not a criminal prohibition statute.
- Computer Security Act (C) aimed to improve security of federal computer systems and establish training standards; it addressed security practices, not criminal law enforcement definitions.
- FISMA (D) replaced GISRA and created a risk-management framework for federal information security programs - again, administrative/compliance-focused, not criminal law.
Memory tip: Think "CFAA = Crimes Forbidden, Arrests Authorized." If the question mentions law enforcement, criminal proscription, or unauthorized access as a crime, the answer is almost always the CFAA - it's the only one of these four that operates as criminal law rather than a security management or compliance framework.
Topics
Community Discussion
No community discussion yet for this question.