Экология. НОВ.2019_Сборник_контрольных_работ_для_заочников_ФЗО_1. Технологический университет
 Скачать 1.02 Mb.
|
Вариант 3 для направления подготовки 10.03.01 Информационная безопасностьПрочитайте и письменно переведите текст на русский язык. LEGAL AND REGULATORY ISSUES The deployment of IoT devices on the public open Internet introduces some immediateconcerns from a regulatory and legal perspective. Some of these concerns have never existed before. With regulatory compliance throughout the United States now in full effect for many vertical industries, how are users and businesses to deploy IoT-centric devices and solutions in a compliant manner? This poses an interesting question for those vertical industries under a compliance law such as HIPAA for healthcare, FERPA for higher education, FISMA for the federal government, the Federal Financial Institutions Examination Council (FFIEC) for banking and finance, and PCI DSS v3.1.1 as a standard to follow for secure credit card transaction processing. With regulatory compliance, we are concerned about properly handling sensitive data and ensuring its confidentiality. Sensitive data are uniquely defined for users and individuals under these compliance laws. But what about IoT device data? IoT devices use the Internet to communicate. Depending on where the server or IoT application resides, your IoT data are traversing physical networks and crossing state boundaries. That means your private data are subject to the privacy laws of the state you live in as well as the state that the IoT hosting company resides in. It is this movement of data that can quickly cause a legal issue. If the IoT data are classified to be private data or sensitive data protected under regulatory compliance, that IoT vendor or solutions provider is required to adhere to security control requirements and data protection laws as needed. This cross-border data movement is not new to the Internet. What is new is that IoT devices can share and communicate your IoT device data to other systems and applications without your authorization or knowledge. This complicates the privacy issue because the data can cross state borders without your knowledge or approval at times. Who is collecting your IoT device data? Who is collecting your behavior patterns throughout your IoT devices? What is the collector doing with your IoT device and behavior data? This is a brand-new legal and privacy issue with IoT data discrimination. The data collected from your IoT devices tell a specific story about you and your use of that IoT device. These data can be used for good things as well as used against you in a discriminating manner. Depending on the third-party right-to-use clauses, IoT vendors and ASPs may be using your data or metadata in a manner that may be discriminatory toward you. These can even include data about where you travel or eat and what you do for entertainment. Metadata can be accumulated and sold to other companies seeking demographic marketing data about you and your spending habits. How valuable is this information to the other company? Does the IoT or device-tracking application vendor have the right to sell your metadata information? When engaging globally with other individuals from other countries, which laws apply to that person’s privacy such that security controls may or may not be required? Finally, what about IoT device liability? What if your IoT device is used for healthcare monitoring and alerts/alarms, but there is a malfunction? If someone is injured or killed as a result of a faulty IoT device, does the limitation of liability come from the IoT device manufacturer, the ASP, or whom? Manufacturers have no way of knowing how that IoT device will be used by the owner. What if that device is used to commit or aid in a crime or robbery? If a hacker can compromise a home IoT security system and video camera system and then rob that house while the owners are away, who is liable for this actual robbery and loss of possessions? What if an IoT device is used to compromise access to other IT systems, applications, and data using the vulnerable IoT device as a launch pad? These examples demonstrate the potential liabilities that may occur using IoT devices in the real world. Current liability laws and protection may or may not address IoT devices connected to the public Internet. How can we stay ahead of this legal and regulatory compliance curve? This is not an easy task. Assessing legal implications of IoT devices and their implementations must address privacy rights of individuals first. This must be followed by an understanding of what is acceptable and unacceptable from a liability perspective for businesses involved in IoT device manufacturing or solutions. (English for Computer Science Students: учеб. пособие / Сост. Т. В. Смирнова, М. В. Юдельсон; науч. ред. Н. А. Дударева) II. Задайте к каждому абзацу 3 специальных вопроса. III. Найдите абзац, в котором выражена основная идея текста. IV. Напишите краткий план текста на английском языке. |