nerdexam
(ISC)2

CISSP-ISSEP · Question #128

Which of the following acts is endorsed to provide a clear statement of the proscribed activity concerning computers to the law enforcement community, those who own and operate computers, and those te

The correct answer is A. Computer Fraud and Abuse Act. Computer Fraud and Abuse Act (CFAA) was enacted precisely to address the gap in law - it explicitly defines unauthorized computer access as a federal crime, giving law enforcement clear statutes to prosecute offenders, computer owners a legal basis for protection, and would-be at

Governance and Training

Question

Which of the following acts is endorsed to provide a clear statement of the proscribed activity concerning computers to the law enforcement community, those who own and operate computers, and those tempted to commit crimes by unauthorized access to computers?

Options

  • AComputer Fraud and Abuse Act
  • BGovernment Information Security Reform Act (GISRA)
  • CComputer Security Act
  • DFederal Information Security Management Act (FISMA)

How the community answered

(59 responses)
  • A
    90% (53)
  • B
    2% (1)
  • C
    5% (3)
  • D
    3% (2)

Explanation

Computer Fraud and Abuse Act (CFAA) was enacted precisely to address the gap in law - it explicitly defines unauthorized computer access as a federal crime, giving law enforcement clear statutes to prosecute offenders, computer owners a legal basis for protection, and would-be attackers fair warning of criminal consequences. It is the foundational U.S. criminal statute for computer-related offenses.

Why the others are wrong:

  • GISRA (B) focused on requiring federal agencies to conduct security program reviews and report to Congress - it's a management/oversight law, not a criminal prohibition statute.
  • Computer Security Act (C) aimed to improve security of federal computer systems and establish training standards; it addressed security practices, not criminal law enforcement definitions.
  • FISMA (D) replaced GISRA and created a risk-management framework for federal information security programs - again, administrative/compliance-focused, not criminal law.

Memory tip: Think "CFAA = Crimes Forbidden, Arrests Authorized." If the question mentions law enforcement, criminal proscription, or unauthorized access as a crime, the answer is almost always the CFAA - it's the only one of these four that operates as criminal law rather than a security management or compliance framework.

Topics

#Computer Law#Cybercrime Legislation#CFAA

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSEP Practice